Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkits implicated in Flash BSODs and uncooperative dump file


  • This topic is locked This topic is locked
25 replies to this topic

#1 RisingManes

RisingManes

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 18 July 2013 - 01:26 PM

I initially posted in the Windows 7 forum thinking that my Flash BSODs were user error. Turns out it isn't the kind of user error that results from mucking around with vital files.

 

It all started with that Flash-related BSOD. A few posts and 3 malware-removal sweeps later, I find 12 pieces of malware, 3 of which were found by TDSSKiller and 4 of which are from a polluted file I accidentally visited. This is where I stand:

 

  • Flash stability appears to have improved since the cursory removal. However, one screengrab toward the end shows Firefox isn't displaying items as it should.
  • The minidump file is still uncooperative. Cannot move it, cannot copy it, Safe Mode doesn't work.
  • SystemPropertiesPerformance.exe has been showing up at startup ever since my father reseated the processor... I don't recall the exact date.

Attached are the requested dds and attach files

 

.

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/12/2010 3:32:58 PM
System Uptime: 7/18/2013 1:51:06 PM (1 hours ago)
.
Motherboard: Gateway |  | DX4840
Processor: Intel® Core™ i5 CPU         650  @ 3.20GHz | CPU 1 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 909 GiB total, 478.887 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&DC382E&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&DC382E&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP420: 7/13/2013 9:33:54 PM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
RP421: 7/13/2013 9:34:18 PM - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
RP422: 7/13/2013 9:34:56 PM - Installed DirectX
RP423: 7/14/2013 1:46:51 AM - Restore Operation
RP424: 7/16/2013 1:13:24 AM - Flash sucks
.
==== Installed Programs ======================
.
µTorrent
3DMark
7-Zip 9.20 (x64 edition)
Acrobat.com
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader XI (11.0.03)  MUI
Adobe Setup
Adobe Shockwave Player 12.0
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advertising Center
AHV content for Acrobat and Flash
Akamai NetSession Interface
Akamai NetSession Interface Service
Audacity 1.2.6
Auslogics BoostSpeed
Auslogics Disk Defrag
avast! Free Antivirus
Backup Manager Advance
Bamboo
Bandisoft MPEG-1 Decoder
Bejeweled 2 Deluxe
Blackhawk Striker 2
Blender
Bob the Builder Can-Do-Zoo
BOSS
Build-a-lot 2
Castle Crashers
CCleaner
CDisplay 1.8
Celtx (2.5.1)
Compatibility Pack for the 2007 Office system
Content Manager Assistant for PlayStation®
Creation Kit
CyberLink PowerDVD 9
D3DX10
Dark Souls: Prepare to Die Edition
DivX Setup
DMs Toolkit 1.2.0
e-Sword
Escape Rosecliff Island
Faerie Solitaire
FATE - The Traitor Soul
ffdshow v1.1.3516 [2010-07-25]
FileZilla Client 3.5.3
FINAL FANTASY XIV - A Realm Reborn (Beta Version)
Futuremark SystemInfo
GameBoost
Gateway Game Console
Gateway Games
Gateway InfoCentre
Gateway MyBackup
Gateway Photo Frame 4.2.3.10
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
GIMP 2.6.11
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GTK2-Runtime
Guild Wars 2
Gyazo 1.0
HandBrake 0.9.8
Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973)
Hotkey Utility
Identity Card
ImagXpress
Intel® Matrix Storage Manager
iPhoneBrowser
Java 7 Update 25
Java Auto Updater
Jewel Quest Solitaire 3
Junk Mail filter update
Kingdoms of Amalur Reckoning-=AviaRa=- 1.0.0.2
League of Legends
Lexmark 6500 Series
Livestream Procaster
LogMeIn Hamachi
LOLReplay
Mabinogi
Mabinogi Frontend
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
MCSkin3D version 1.4
Messenger Plus! 6
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Help Viewer 1.0
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Works
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft XNA Game Studio 4.0
Microsoft XNA Game Studio 4.0 (ARP entry)
Microsoft XNA Game Studio 4.0 (Redists)
Microsoft XNA Game Studio 4.0 (Shared Components)
Microsoft XNA Game Studio 4.0 (Visual Studio)
Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
Microsoft XNA Game Studio 4.0 Documentation
Microsoft XNA Game Studio Platform Tools
mIRC
ModPlug Player
Monopoly
Morrowind
Morrowind mod manager 0.8.4
MotioninJoy Gamepad tool 0.7.1001
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.49
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery P.I. - Lost in Los Angeles
NCsoft Launcher
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Neverwinter
Nexon Game Manager
Nexus Mod Manager
Nightsky
NVIDIA 3D Vision Controller Driver 314.22
NVIDIA 3D Vision Driver 314.22
NVIDIA Control Panel 314.22
NVIDIA Display Control Panel
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 314.22
NVIDIA HD Audio Driver 1.3.23.1
NVIDIA Install Application
NVIDIA Photoshop Plug-ins 64 bit
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 4.11.9
NVIDIA Update Components
Oblivion
Oblivion - Construction Set
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Spell Tomes
Oblivion - Wizard's Tower
Oblivion mod manager 1.1.12
OpenAL
OpenOffice.org 3.4.1
Paint.NET v3.5.10
PDF Settings
PeerBlock 1.1 (r518)
Penguins!
PESTERCHUM
Pidgin
PingPlotter Standard 3.40.0s
Plants vs Zombies
Plants vs. Zombies
Polar Bowler
Polar Golfer
Portal
Portal 2
Psychonauts
PVSonyDll
Python 2.7 comtypes-0.6.2
Python 2.7 pywin32-217
Python 2.7.2
Ragnarok Online 2
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Remember Me
Rock of Ages
Scrabble Plus
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
Skype Click to Call
Skype™ 6.3
Space Quest 1+2+3
Speccy
SpywareBlaster 5.0
Sql Server Customer Experience Improvement Program
Startup Delayer v3.0 (build 323)
Steam
Stranded II 1.0.0.1
swMSM
System Requirements Lab
TalonRO Client 1.0.0
taskTome
TeamSpeak 3 Client
TERA
Terraria
TES Construction Set
The Elder Scrolls V: Skyrim
The Price is Right
The Witcher: Enhanced Edition
They Bleed Pixels
To the Moon
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client for Windows x64
Virtual Families
Virtual Villagers - A New Home
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.6
War Thunder Launcher 1.0.1.246
Warframe
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Welcome Center
Winamp
Winamp Detector Plug-in
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinDS PRO 2013.4
WinDS PRO Apps 1.1
WinRAR archiver
Wrye Bash
wxPython 2.8.12.1 (ansi) for Python 2.7
wxPython 2.8.12.1 (unicode) for Python 2.7
Yahtzee
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
7/18/2013 9:53:21 AM, Error: Service Control Manager [7031]  - The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/18/2013 2:35:32 AM, Error: nvlddmkm [14]  -
7/18/2013 1:53:36 PM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
7/18/2013 1:53:36 PM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
7/18/2013 1:53:36 PM, Error: Microsoft-Windows-PNRPSvc [102]  - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
7/18/2013 1:51:31 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the lxdfCATSCustConnectService service to connect.
7/18/2013 1:51:31 PM, Error: Service Control Manager [7000]  - The lxdfCATSCustConnectService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/18/2013 1:51:11 PM, Error: volmgr [46]  - Crash dump initialization failed!
7/17/2013 8:36:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/17/2013 8:36:55 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/17/2013 8:36:53 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/17/2013 8:36:53 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/17/2013 8:36:52 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/17/2013 8:36:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/17/2013 8:36:35 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC discache NetBIOS NetBT nm3 nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
7/17/2013 8:36:35 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 8:36:35 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 8:36:35 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 8:36:35 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 8:36:35 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 8:36:35 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 8:36:35 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 8:36:35 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 8:36:35 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/17/2013 3:56:27 AM, Error: Service Control Manager [7000]  - The cpuz136 service failed to start due to the following error:  The system cannot find the path specified.
7/17/2013 2:51:38 PM, Error: Service Control Manager [7001]  - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 2:51:19 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  aswRvrt aswSnx aswSP aswTdi aswVmm discache spldr Wanarpv6
7/17/2013 2:48:08 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/17/2013 2:34:02 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/17/2013 10:30:26 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/17/2013 10:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
7/17/2013 10:30:26 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/14/2013 2:48:04 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/14/2013 11:43:39 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the nvsvc service.
7/13/2013 12:44:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000117 (0xfffffa800b74e4e0, 0xfffff880059fbe30, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\071313-22604-01.dmp. Report Id: 071313-22604-01.
7/11/2013 6:13:51 PM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/11/2013 2:12:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================
 

 

.

Attached Files


Edited by hamluis, 21 July 2013 - 11:02 AM.
Posted DDS content into topic - Hamluis.


BC AdBot (Login to Remove)

 


#2 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 19 July 2013 - 09:27 PM

Quick update saying that Flash crashed my computer again. Also saying that I would like some help with this.

 

This is the site where I crashed:

http://www.bbc.co.uk/news/health-23382485

 

UPDATE: I have realized that Windows is not making a pagefile.sys at all. This would explain why it kept nagging me, and ultimately why my dump files aren't working anymore.

 

UPDATE 2: Some of my files are getting suddenly marked with Read-Only. Also, I found that Windows Defender isn't working, and hasn't been for two years.

 

---------------------------
Windows Defender
---------------------------
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.  (Error Code: 0x80070422)
---------------------------
OK   
---------------------------

 

---------------------------
Services
---------------------------
Windows could not start the Windows Defender service on Local Computer.

Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
---------------------------
OK   
---------------------------
 

Update 3: I don't intend to bump so much as log the behavior of my computer. Firefox magically took itself out as the default browser.


Edited by RisingManes, 20 July 2013 - 06:15 PM.


#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 AM

Posted 23 July 2013 - 01:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/501491 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 23 July 2013 - 03:02 PM

Greetings, and thank you for having the HelpBot system in place.

 

The problem has been that I have been getting System Performance Options popping up at every startup, as well as BSOD'ing when viewing Flash. After posting a tech support thread, I discovered that I had several rootkits in my system, and was advised to post here.

 

In the interim, I have installed Unlocker.exe and renamed NPSWF32.dll, located in C:\Windows\SysWOW64, to NPSWF32.dll.old to prevent Firefox from using it. I have also attempted to install libusb-win32 for an unrelated issue.

http://sourceforge.net/apps/trac/libusb-win32/

 

I have also tracked down my missing pagefile.sys to a missing afs.sys. Windows Defender is also missing.

 

I do not have the original CD, but I do have a recovery section.

 

Some software changes took place. Please review.

Attached Files


Edited by RisingManes, 23 July 2013 - 03:18 PM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:00 PM

Posted 24 July 2013 - 07:51 AM

Hello, my name is Elise and I'll assist you with the problems you're having.


Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.



I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Microsoft Security Essentials..


We need to run a scan with Combofix:
  • Please go to the download page for ComboFix by sUBs.
  • Click the Download Now button pictured below and save the file to your desktop:

    download.png
  • Disable any anti-virus and/or firewall software you have installed.
    instructions can be found here if needed
  • Close all open windows including your web browser
    as mentioned in the first post, you may want to print out all instructions before starting
  • Double-click on the ComboFix icon on your desktop. cf-icon.jpg
  • Read the Disclaimer and click I Agree if you want to run the software, then you should see a window like the one below:

    cf-preparing.jpg
  • DO NOT use your computer while ComboFix is running. There are a lot of things going on behind the scenes and a single mouse click can cause the program to stall.

    However, if you see the prompt below, please click Yes to download the Microsoft Windows Recovery Console.

    recovery-console-prompt.jpg

    If an Internet connection is not available or you choose not to install the recovery console, ComboFix will run in Reduced Functionality mode
  • Allow ComboFix to reboot the computer if necessary, it will run again after you log back in.
  • When complete, a log file will be displayed, please copy and paste the contents of this file into your next post.

    cf-log.jpg
More information about downloading and using ComboFix can be found here if needed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 24 July 2013 - 11:21 AM

"Gaming sites"? Does this include, then, F2P MMOs?

 

ComboFix 13-07-24.02 - Lamira 07/24/2013  11:59:12.4.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8183.6372 [GMT -4:00]
Running from: c:\users\Lamira\Downloads\Installations\Programs\ComboFix3.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-24 to 2013-07-24  )))))))))))))))))))))))))))))))
.
.
2013-07-24 16:09 . 2013-07-24 16:09    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-07-24 16:09 . 2013-07-24 16:09    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-07-24 16:09 . 2013-07-24 16:09    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2013-07-23 06:23 . 2013-07-23 06:23    --------    d-----w-    c:\users\Lamira\AppData\Local\ElevatedDiagnostics
2013-07-23 06:14 . 2013-07-23 06:14    --------    d-----w-    c:\program files (x86)\Sony
2013-07-21 05:40 . 2013-07-21 05:40    --------    d-----w-    c:\programdata\Picroma
2013-07-21 02:00 . 2013-07-21 02:00    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 02:00 . 2013-07-21 02:00    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-21 02:00 . 2013-07-21 02:00    --------    d-----w-    c:\windows\SysWow64\Macromed
2013-07-21 02:00 . 2013-07-21 02:00    --------    d-----w-    c:\windows\system32\Macromed
2013-07-20 23:41 . 2013-07-20 23:42    --------    d-----w-    c:\program files\Unlocker
2013-07-20 23:41 . 2013-07-21 01:00    --------    d-----w-    c:\users\Lamira\AppData\Roaming\BabSolution
2013-07-20 23:41 . 2013-07-20 23:41    --------    d-----w-    c:\users\Lamira\AppData\Roaming\Babylon
2013-07-20 23:41 . 2013-07-20 23:41    --------    d-----w-    c:\programdata\Babylon
2013-07-20 19:31 . 2013-07-20 19:42    --------    d-----w-    C:\ComboFix2
2013-07-18 06:26 . 2013-07-18 06:26    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-07-17 07:56 . 2013-07-17 07:56    --------    d-----w-    c:\program files\Speccy
2013-07-14 17:00 . 2013-07-14 17:00    --------    d-----w-    c:\users\Lamira\AppData\Roaming\com.shirogames.evoland
2013-07-14 06:54 . 2013-07-14 06:54    --------    d-----w-    c:\users\Lamira\AppData\Roaming\NVIDIA
2013-07-14 06:54 . 2013-07-17 11:12    --------    d-----w-    c:\program files (x86)\GPU-Z
2013-07-14 06:47 . 2013-07-14 06:47    --------    d-----w-    c:\programdata\NVIDIA Corporation
2013-07-14 01:37 . 2013-07-14 01:37    --------    d-----w-    c:\users\Lamira\AppData\Local\Futuremark
2013-07-14 01:37 . 2013-07-14 01:37    --------    d-----w-    c:\users\Lamira\AppData\Local\IsolatedStorage
2013-07-14 01:33 . 2013-07-14 01:33    --------    d-----w-    c:\program files (x86)\Futuremark
2013-07-13 16:51 . 2013-07-20 02:21    --------    d-----w-    c:\users\UpdatusUser
2013-07-13 07:09 . 2013-07-13 07:12    --------    d-----w-    c:\windows\system32\MRT
2013-07-13 07:08 . 2011-09-23 01:06    109416    ----a-w-    c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-07-13 07:08 . 2011-09-22 21:18    73064    ----a-w-    c:\windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.3.5500.0.dll
2013-07-13 07:08 . 2011-09-23 01:07    105832    ----a-w-    c:\windows\system32\SQSRVRES.DLL
2013-07-13 07:08 . 2013-07-13 07:08    --------    d-----w-    c:\program files (x86)\Microsoft Visual Studio 9.0
2013-07-13 07:07 . 2013-07-13 07:07    --------    d-----w-    c:\program files\Microsoft.NET
2013-07-12 23:51 . 2013-06-21 12:06    572704    ----a-w-    c:\windows\system32\NvFBC64.dll
2013-07-12 23:51 . 2013-06-21 12:06    570656    ----a-w-    c:\windows\system32\NvIFR64.dll
2013-07-12 23:51 . 2013-06-21 12:06    467232    ----a-w-    c:\windows\SysWow64\NvIFR.dll
2013-07-12 23:51 . 2013-06-21 12:06    465184    ----a-w-    c:\windows\SysWow64\NvFBC.dll
2013-07-12 23:51 . 2013-06-21 12:06    1832224    ----a-w-    c:\windows\system32\nvdispco6432049.dll
2013-07-12 23:51 . 2013-06-21 12:06    1511712    ----a-w-    c:\windows\system32\nvdispgenco6432049.dll
2013-07-12 23:51 . 2013-03-15 05:53    2864144    ----a-w-    c:\windows\system32\nvapi64.dll
2013-07-12 23:51 . 2013-03-15 05:53    2539128    ----a-w-    c:\windows\SysWow64\nvapi.dll
2013-07-12 23:51 . 2013-03-15 05:53    15508512    ----a-w-    c:\windows\system32\nvwgf2umx.dll
2013-07-12 23:51 . 2013-03-15 05:53    15042928    ----a-w-    c:\windows\SysWow64\nvd3dum.dll
2013-07-12 23:49 . 2013-03-15 04:16    3477280    ----a-w-    c:\windows\system32\nvsvc64.dll
2013-07-12 23:49 . 2013-03-15 04:16    6398240    ----a-w-    c:\windows\system32\nvcpl.dll
2013-07-12 23:49 . 2013-03-15 04:16    877856    ----a-w-    c:\windows\system32\nvvsvc.exe
2013-07-12 23:49 . 2013-03-15 04:16    63776    ----a-w-    c:\windows\system32\nvshext.dll
2013-07-12 23:49 . 2013-03-15 04:16    237856    ----a-w-    c:\windows\system32\nvmctray.dll
2013-07-12 23:48 . 2013-06-21 12:06    61216    ----a-w-    c:\windows\system32\OpenCL.dll
2013-07-12 23:48 . 2013-06-21 12:06    53024    ----a-w-    c:\windows\SysWow64\OpenCL.dll
2013-07-12 23:18 . 2013-07-12 23:18    --------    d-----w-    c:\program files (x86)\GUMF518.tmp
2013-07-11 18:12 . 2013-07-21 01:51    --------    d-----w-    c:\windows\SysWow64\Adobe
2013-07-10 20:06 . 2013-05-27 05:50    1011712    ----a-w-    c:\program files\Windows Defender\MpSvc.dll
2013-07-10 20:06 . 2013-05-27 05:50    571904    ----a-w-    c:\program files\Windows Defender\MpClient.dll
2013-07-10 20:06 . 2013-05-27 05:50    314880    ----a-w-    c:\program files\Windows Defender\MpCommu.dll
2013-07-10 20:06 . 2013-05-27 04:57    4608    ----a-w-    c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 20:06 . 2013-05-27 04:57    54784    ----a-w-    c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 20:06 . 2013-05-27 04:57    392704    ----a-w-    c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 20:06 . 2013-05-27 03:15    9216    ----a-w-    c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 20:06 . 2013-06-05 03:34    3153920    ----a-w-    c:\windows\system32\win32k.sys
2013-07-10 20:05 . 2013-04-10 05:48    1732608    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 20:05 . 2013-04-10 05:46    1402880    ----a-w-    c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 20:05 . 2013-04-10 05:46    1393152    ----a-w-    c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 20:05 . 2013-04-10 05:46    1367040    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 20:05 . 2013-04-10 05:03    936448    ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 20:04 . 2013-04-09 23:34    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2013-07-10 20:04 . 2013-04-02 22:51    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2013-07-10 20:03 . 2013-06-04 06:00    624128    ----a-w-    c:\windows\system32\qedit.dll
2013-07-10 20:03 . 2013-06-04 04:53    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2013-07-10 20:03 . 2013-05-06 06:03    1887744    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-07-10 20:03 . 2013-05-06 04:56    1620480    ----a-w-    c:\windows\SysWow64\WMVDECOD.DLL
2013-07-08 02:12 . 2013-07-08 02:13    --------    d-----w-    c:\program files (x86)\GUMB847.tmp
2013-07-04 06:26 . 2013-07-04 06:26    --------    d-----w-    c:\users\Lamira\AppData\Roaming\Greyfirst
2013-07-04 06:26 . 2013-07-04 06:26    --------    d-----w-    c:\users\Lamira\AppData\Local\Greyfirst
2013-07-04 06:25 . 2013-07-04 06:25    --------    d-----w-    c:\program files (x86)\Celtx
2013-07-02 21:52 . 2013-07-02 21:52    --------    d-----w-    c:\program files (x86)\LogMeIn Hamachi
2013-07-02 03:50 . 2013-07-02 03:50    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
2013-06-27 00:21 . 2013-06-27 00:44    --------    d---a-w-    c:\program files (x86)\UtilityChest_49EI
2013-06-27 00:11 . 2013-06-27 00:24    --------    d-----w-    c:\program files\MotioninJoy
2013-06-27 00:11 . 2013-06-27 00:11    --------    d-----w-    c:\users\Lamira\AppData\Roaming\MotioninJoy
2013-06-27 00:11 . 2012-05-12 16:31    121416    ----a-w-    c:\windows\system32\drivers\MijXfilt.sys
2013-06-27 00:11 . 2011-12-07 23:42    74960    ----a-w-    c:\windows\system32\drivers\xusb21.sys
2013-06-27 00:11 . 2011-12-07 23:42    328712    ----a-w-    c:\windows\system32\MijFrc.dll
2013-06-27 00:11 . 2011-12-07 23:42    1721576    ----a-w-    c:\windows\system32\WdfCoInstaller01009.dll
2013-06-25 16:39 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{F87FB07F-5B53-4ED4-8B8A-BA0FD6FE3365}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-19 17:29 . 2010-12-20 22:43    544656    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2013-06-28 03:32 . 2013-05-14 07:30    378944    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-06-28 03:32 . 2013-05-14 07:30    189936    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-06-28 03:32 . 2013-05-14 07:30    1030952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-06-24 04:57 . 2010-12-13 13:57    78277128    ----a-w-    c:\windows\system32\MRT.exe
2013-06-20 16:23 . 2013-06-20 16:23    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-20 16:23 . 2012-06-16 02:25    867240    ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
2013-05-14 00:19 . 2011-03-28 22:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 05:51 . 2013-06-12 07:33    184320    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 07:33    1464320    ----a-w-    c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 07:33    139776    ----a-w-    c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 07:33    52224    ----a-w-    c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 07:33    140288    ----a-w-    c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 07:33    1160192    ----a-w-    c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 07:33    103936    ----a-w-    c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 07:33    1192448    ----a-w-    c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 07:33    903168    ----a-w-    c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 07:33    43008    ----a-w-    c:\windows\SysWow64\certenc.dll
2013-05-12 21:42 . 2013-06-19 00:07    1832224    ----a-w-    c:\windows\system32\nvdispco6432018.dll
2013-05-12 21:42 . 2013-06-19 00:07    1511712    ----a-w-    c:\windows\system32\nvdispgenco6432018.dll
2013-05-10 05:49 . 2013-06-12 07:33    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 07:33    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:59 . 2013-05-14 07:30    72016    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-05-14 07:30    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-05-14 07:30    65336    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-06-11 13:13    84376    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2013-05-09 08:59 . 2013-06-11 13:13    27744    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2013-05-09 08:59 . 2013-05-14 07:30    33400    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-05-14 07:30    80816    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-05-14 07:30    41664    ----a-w-    c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-05-14 07:30    287840    ----a-w-    c:\windows\system32\aswBoot.exe
2013-05-08 06:39 . 2013-06-12 07:34    1910632    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-02 15:29 . 2011-02-12 06:15    278800    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 07:34    751104    ----a-w-    c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 07:34    492544    ----a-w-    c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 07:33    1505280    ----a-w-    c:\windows\SysWow64\d3d11.dll
2012-04-29 04:07 . 2012-04-30 16:07    44    ------w-    c:\program files (x86)\a6bfa57f.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-12 39408]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
"Akamai NetSession Interface"="c:\users\Lamira\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Lexmark 6500 Series"="c:\program files (x86)\Lexmark 6500 Series\fm3032.exe" [2010-02-10 307880]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-06-28 2255184]
.
c:\users\Lamira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
mIRC.lnk - c:\program files (x86)\mIRC\mirc.exe [2013-4-12 1100850]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-3-13 3458968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 lxdfCATSCustConnectService;lxdfCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdfserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxdfserv.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys;c:\windows\SYSNATIVE\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 X6va005;X6va005;c:\users\Lamira\AppData\Local\Temp\00554A6.tmp;c:\users\Lamira\AppData\Local\Temp\00554A6.tmp [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys;c:\windows\SYSNATIVE\DRIVERS\nm3.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 lxdf_device;lxdf_device;c:\windows\system32\lxdfcoms.exe;c:\windows\SYSNATIVE\lxdfcoms.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe;c:\oem\USBDECTION\USBS3S4Detection.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ       Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 04:24    1173456    ----a-w-    c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 20:01]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-12 20:01]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58    133840    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartupDelayer"="c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe" [2012-04-16 1068032]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=EABE70F1A1E79B6F&affID=122471&tsp=4949
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{1A5D02A4-782B-4AD0-AFAD-229362FF959D}\34C61627F6136413547373: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{1A5D02A4-782B-4AD0-AFAD-229362FF959D}\D416274796E656A7D20534D2E4564777F627B6: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Lamira\AppData\Roaming\Mozilla\Firefox\Profiles\ej0dejj0.default\
FF - ExtSQL: 2013-07-20 15:16; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-20 19:31; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Lamira\AppData\Roaming\Mozilla\Firefox\Profiles\ej0dejj0.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-07-21 01:23; {37fa1426-b82d-11db-8314-0800200c9a66}; c:\users\Lamira\AppData\Roaming\Mozilla\Firefox\Profiles\ej0dejj0.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - eabeb6ef00000000000070f1a1e79b6f
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15906
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.519:41
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122471&tsp=4949
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-25771887.sys
AddRemove-VLC media player - c:\program files (x86)\VideoLAN\VLC\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Lamira\AppData\Local\Temp\00554A6.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4216970839-1054717939-2831988531-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-4216970839-1054717939-2831988531-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-07-24  12:11:36
ComboFix-quarantined-files.txt  2013-07-24 16:11
ComboFix2.txt  2013-07-20 19:41
ComboFix3.txt  2013-05-14 04:04
ComboFix4.txt  2013-05-14 03:37
.
Pre-Run: 526,359,552,000 bytes free
Post-Run: 526,293,336,064 bytes free
.
- - End Of File - - F043A9E6AC2E52200FC93E0A34D95420
D41D8CD98F00B204E9800998ECF8427E



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:00 PM

Posted 24 July 2013 - 01:01 PM

No, those are usually safe, if the site has at least a reasonable good reputation (there might be some obscure ones that are not safe).


We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 24 July 2013 - 01:27 PM

Okay, it's done.

Attached Files



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:00 PM

Posted 24 July 2013 - 02:15 PM

Hi again, lets also have a look at the BSOD causes.

Download BlueScreenView
No installation required.
Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 24 July 2013 - 02:23 PM

I was taken aback by what was in the dump file---there's BSODs dating back before the date I acquired this computer. It was brand new. So I named the log file something that reflects this.

 

Upon taking another look, I realized that this does not account for the month of July, in which all of the YouTube-related BSoDs occurred. I surmise that this is also when I lost my ability to create a pagefile.sys, as I have a hunch that the crashdumps rely on this to be logged.

 

==================================================
Filename          : aswSnx.SYS
Address In Stack  :
From Address      : fffff880`02e40000
To Address        : fffff880`02f40000
Size              : 0x00100000
Time Stamp        : 0x51cc5c35
Time String       : 6/27/2013 11:37:25 AM
Product Name      : avast! Antivirus
File Description  : avast! Virtualization Driver
File Version      : 8.0.1489.325
Company           : AVAST Software
Full Path         : C:\Windows\system32\drivers\aswSnx.SYS
==================================================

==================================================
Filename          : aswSP.SYS
Address In Stack  :
From Address      : fffff880`0439c000
To Address        : fffff880`043fe000
Size              : 0x00062000
Time Stamp        : 0x51cc5c31
Time String       : 6/27/2013 11:37:21 AM
Product Name      : avast! Antivirus
File Description  : avast! self protection module
File Version      : 8.0.1489.325
Company           : AVAST Software
Full Path         : C:\Windows\system32\drivers\aswSP.SYS
==================================================

==================================================
Filename          : aswVmm.sys
Address In Stack  :
From Address      : fffff880`01adb000
To Address        : fffff880`01b0b000
Size              : 0x00030000
Time Stamp        : 0x51cc5bdf
Time String       : 6/27/2013 11:35:59 AM
Product Name      :
File Description  :
File Version      :
Company           :
Full Path         : C:\Windows\system32\drivers\aswVmm.sys
==================================================

==================================================
Filename          : nvlddmkm.sys
Address In Stack  :
From Address      : fffff880`058c0000
To Address        : fffff87f`063a5000
Size              : 0xffffffff00ae5000
Time Stamp        : 0x51c41788
Time String       : 6/21/2013 5:06:16 AM
Product Name      : NVIDIA Windows Kernel Mode Driver, Version 314.22
File Description  : NVIDIA Windows Kernel Mode Driver, Version 314.22
File Version      : 9.18.13.1422
Company           : NVIDIA Corporation
Full Path         : C:\Windows\system32\drivers\nvlddmkm.sys
==================================================

==================================================
Filename          : win32k.sys
Address In Stack  :
From Address      : fffff960`00050000
To Address        : 688b417c`00367000
Size              : 0x688b481c00317000
Time Stamp        : 0x51aeb1a7
Time String       : 6/4/2013 11:33:59 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Multi-User Win32 Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\win32k.sys
==================================================

==================================================
Filename          : aswrdr2.sys
Address In Stack  :
From Address      : fffff880`02e12000
To Address        : 002cf8c2`02e26000
Size              : 0x002d004200014000
Time Stamp        : 0x518b62ad
Time String       : 5/9/2013 4:47:41 AM
Product Name      : avast! Antivirus
File Description  : avast! WFP Redirect Driver
File Version      : 8.0.1489.300 built by: WinDDK
Company           : AVAST Software
Full Path         : C:\Windows\system32\drivers\aswrdr2.sys
==================================================

==================================================
Filename          : aswTdi.SYS
Address In Stack  :
From Address      : fffff880`02e00000
To Address        : fffff880`02e12000
Size              : 0x00012000
Time Stamp        : 0x518b62a4
Time String       : 5/9/2013 4:47:32 AM
Product Name      : avast! Antivirus
File Description  : avast! TDI Filter Driver
File Version      : 8.0.1489.300 built by: WinDDK
Company           : AVAST Software
Full Path         : C:\Windows\system32\drivers\aswTdi.SYS
==================================================

==================================================
Filename          : aswMonFlt.sys
Address In Stack  :
From Address      : fffff880`06ece000
To Address        : fffff880`06ef6000
Size              : 0x00028000
Time Stamp        : 0x518b629b
Time String       : 5/9/2013 4:47:23 AM
Product Name      : avast! Antivirus
File Description  : avast! File System Minifilter for Windows 2003/Vista
File Version      : 8.0.1489.300
Company           : AVAST Software
Full Path         : C:\Windows\system32\drivers\aswMonFlt.sys
==================================================

==================================================
Filename          : aswFsBlk.SYS
Address In Stack  :
From Address      : fffff880`06ef6000
To Address        : 006ef8ce`06f01000
Size              : 0x006f004e0000b000
Time Stamp        : 0x518b6294
Time String       : 5/9/2013 4:47:16 AM
Product Name      : avast! Antivirus
File Description  : avast! File System Access Blocking Driver
File Version      : 8.0.1489.300
Company           : AVAST Software
Full Path         : C:\Windows\system32\drivers\aswFsBlk.SYS
==================================================

==================================================
Filename          : aswRvrt.sys
Address In Stack  :
From Address      : fffff880`01b0b000
To Address        : fffff880`01b1e000
Size              : 0x00013000
Time Stamp        : 0x518b6286
Time String       : 5/9/2013 4:47:02 AM
Product Name      :
File Description  :
File Version      :
Company           :
Full Path         : C:\Windows\system32\drivers\aswRvrt.sys
==================================================

==================================================
Filename          : tcpip.sys
Address In Stack  :
From Address      : fffff880`01800000
To Address        : fffff880`01a00000
Size              : 0x00200000
Time Stamp        : 0x5189c381
Time String       : 5/7/2013 11:16:17 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : TCP/IP Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\tcpip.sys
==================================================

==================================================
Filename          : Ntfs.sys
Address In Stack  :
From Address      : fffff880`01647000
To Address        : fffff880`017e9000
Size              : 0x001a2000
Time Stamp        : 0x5167f5fc
Time String       : 4/12/2013 7:54:36 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : NT File System Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\Ntfs.sys
==================================================

==================================================
Filename          : dxgkrnl.sys
Address In Stack  :
From Address      : fffff880`04401000
To Address        : 644d65f3`044f5000
Size              : 0x644d6d73000f4000
Time Stamp        : 0x5164dc49
Time String       : 4/9/2013 11:28:09 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : DirectX Graphics Kernel
File Version      : 6.1.7601.18126 (win7sp1_gdr.130409-1534)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\dxgkrnl.sys
==================================================

==================================================
Filename          : dxgmms1.sys
Address In Stack  :
From Address      : fffff880`044f5000
To Address        : fffff300`0453b000
Size              : 0xfffffa8000046000
Time Stamp        : 0x5164dc13
Time String       : 4/9/2013 11:27:15 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : DirectX Graphics MMS
File Version      : 6.1.7601.18126 (win7sp1_gdr.130409-1534)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\dxgmms1.sys
==================================================

==================================================
Filename          : ntoskrnl.exe
Address In Stack  :
From Address      : fffff800`0385a000
To Address        : fffff800`03e40000
Size              : 0x005e6000
Time Stamp        : 0x5147d9c6
Time String       : 3/18/2013 11:21:42 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : NT Kernel & System
File Version      : 6.1.7601.18113 (win7sp1_gdr.130318-1533)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\ntoskrnl.exe
==================================================

==================================================
Filename          : nvhda64v.sys
Address In Stack  :
From Address      : fffff880`04f4f000
To Address        : fffff300`04f82000
Size              : 0xfffffa8000033000
Time Stamp        : 0x512af647
Time String       : 2/25/2013 1:27:35 AM
Product Name      : NVIDIA HDMI Audio Driver
File Description  : NVIDIA HDMI Audio Driver
File Version      : 1.3.23.1 built by: WinDDK
Company           : NVIDIA Corporation
Full Path         : C:\Windows\system32\drivers\nvhda64v.sys
==================================================

==================================================
Filename          : netr28x.sys
Address In Stack  :
From Address      : fffff880`04a78000
To Address        : fffff120`04ccf000
Size              : 0xfffff8a000257000
Time Stamp        : 0x51273605
Time String       : 2/22/2013 5:10:29 AM
Product Name      : Ralink 802.11n Wireless Adapters
File Description  : Ralink 802.11 Wireless Adapter Driver
File Version      : 5.00.21.0000 built by: WinDDK
Company           : Ralink Technology, Corp.
Full Path         : C:\Windows\system32\drivers\netr28x.sys
==================================================

==================================================
Filename          : fvevol.sys
Address In Stack  :
From Address      : fffff880`01a5b000
To Address        : fffff880`01a95000
Size              : 0x0003a000
Time Stamp        : 0x5100a65c
Time String       : 1/23/2013 11:11:24 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : BitLocker Drive Encryption Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\fvevol.sys
==================================================

==================================================
Filename          : fwpkclnt.sys
Address In Stack  :
From Address      : fffff880`01200000
To Address        : fffff880`01249000
Size              : 0x00049000
Time Stamp        : 0x50e4f5c8
Time String       : 1/2/2013 11:06:48 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : FWP/IPsec Kernel-Mode API
File Version      : 6.1.7601.18042 (win7sp1_gdr.130102-1436)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\fwpkclnt.sys
==================================================

==================================================
Filename          : ATMFD.DLL
Address In Stack  :
From Address      : fffff960`008f0000
To Address        : fffff3e0`00951000
Size              : 0xfffffa8000061000
Time Stamp        : 0x50cdde6f
Time String       : 12/16/2012 10:45:03 AM
Product Name      : Adobe Type Manager
File Description  : Windows NT OpenType/Type 1 Font Driver
File Version      : 5.1 Build 237
Company           : Adobe Systems Incorporated
Full Path         : C:\Windows\system32\ATMFD.DLL
==================================================

==================================================
Filename          : tcpipreg.sys
Address In Stack  :
From Address      : fffff880`03c00000
To Address        : fffff880`03c12000
Size              : 0x00012000
Time Stamp        : 0x506c62be
Time String       : 10/3/2012 12:07:26 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : TCP/IP Registry Compatibility Driver
File Version      : 6.1.7601.17964 (win7sp1_gdr.121003-0333)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\tcpipreg.sys
==================================================

==================================================
Filename          : ksecpkg.sys
Address In Stack  :
From Address      : fffff880`015c3000
To Address        : fffff880`015ee000
Size              : 0x0002b000
Time Stamp        : 0x5037a24d
Time String       : 8/24/2012 11:48:29 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Kernel Security Support Provider Interface Packages
File Version      : 6.1.7601.17940 (win7sp1_gdr.120824-0334)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ksecpkg.sys
==================================================

==================================================
Filename          : cng.sys
Address In Stack  :
From Address      : fffff880`01551000
To Address        : fffff880`015c3000
Size              : 0x00072000
Time Stamp        : 0x5037a204
Time String       : 8/24/2012 11:47:16 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Kernel Cryptography, Next Generation
File Version      : 6.1.7601.17940 (win7sp1_gdr.120824-0334)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\cng.sys
==================================================

==================================================
Filename          : ndis.sys
Address In Stack  :
From Address      : fffff880`01100000
To Address        : fffff880`011f2000
Size              : 0x000f2000
Time Stamp        : 0x5034f6b2
Time String       : 8/22/2012 11:11:46 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : NDIS 6.20 driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ndis.sys
==================================================

==================================================
Filename          : NETIO.SYS
Address In Stack  :
From Address      : fffff880`01000000
To Address        : fffff880`01060000
Size              : 0x00060000
Time Stamp        : 0x5034f6a0
Time String       : 8/22/2012 11:11:28 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Network I/O Subsystem
File Version      : 6.1.7601.17939 (win7sp1_gdr.120822-0331)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\NETIO.SYS
==================================================

==================================================
Filename          : WDFLDR.SYS
Address In Stack  :
From Address      : fffff880`00fbe000
To Address        : fffff880`00fce000
Size              : 0x00010000
Time Stamp        : 0x5010ab70
Time String       : 7/25/2012 10:29:04 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Kernel Mode Driver Framework Loader
File Version      : 1.11.9200.16384 (win8_rtm.120725-1247)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\WDFLDR.SYS
==================================================

==================================================
Filename          : Wdf01000.sys
Address In Stack  :
From Address      : fffff880`00efc000
To Address        : fffff880`00fbe000
Size              : 0x000c2000
Time Stamp        : 0x5010aa89
Time String       : 7/25/2012 10:25:13 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Kernel Mode Driver Framework Runtime
File Version      : 1.11.9200.16384 (win8_rtm.120725-1247)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\Wdf01000.sys
==================================================

==================================================
Filename          : ksecdd.sys
Address In Stack  :
From Address      : fffff880`01600000
To Address        : fffff880`0161b000
Size              : 0x0001b000
Time Stamp        : 0x4fc97f6f
Time String       : 6/1/2012 10:50:23 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Kernel Security Support Provider Interface
File Version      : 6.1.7601.17856 (win7sp1_gdr.120601-1505)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ksecdd.sys
==================================================

==================================================
Filename          : partmgr.sys
Address In Stack  :
From Address      : fffff880`00eaa000
To Address        : fffff880`00ebf000
Size              : 0x00015000
Time Stamp        : 0x4f641bc1
Time String       : 3/17/2012 1:06:09 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Partition Management Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\partmgr.sys
==================================================

==================================================
Filename          : Fs_Rec.sys
Address In Stack  :
From Address      : fffff880`0162c000
To Address        : fffff880`01636000
Size              : 0x0000a000
Time Stamp        : 0x4f4eefd2
Time String       : 2/29/2012 11:41:06 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : File System Recognizer Driver
File Version      : 6.1.7601.17787 (win7sp1_gdr.120229-1502)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\Fs_Rec.sys
==================================================

==================================================
Filename          : afd.sys
Address In Stack  :
From Address      : fffff880`01b56000
To Address        : fffff300`01bdf000
Size              : 0xfffffa8000089000
Time Stamp        : 0x4efa9418
Time String       : 12/27/2011 11:59:20 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Ancillary Function Driver for WinSock
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\afd.sys
==================================================

==================================================
Filename          : mrxsmb10.sys
Address In Stack  :
From Address      : fffff880`03caa000
To Address        : fffff880`03cf8000
Size              : 0x0004e000
Time Stamp        : 0x4e17c104
Time String       : 7/8/2011 10:46:28 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Longhorn SMB Downlevel SubRdr
File Version      : 6.1.7601.17647 (win7sp1_gdr.110708-1503)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\mrxsmb10.sys
==================================================

==================================================
Filename          : nvBridge.kmd
Address In Stack  :
From Address      : fffff880`063a5000
To Address        : fffff880`063aa000
Size              : 0x00005000
Time Stamp        : 0x4dd7385f
Time String       : 5/20/2011 11:58:23 PM
Product Name      : NVIDIA Windows Kernel Mode Driver, Version 275.33
File Description  : NVIDIA Windows Kernel Mode Driver, Version 275.33
File Version      : 8.17.12.7533
Company           : NVIDIA Corporation
Full Path         : C:\Windows\system32\drivers\nvBridge.kmd
==================================================

==================================================
Filename          : srv.sys
Address In Stack  :
From Address      : fffff880`07488000
To Address        : 70626bf5`07520000
Size              : 0x7062737500098000
Time Stamp        : 0x4dba2b1e
Time String       : 4/28/2011 11:06:06 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Server driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\srv.sys
==================================================

==================================================
Filename          : srv2.sys
Address In Stack  :
From Address      : fffff880`03c12000
To Address        : fffff300`03c7b000
Size              : 0xfffffa8000069000
Time Stamp        : 0x4dba2b0a
Time String       : 4/28/2011 11:05:46 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Smb 2.0 Server driver
File Version      : 6.1.7601.17608 (win7sp1_gdr.110428-1525)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\srv2.sys
==================================================

==================================================
Filename          : srvnet.sys
Address In Stack  :
From Address      : fffff880`03dcd000
To Address        : fffff880`03dfe000
Size              : 0x00031000
Time Stamp        : 0x4dba2aff
Time String       : 4/28/2011 11:05:35 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Server Network driver
File Version      : 6.1.7601.17608 (win7sp1_gdr.110428-1525)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\srvnet.sys
==================================================

==================================================
Filename          : mrxsmb.sys
Address In Stack  :
From Address      : fffff880`05884000
To Address        : fffff880`058b1000
Size              : 0x0002d000
Time Stamp        : 0x4db78226
Time String       : 4/26/2011 10:40:38 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Windows NT SMB Minirdr
File Version      : 6.1.7601.17605 (win7sp1_gdr.110426-1503)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\mrxsmb.sys
==================================================

==================================================
Filename          : mrxsmb20.sys
Address In Stack  :
From Address      : fffff880`03cf8000
To Address        : fffff300`03d1c000
Size              : 0xfffffa8000024000
Time Stamp        : 0x4db781e9
Time String       : 4/26/2011 10:39:37 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Longhorn SMB 2.0 Redirector
File Version      : 6.1.7601.17605 (win7sp1_gdr.110426-1503)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\mrxsmb20.sys
==================================================

==================================================
Filename          : usbhub.sys
Address In Stack  :
From Address      : fffff880`04ecb000
To Address        : fffff300`04f25000
Size              : 0xfffffa800005a000
Time Stamp        : 0x4d8c0c15
Time String       : 3/24/2011 11:29:25 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Default Hub Driver for USB
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\usbhub.sys
==================================================

==================================================
Filename          : usbccgp.sys
Address In Stack  :
From Address      : fffff880`06e55000
To Address        : fffff100`06e72000
Size              : 0xfffff8800001d000
Time Stamp        : 0x4d8c0c0a
Time String       : 3/24/2011 11:29:14 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : USB Common Class Generic Parent Driver
File Version      : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\usbccgp.sys
==================================================

==================================================
Filename          : USBPORT.SYS
Address In Stack  :
From Address      : fffff880`04570000
To Address        : 00fff880`045c6000
Size              : 0x0100000000056000
Time Stamp        : 0x4d8c0c08
Time String       : 3/24/2011 11:29:12 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : USB 1.1 & 2.0 Port Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\USBPORT.SYS
==================================================

==================================================
Filename          : usbehci.sys
Address In Stack  :
From Address      : fffff880`0455f000
To Address        : fffff300`04570000
Size              : 0xfffffa8000011000
Time Stamp        : 0x4d8c0c00
Time String       : 3/24/2011 11:29:04 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : EHCI eUSB Miniport Driver
File Version      : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\usbehci.sys
==================================================

==================================================
Filename          : USBD.SYS
Address In Stack  :
From Address      : fffff880`06e72000
To Address        : 206459d6`06e73f00
Size              : 0x2064615600001f00
Time Stamp        : 0x4d8c0bfb
Time String       : 3/24/2011 11:28:59 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Universal Serial Bus Driver
File Version      : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\USBD.SYS
==================================================

==================================================
Filename          : USBSTOR.SYS
Address In Stack  :
From Address      : fffff880`06e74000
To Address        : fffff980`06e8f000
Size              : 0x000001000001b000
Time Stamp        : 0x4d79a6fc
Time String       : 3/11/2011 12:37:16 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : USB Mass Storage Class Driver
File Version      : 6.1.7601.17577 (win7sp1_gdr.110310-1504)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\USBSTOR.SYS
==================================================

==================================================
Filename          : bowser.sys
Address In Stack  :
From Address      : fffff880`06f9e000
To Address        : fffff300`06fbc000
Size              : 0xfffffa800001e000
Time Stamp        : 0x4d649328
Time String       : 2/23/2011 12:55:04 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : NT Lan Manager Datagram Receiver Driver
File Version      : 6.1.7601.17565 (win7sp1_gdr.110222-1630)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\bowser.sys
==================================================

==================================================
Filename          : kdcom.dll
Address In Stack  :
From Address      : fffff800`00bab000
To Address        : fffff800`00bb5000
Size              : 0x0000a000
Time Stamp        : 0x4d4d8061
Time String       : 2/5/2011 12:52:49 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Serial Kernel Debugger
File Version      : 6.1.7601.17556 (win7sp1_gdr.110204-2120)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\kdcom.dll
==================================================

==================================================
Filename          : cdd.dll
Address In Stack  :
From Address      : fffff960`00650000
To Address        : fffff95f`00677000
Size              : 0xffffffff00027000
Time Stamp        : 0x4d4a90a5
Time String       : 2/3/2011 7:25:25 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Canonical Display Driver
File Version      : 6.1.7601.17554 (win7sp1_gdr.110202-1504)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\cdd.dll
==================================================

==================================================
Filename          : CI.dll
Address In Stack  :
From Address      : fffff880`00d1b000
To Address        : fffff880`00ddb000
Size              : 0x000c0000
Time Stamp        : 0x4ce7c944
Time String       : 11/20/2010 9:12:36 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Code Integrity Module
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\CI.dll
==================================================

==================================================
Filename          : mcupdate.dll
Address In Stack  :
From Address      : fffff880`00c5a000
To Address        : fffff880`00ca9000
Size              : 0x0004f000
Time Stamp        : 0x4ce7c737
Time String       : 11/20/2010 9:03:51 AM
Product Name      :
File Description  :
File Version      :
Company           :
Full Path         :
==================================================

==================================================
Filename          : hal.dll
Address In Stack  :
From Address      : fffff800`03811000
To Address        : fffff800`0385a000
Size              : 0x00049000
Time Stamp        : 0x4ce7c669
Time String       : 11/20/2010 9:00:25 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Hardware Abstraction Layer DLL
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\hal.dll
==================================================

==================================================
Filename          : termdd.sys
Address In Stack  :
From Address      : fffff880`042e2000
To Address        : fffff880`042f6000
Size              : 0x00014000
Time Stamp        : 0x4ce7ab0c
Time String       : 11/20/2010 7:03:40 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Remote Desktop Server Driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\termdd.sys
==================================================

==================================================
Filename          : wanarp.sys
Address In Stack  :
From Address      : fffff880`042c7000
To Address        : fffff300`042e2000
Size              : 0xfffffa800001b000
Time Stamp        : 0x4ce7a874
Time String       : 11/20/2010 6:52:36 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : MS Remote Access and Routing ARP Driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\wanarp.sys
==================================================

==================================================
Filename          : rasl2tp.sys
Address In Stack  :
From Address      : fffff880`04dc4000
To Address        : fffff880`04de8000
Size              : 0x00024000
Time Stamp        : 0x4ce7a872
Time String       : 11/20/2010 6:52:34 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : RAS L2TP mini-port/call-manager driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\rasl2tp.sys
==================================================

==================================================
Filename          : ndiswan.sys
Address In Stack  :
From Address      : fffff880`04a00000
To Address        : fffff880`04a2f000
Size              : 0x0002f000
Time Stamp        : 0x4ce7a870
Time String       : 11/20/2010 6:52:32 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : MS PPP Framing Driver (Strong Encryption)
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ndiswan.sys
==================================================

==================================================
Filename          : raspptp.sys
Address In Stack  :
From Address      : fffff880`04a4a000
To Address        : fffff880`04a6b000
Size              : 0x00021000
Time Stamp        : 0x4ce7a86f
Time String       : 11/20/2010 6:52:31 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Peer-to-Peer Tunneling Protocol
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\raspptp.sys
==================================================

==================================================
Filename          : NDProxy.SYS
Address In Stack  :
From Address      : fffff880`04f3a000
To Address        : 006bf8e1`04f4f000
Size              : 0x006c006100015000
Time Stamp        : 0x4ce7a864
Time String       : 11/20/2010 6:52:20 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : NDIS Proxy
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\NDProxy.SYS
==================================================

==================================================
Filename          : pacer.sys
Address In Stack  :
From Address      : fffff880`0426d000
To Address        : fffff300`04293000
Size              : 0xfffffa8000026000
Time Stamp        : 0x4ce7a862
Time String       : 11/20/2010 6:52:18 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : QoS Packet Scheduler
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\pacer.sys
==================================================

==================================================
Filename          : tunnel.sys
Address In Stack  :
From Address      : fffff880`01060000
To Address        : fffff300`01086000
Size              : 0xfffffa8000026000
Time Stamp        : 0x4ce7a846
Time String       : 11/20/2010 6:51:50 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Microsoft Tunnel Interface Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\tunnel.sys
==================================================

==================================================
Filename          : ndisuio.sys
Address In Stack  :
From Address      : fffff880`06f69000
To Address        : 644d65f3`06f7c000
Size              : 0x644d6d7300013000
Time Stamp        : 0x4ce7a7e0
Time String       : 11/20/2010 6:50:08 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : NDIS User mode I/O driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ndisuio.sys
==================================================

==================================================
Filename          : umbus.sys
Address In Stack  :
From Address      : fffff880`05872000
To Address        : fffff300`05884000
Size              : 0xfffffa8000012000
Time Stamp        : 0x4ce7a695
Time String       : 11/20/2010 6:44:37 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : User-Mode Bus Enumerator
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\umbus.sys
==================================================

==================================================
Filename          : HIDCLASS.SYS
Address In Stack  :
From Address      : fffff880`04d8c000
To Address        : fffff880`04da5000
Size              : 0x00019000
Time Stamp        : 0x4ce7a665
Time String       : 11/20/2010 6:43:49 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Hid Class Library
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\HIDCLASS.SYS
==================================================

==================================================
Filename          : hidusb.sys
Address In Stack  :
From Address      : fffff880`06e8f000
To Address        : 0037f8b1`06e9d000
Size              : 0x003800310000e000
Time Stamp        : 0x4ce7a665
Time String       : 11/20/2010 6:43:49 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : USB Miniport Driver for Input Devices
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\hidusb.sys
==================================================

==================================================
Filename          : HDAudBus.sys
Address In Stack  :
From Address      : fffff880`0453b000
To Address        : fffff080`0455f000
Size              : 0xfffff80000024000
Time Stamp        : 0x4ce7a65e
Time String       : 11/20/2010 6:43:42 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : High Definition Audio Bus Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\HDAudBus.sys
==================================================

==================================================
Filename          : SCSIPORT.SYS
Address In Stack  :
From Address      : fffff880`05800000
To Address        : fffff880`0582f000
Size              : 0x0002f000
Time Stamp        : 0x4ce7a419
Time String       : 11/20/2010 6:34:01 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : SCSI Port Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\SCSIPORT.SYS
==================================================

==================================================
Filename          : kbdhid.sys
Address In Stack  :
From Address      : fffff880`06e9d000
To Address        : fffff300`06eab000
Size              : 0xfffffa800000e000
Time Stamp        : 0x4ce7a3f5
Time String       : 11/20/2010 6:33:25 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : HID Keyboard Filter Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\kbdhid.sys
==================================================

==================================================
Filename          : ks.sys
Address In Stack  :
From Address      : fffff880`0582f000
To Address        : fffff300`05872000
Size              : 0xfffffa8000043000
Time Stamp        : 0x4ce7a3f3
Time String       : 11/20/2010 6:33:23 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Kernel CSA Library
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ks.sys
==================================================

==================================================
Filename          : CompositeBus.sys
Address In Stack  :
From Address      : fffff880`04d79000
To Address        : fffff880`04d89000
Size              : 0x00010000
Time Stamp        : 0x4ce7a3ed
Time String       : 11/20/2010 6:33:17 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Multi-Transport Composite Bus Enumerator
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\CompositeBus.sys
==================================================

==================================================
Filename          : rdyboost.sys
Address In Stack  :
From Address      : fffff880`01a06000
To Address        : fffff880`01a40000
Size              : 0x0003a000
Time Stamp        : 0x4ce7982e
Time String       : 11/20/2010 5:43:10 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : ReadyBoost Driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\rdyboost.sys
==================================================

==================================================
Filename          : rdbss.sys
Address In Stack  :
From Address      : fffff880`042f6000
To Address        : fffff080`04347000
Size              : 0xfffff80000051000
Time Stamp        : 0x4ce79497
Time String       : 11/20/2010 5:27:51 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Redirected Drive Buffering SubSystem Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\rdbss.sys
==================================================

==================================================
Filename          : dfsc.sys
Address In Stack  :
From Address      : fffff880`0436d000
To Address        : fffff300`0438b000
Size              : 0xfffffa800001e000
Time Stamp        : 0x4ce79447
Time String       : 11/20/2010 5:26:31 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : DFS Namespace Client Driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\dfsc.sys
==================================================

==================================================
Filename          : HTTP.sys
Address In Stack  :
From Address      : fffff880`04e00000
To Address        : fffff880`04ec9000
Size              : 0x000c9000
Time Stamp        : 0x4ce793ce
Time String       : 11/20/2010 5:24:30 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : HTTP Protocol Stack
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\HTTP.sys
==================================================

==================================================
Filename          : netbt.sys
Address In Stack  :
From Address      : fffff880`04214000
To Address        : fffff880`04259000
Size              : 0x00045000
Time Stamp        : 0x4ce79386
Time String       : 11/20/2010 5:23:18 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : MBT Transport driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\netbt.sys
==================================================

==================================================
Filename          : TDI.SYS
Address In Stack  :
From Address      : fffff880`02fec000
To Address        : fffff300`02ff9000
Size              : 0xfffffa800000d000
Time Stamp        : 0x4ce7933e
Time String       : 11/20/2010 5:22:06 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : TDI Wrapper
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\TDI.SYS
==================================================

==================================================
Filename          : msrpc.sys
Address In Stack  :
From Address      : fffff880`014f3000
To Address        : fffff880`01551000
Size              : 0x0005e000
Time Stamp        : 0x4ce79334
Time String       : 11/20/2010 5:21:56 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Kernel Remote Procedure Call Provider
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\msrpc.sys
==================================================

==================================================
Filename          : tdx.sys
Address In Stack  :
From Address      : fffff880`02fca000
To Address        : fffff300`02fec000
Size              : 0xfffffa8000022000
Time Stamp        : 0x4ce79332
Time String       : 11/20/2010 5:21:54 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : TDI Translation Driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\tdx.sys
==================================================

==================================================
Filename          : volmgrx.sys
Address In Stack  :
From Address      : fffff880`0108a000
To Address        : fffff880`010e6000
Size              : 0x0005c000
Time Stamp        : 0x4ce792eb
Time String       : 11/20/2010 5:20:43 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Volume Manager Extension Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\volmgrx.sys
==================================================

==================================================
Filename          : volsnap.sys
Address In Stack  :
From Address      : fffff880`00c00000
To Address        : fffff880`00c4c000
Size              : 0x0004c000
Time Stamp        : 0x4ce792c8
Time String       : 11/20/2010 5:20:08 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Volume Shadow Copy Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\volsnap.sys
==================================================

==================================================
Filename          : volmgr.sys
Address In Stack  :
From Address      : fffff880`00ebf000
To Address        : fffff880`00ed4000
Size              : 0x00015000
Time Stamp        : 0x4ce792a0
Time String       : 11/20/2010 5:19:28 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Volume Manager Driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\volmgr.sys
==================================================

==================================================
Filename          : fltmgr.sys
Address In Stack  :
From Address      : fffff880`01493000
To Address        : fffff880`014df000
Size              : 0x0004c000
Time Stamp        : 0x4ce7929c
Time String       : 11/20/2010 5:19:24 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Microsoft Filesystem Filter Manager
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\fltmgr.sys
==================================================

==================================================
Filename          : CLASSPNP.SYS
Address In Stack  :
From Address      : fffff880`01aab000
To Address        : fffff880`01adb000
Size              : 0x00030000
Time Stamp        : 0x4ce7929b
Time String       : 11/20/2010 5:19:23 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : SCSI Class System Dll
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\CLASSPNP.SYS
==================================================

==================================================
Filename          : mountmgr.sys
Address In Stack  :
From Address      : fffff880`010e6000
To Address        : fffff880`01100000
Size              : 0x0001a000
Time Stamp        : 0x4ce79299
Time String       : 11/20/2010 5:19:21 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Mount Point Manager
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\mountmgr.sys
==================================================

==================================================
Filename          : cdrom.sys
Address In Stack  :
From Address      : fffff880`01b2c000
To Address        : fffff300`01b56000
Size              : 0xfffffa800002a000
Time Stamp        : 0x4ce79298
Time String       : 11/20/2010 5:19:20 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : SCSI CD-ROM Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\cdrom.sys
==================================================

==================================================
Filename          : ACPI.sys
Address In Stack  :
From Address      : fffff880`00e00000
To Address        : fffff880`00e57000
Size              : 0x00057000
Time Stamp        : 0x4ce79294
Time String       : 11/20/2010 5:19:16 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : ACPI Driver for NT
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ACPI.sys
==================================================

==================================================
Filename          : ataport.SYS
Address In Stack  :
From Address      : fffff880`0145e000
To Address        : fffff880`01488000
Size              : 0x0002a000
Time Stamp        : 0x4ce79293
Time String       : 11/20/2010 5:19:15 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : ATAPI Driver Extension
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ataport.SYS
==================================================

==================================================
Filename          : pci.sys
Address In Stack  :
From Address      : fffff880`00e6a000
To Address        : fffff880`00e9d000
Size              : 0x00033000
Time Stamp        : 0x4ce7928f
Time String       : 11/20/2010 5:19:11 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : NT Plug and Play PCI Enumerator
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\pci.sys
==================================================

==================================================
Filename          : hwpolicy.sys
Address In Stack  :
From Address      : fffff880`01a52000
To Address        : fffff880`01a5b000
Size              : 0x00009000
Time Stamp        : 0x4ce7927e
Time String       : 11/20/2010 5:18:54 AM
Product Name      : Microsoft® Windows® Operating System
File Description  : Hardware Policy Driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\hwpolicy.sys
==================================================

==================================================
Filename          : nm3.sys
Address In Stack  :
From Address      : fffff880`042a9000
To Address        : fffff880`042b8000
Size              : 0x0000f000
Time Stamp        : 0x4c102c5f
Time String       : 6/9/2010 8:05:51 PM
Product Name      : Microsoft Network Monitor 3 Driver
File Description  : Netmon -- NDIS 6.0 Monitoring Filter Driver
File Version      : 3.4.2350.0
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\nm3.sys
==================================================

==================================================
Filename          : amdxata.sys
Address In Stack  :
From Address      : fffff880`01488000
To Address        : fffff880`01493000
Size              : 0x0000b000
Time Stamp        : 0x4ba3a3ca
Time String       : 3/19/2010 12:18:18 PM
Product Name      : Storage Filter Driver
File Description  : Storage Filter Driver
File Version      : 1.1.2.5 (NT.091202-1659)
Company           : Advanced Micro Devices
Full Path         : C:\Windows\system32\drivers\amdxata.sys
==================================================

==================================================
Filename          : Rt64win7.sys
Address In Stack  :
From Address      : fffff880`04cdc000
To Address        : fffff300`04d33000
Size              : 0xfffffa8000057000
Time Stamp        : 0x4b8fb8dc
Time String       : 3/4/2010 9:42:52 AM
Product Name      : Realtek 8136/8168/8169 PCI/PCIe Adapters
File Description  : Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver
File Version      : 7.017.0304.2010 built by: WinDDK
Company           : Realtek
Full Path         : C:\Windows\system32\drivers\Rt64win7.sys
==================================================

==================================================
Filename          : RTKVHD64.sys
Address In Stack  :
From Address      : fffff880`06c12000
To Address        : fffff87f`06e3a780
Size              : 0xffffffff00228780
Time Stamp        : 0x4b717f11
Time String       : 2/9/2010 11:28:17 AM
Product Name      : Realtek® High Definition Audio Function Driver
File Description  : Realtek® High Definition Audio Function Driver
File Version      : 6.0.1.6045 built by: WinDDK
Company           : Realtek Semiconductor Corp.
Full Path         : C:\Windows\system32\drivers\RTKVHD64.sys
==================================================

==================================================
Filename          : iaStor.sys
Address In Stack  :
From Address      : fffff880`0124d000
To Address        : fffff880`01455000
Size              : 0x00208000
Time Stamp        : 0x4b20515f
Time String       : 12/9/2009 9:39:43 PM
Product Name      : Intel Matrix Storage Manager driver
File Description  : Intel Matrix Storage Manager driver - x64
File Version      : 9.5.5.1003
Company           : Intel Corporation
Full Path         : C:\Windows\system32\drivers\iaStor.sys
==================================================

==================================================
Filename          : wacomvhid.sys
Address In Stack  :
From Address      : fffff880`04d89000
To Address        : fffff120`04d8ba00
Size              : 0xfffff8a000002a00
Time Stamp        : 0x4ab80c4a
Time String       : 9/21/2009 7:29:14 PM
Product Name      : Wacom Virtual HID Driver
File Description  : Virtual Hid Device
File Version      : 2.9.0002.4
Company           : Wacom Technology
Full Path         : C:\Windows\system32\drivers\wacomvhid.sys
==================================================

==================================================
Filename          : PSHED.dll
Address In Stack  :
From Address      : fffff880`00ca9000
To Address        : fffff880`00cbd000
Size              : 0x00014000
Time Stamp        : 0x4a5be027
Time String       : 7/13/2009 9:32:23 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Platform Specific Hardware Error Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\PSHED.dll
==================================================

==================================================
Filename          : drmk.sys
Address In Stack  :
From Address      : fffff880`04fbf000
To Address        : fffff300`04fe1000
Size              : 0xfffffa8000022000
Time Stamp        : 0x4a5bd8e5
Time String       : 7/13/2009 9:01:25 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Microsoft Trusted Audio Drivers
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\drmk.sys
==================================================

==================================================
Filename          : peauth.sys
Address In Stack  :
From Address      : fffff880`03d1c000
To Address        : fffff880`03dc2000
Size              : 0x000a6000
Time Stamp        : 0x4a5bd8df
Time String       : 7/13/2009 9:01:19 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Protected Environment Authentication and Authorization Export Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\peauth.sys
==================================================

==================================================
Filename          : rdprefmp.sys
Address In Stack  :
From Address      : fffff880`02fa5000
To Address        : fffff300`02fae000
Size              : 0xfffffa8000009000
Time Stamp        : 0x4a5bce63
Time String       : 7/13/2009 8:16:35 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : RDP Reflector Driver Miniport
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\rdprefmp.sys
==================================================

==================================================
Filename          : RDPCDD.sys
Address In Stack  :
From Address      : fffff880`02f93000
To Address        : fffff300`02f9c000
Size              : 0xfffffa8000009000
Time Stamp        : 0x4a5bce62
Time String       : 7/13/2009 8:16:34 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : RDP Miniport
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\RDPCDD.sys
==================================================

==================================================
Filename          : rdpencdd.sys
Address In Stack  :
From Address      : fffff880`02f9c000
To Address        : fffff880`02fa5000
Size              : 0x00009000
Time Stamp        : 0x4a5bce62
Time String       : 7/13/2009 8:16:34 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : RDP Encoder Miniport
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\rdpencdd.sys
==================================================

==================================================
Filename          : TSDDD.dll
Address In Stack  :
From Address      : fffff960`00440000
To Address        : 0030f991`0044a000
Size              : 0x003100310000a000
Time Stamp        : 0x4a5bce62
Time String       : 7/13/2009 8:16:34 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Framebuffer Display Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\TSDDD.dll
==================================================

==================================================
Filename          : ws2ifsl.sys
Address In Stack  :
From Address      : fffff880`04259000
To Address        : fffff880`04264000
Size              : 0x0000b000
Time Stamp        : 0x4a5bccf9
Time String       : 7/13/2009 8:10:33 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Winsock2 IFS Layer
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ws2ifsl.sys
==================================================

==================================================
Filename          : rassstp.sys
Address In Stack  : rassstp.sys+1435e30
From Address      : fffff880`045c6000
To Address        : fffff8a1`045e0000
Size              : 0x000000210001a000
Time Stamp        : 0x4a5bccf1
Time String       : 7/13/2009 8:10:25 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : RAS SSTP Miniport Call Manager
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\rassstp.sys
==================================================

==================================================
Filename          : AgileVpn.sys
Address In Stack  :
From Address      : fffff880`04dae000
To Address        : fffff880`04dc4000
Size              : 0x00016000
Time Stamp        : 0x4a5bccf0
Time String       : 7/13/2009 8:10:24 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : RAS Agile Vpn Miniport Call Manager
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\AgileVpn.sys
==================================================

==================================================
Filename          : raspppoe.sys
Address In Stack  :
From Address      : fffff880`04a2f000
To Address        : fffff880`04a4a000
Size              : 0x0001b000
Time Stamp        : 0x4a5bcce9
Time String       : 7/13/2009 8:10:17 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : RAS PPPoE mini-port/call-manager driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\raspppoe.sys
==================================================

==================================================
Filename          : ndistapi.sys
Address In Stack  :
From Address      : fffff880`04de8000
To Address        : fffff300`04df4000
Size              : 0xfffffa800000c000
Time Stamp        : 0x4a5bccd8
Time String       : 7/13/2009 8:10:00 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : NDIS 3.0 connection wrapper driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ndistapi.sys
==================================================

==================================================
Filename          : wfplwf.sys
Address In Stack  :
From Address      : fffff880`04264000
To Address        : fffff300`0426d000
Size              : 0xfffffa8000009000
Time Stamp        : 0x4a5bccb6
Time String       : 7/13/2009 8:09:26 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : WFP NDIS 6.20 Lightweight Filter Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\wfplwf.sys
==================================================

==================================================
Filename          : netbios.sys
Address In Stack  :
From Address      : fffff880`042b8000
To Address        : ffff9848`042c7000
Size              : 0xffff9fc80000f000
Time Stamp        : 0x4a5bccb6
Time String       : 7/13/2009 8:09:26 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : NetBIOS interface driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\netbios.sys
==================================================

==================================================
Filename          : lltdio.sys
Address In Stack  :
From Address      : fffff880`06f01000
To Address        : fffff880`06f16000
Size              : 0x00015000
Time Stamp        : 0x4a5bcc92
Time String       : 7/13/2009 8:08:50 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Link-Layer Topology Mapper I/O Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\lltdio.sys
==================================================

==================================================
Filename          : rspndr.sys
Address In Stack  :
From Address      : fffff880`06f7c000
To Address        : fffff880`06f94000
Size              : 0x00018000
Time Stamp        : 0x4a5bcc92
Time String       : 7/13/2009 8:08:50 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Link-Layer Topology Responder Driver for NDIS 6
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\rspndr.sys
==================================================

==================================================
Filename          : mpsdrv.sys
Address In Stack  :
From Address      : fffff880`06fbc000
To Address        : fffff300`06fd4000
Size              : 0xfffffa8000018000
Time Stamp        : 0x4a5bcc79
Time String       : 7/13/2009 8:08:25 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Microsoft Protection Service Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\mpsdrv.sys
==================================================

==================================================
Filename          : vwifimp.sys
Address In Stack  :
From Address      : fffff880`06f94000
To Address        : 0064f8e4`06f9e000
Size              : 0x006500640000a000
Time Stamp        : 0x4a5bcc40
Time String       : 7/13/2009 8:07:28 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Virtual WiFi Miniport Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\vwifimp.sys
==================================================

==================================================
Filename          : nwifi.sys
Address In Stack  :
From Address      : fffff880`06f16000
To Address        : fffff300`06f69000
Size              : 0xfffffa8000053000
Time Stamp        : 0x4a5bcc3b
Time String       : 7/13/2009 8:07:23 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : NativeWiFi Miniport Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\nwifi.sys
==================================================

==================================================
Filename          : vwififlt.sys
Address In Stack  :
From Address      : fffff880`04293000
To Address        : fffff880`042a9000
Size              : 0x00016000
Time Stamp        : 0x4a5bcc3a
Time String       : 7/13/2009 8:07:22 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Virtual WiFi Filter Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\vwififlt.sys
==================================================

==================================================
Filename          : vwifibus.sys
Address In Stack  :
From Address      : fffff880`04ccf000
To Address        : fffff880`04cdc000
Size              : 0x0000d000
Time Stamp        : 0x4a5bcc39
Time String       : 7/13/2009 8:07:21 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Virtual WiFi Bus Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\vwifibus.sys
==================================================

==================================================
Filename          : portcls.sys
Address In Stack  :
From Address      : fffff880`04f82000
To Address        : fffff880`04fbf000
Size              : 0x0003d000
Time Stamp        : 0x4a5bcc03
Time String       : 7/13/2009 8:06:27 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Port Class (Class Driver for Port/Miniport Devices)
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\portcls.sys
==================================================

==================================================
Filename          : HIDPARSE.SYS
Address In Stack  :
From Address      : fffff880`04da5000
To Address        : fffff880`04dad080
Size              : 0x00008080
Time Stamp        : 0x4a5bcbf9
Time String       : 7/13/2009 8:06:17 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Hid Parsing Library
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\HIDPARSE.SYS
==================================================

==================================================
Filename          : vdrvroot.sys
Address In Stack  :
From Address      : fffff880`00e9d000
To Address        : fffff880`00eaa000
Size              : 0x0000d000
Time Stamp        : 0x4a5bcadb
Time String       : 7/13/2009 8:01:31 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Virtual Drive Root Enumerator
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\vdrvroot.sys
==================================================

==================================================
Filename          : mouhid.sys
Address In Stack  :
From Address      : fffff880`04f25000
To Address        : fffff880`04f32000
Size              : 0x0000d000
Time Stamp        : 0x4a5bca94
Time String       : 7/13/2009 8:00:20 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : HID Mouse Filter Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\mouhid.sys
==================================================

==================================================
Filename          : ksthunk.sys
Address In Stack  :
From Address      : fffff880`04fe1000
To Address        : fffff880`04fe6200
Size              : 0x00005200
Time Stamp        : 0x4a5bca93
Time String       : 7/13/2009 8:00:19 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Kernel Streaming WOW Thunk Service
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\ksthunk.sys
==================================================

==================================================
Filename          : swenum.sys
Address In Stack  :
From Address      : fffff880`04a76000
To Address        : 3123c8eb`04a77480
Size              : 0x3123d06b00001480
Time Stamp        : 0x4a5bca92
Time String       : 7/13/2009 8:00:18 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Plug and Play Software Device Enumerator
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\swenum.sys
==================================================

==================================================
Filename          : Beep.SYS
Address In Stack  :
From Address      : fffff880`02f49000
To Address        : fffff880`02f50000
Size              : 0x00007000
Time Stamp        : 0x4a5bca8d
Time String       : 7/13/2009 8:00:13 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : BEEP Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\Beep.SYS
==================================================

==================================================
Filename          : monitor.sys
Address In Stack  :
From Address      : fffff880`06e47000
To Address        : fffff300`06e55000
Size              : 0xfffffa800000e000
Time Stamp        : 0x4a5bc58c
Time String       : 7/13/2009 7:38:52 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Monitor Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\monitor.sys
==================================================

==================================================
Filename          : VIDEOPRT.SYS
Address In Stack  :
From Address      : fffff880`02f5e000
To Address        : fffff300`02f83000
Size              : 0xfffffa8000025000
Time Stamp        : 0x4a5bc58b
Time String       : 7/13/2009 7:38:51 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Video Port Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\VIDEOPRT.SYS
==================================================

==================================================
Filename          : vga.sys
Address In Stack  :
From Address      : fffff880`02f50000
To Address        : fffff880`02f5e000
Size              : 0x0000e000
Time Stamp        : 0x4a5bc587
Time String       : 7/13/2009 7:38:47 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : VGA/Super VGA Video Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\vga.sys
==================================================

==================================================
Filename          : Dxapi.sys
Address In Stack  :
From Address      : fffff880`06e3b000
To Address        : fffff300`06e47000
Size              : 0xfffffa800000c000
Time Stamp        : 0x4a5bc574
Time String       : 7/13/2009 7:38:28 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : DirectX API Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\Dxapi.sys
==================================================

==================================================
Filename          : watchdog.sys
Address In Stack  :
From Address      : fffff880`02f83000
To Address        : fffff880`02f93000
Size              : 0x00010000
Time Stamp        : 0x4a5bc53f
Time String       : 7/13/2009 7:37:35 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Watchdog Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\watchdog.sys
==================================================

==================================================
Filename          : discache.sys
Address In Stack  :
From Address      : fffff880`0435e000
To Address        : 6c6161f4`0436d000
Size              : 0x6c6169740000f000
Time Stamp        : 0x4a5bc52e
Time String       : 7/13/2009 7:37:18 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : System Indexer/Cache Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\discache.sys
==================================================

==================================================
Filename          : blbdrive.sys
Address In Stack  :
From Address      : fffff880`0438b000
To Address        : fffff300`0439c000
Size              : 0xfffffa8000011000
Time Stamp        : 0x4a5bc4df
Time String       : 7/13/2009 7:35:59 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : BLB Drive Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\blbdrive.sys
==================================================

==================================================
Filename          : fileinfo.sys
Address In Stack  :
From Address      : fffff880`014df000
To Address        : fffff880`014f3000
Size              : 0x00014000
Time Stamp        : 0x4a5bc481
Time String       : 7/13/2009 7:34:25 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : FileInfo Filter Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\fileinfo.sys
==================================================

==================================================
Filename          : mssmbios.sys
Address In Stack  :
From Address      : fffff880`04353000
To Address        : fffff880`0435e000
Size              : 0x0000b000
Time Stamp        : 0x4a5bc3be
Time String       : 7/13/2009 7:31:10 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : System Management BIOS Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\mssmbios.sys
==================================================

==================================================
Filename          : wmiacpi.sys
Address In Stack  :
From Address      : fffff880`04d70000
To Address        : fffff300`04d79000
Size              : 0xfffffa8000009000
Time Stamp        : 0x4a5bc3b6
Time String       : 7/13/2009 7:31:02 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Windows Management Interface for ACPI
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\wmiacpi.sys
==================================================

==================================================
Filename          : luafv.sys
Address In Stack  :
From Address      : fffff880`06eab000
To Address        : fffff880`06ece000
Size              : 0x00023000
Time Stamp        : 0x4a5bc295
Time String       : 7/13/2009 7:26:13 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : LUA File Virtualization Filter Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\luafv.sys
==================================================

==================================================
Filename          : mup.sys
Address In Stack  :
From Address      : fffff880`01a40000
To Address        : fffff880`01a52000
Size              : 0x00012000
Time Stamp        : 0x4a5bc201
Time String       : 7/13/2009 7:23:45 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Multiple UNC Provider Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\mup.sys
==================================================

==================================================
Filename          : nsiproxy.sys
Address In Stack  :
From Address      : fffff880`04347000
To Address        : 6f4c5cee`04353000
Size              : 0x6f4c646e0000c000
Time Stamp        : 0x4a5bc15e
Time String       : 7/13/2009 7:21:02 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : NSI Proxy
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\nsiproxy.sys
==================================================

==================================================
Filename          : CLFS.SYS
Address In Stack  :
From Address      : fffff880`00cbd000
To Address        : fffff880`00d1b000
Size              : 0x0005e000
Time Stamp        : 0x4a5bc11d
Time String       : 7/13/2009 7:19:57 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Common Log File System Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\CLFS.SYS
==================================================

==================================================
Filename          : disk.sys
Address In Stack  :
From Address      : fffff880`01a95000
To Address        : fffff880`01aab000
Size              : 0x00016000
Time Stamp        : 0x4a5bc11d
Time String       : 7/13/2009 7:19:57 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : PnP Disk Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\disk.sys
==================================================

==================================================
Filename          : WMILIB.SYS
Address In Stack  :
From Address      : fffff880`00e57000
To Address        : fffff880`00e60000
Size              : 0x00009000
Time Stamp        : 0x4a5bc117
Time String       : 7/13/2009 7:19:51 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : WMILIB WMI support library Dll
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\WMILIB.SYS
==================================================

==================================================
Filename          : mouclass.sys
Address In Stack  :
From Address      : fffff880`04d51000
To Address        : fffff300`04d60000
Size              : 0xfffffa800000f000
Time Stamp        : 0x4a5bc116
Time String       : 7/13/2009 7:19:50 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Mouse Class Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\mouclass.sys
==================================================

==================================================
Filename          : kbdclass.sys
Address In Stack  :
From Address      : fffff880`045e0000
To Address        : 45424ad3`045ef000
Size              : 0x454252530000f000
Time Stamp        : 0x4a5bc116
Time String       : 7/13/2009 7:19:50 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Keyboard Class Driver
File Version      : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\kbdclass.sys
==================================================

==================================================
Filename          : Npfs.SYS
Address In Stack  :
From Address      : fffff880`02fb9000
To Address        : fffff300`02fca000
Size              : 0xfffffa8000011000
Time Stamp        : 0x4a5bc114
Time String       : 7/13/2009 7:19:48 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : NPFS Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\Npfs.SYS
==================================================

==================================================
Filename          : atapi.sys
Address In Stack  :
From Address      : fffff880`01455000
To Address        : fffff880`0145e000
Size              : 0x00009000
Time Stamp        : 0x4a5bc113
Time String       : 7/13/2009 7:19:47 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : ATAPI IDE Miniport Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\atapi.sys
==================================================

==================================================
Filename          : Msfs.SYS
Address In Stack  :
From Address      : fffff880`02fae000
To Address        : fffff880`02fb9000
Size              : 0x0000b000
Time Stamp        : 0x4a5bc113
Time String       : 7/13/2009 7:19:47 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Mailslot driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\Msfs.SYS
==================================================

==================================================
Filename          : Null.SYS
Address In Stack  :
From Address      : fffff880`02f40000
To Address        : fffff880`02f49000
Size              : 0x00009000
Time Stamp        : 0x4a5bc109
Time String       : 7/13/2009 7:19:37 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : NULL Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\Null.SYS
==================================================

==================================================
Filename          : pcw.sys
Address In Stack  :
From Address      : fffff880`0161b000
To Address        : fffff880`0162c000
Size              : 0x00011000
Time Stamp        : 0x4a5bc0ff
Time String       : 7/13/2009 7:19:27 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Performance Counters for Windows Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\pcw.sys
==================================================

==================================================
Filename          : msisadrv.sys
Address In Stack  :
From Address      : fffff880`00e60000
To Address        : fffff880`00e6a000
Size              : 0x0000a000
Time Stamp        : 0x4a5bc0fe
Time String       : 7/13/2009 7:19:26 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : ISA Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\msisadrv.sys
==================================================

==================================================
Filename          : intelppm.sys
Address In Stack  :
From Address      : fffff880`02e26000
To Address        : 644d65f3`02e3c000
Size              : 0x644d6d7300016000
Time Stamp        : 0x4a5bc0fd
Time String       : 7/13/2009 7:19:25 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : Processor Device Driver
File Version      : 6.1.7600.16385 (win7_rtm.090713-1255)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\intelppm.sys
==================================================

==================================================
Filename          : spldr.sys
Address In Stack  :
From Address      : fffff880`01636000
To Address        : fffff880`0163e000
Size              : 0x00008000
Time Stamp        : 0x4a0858bb
Time String       : 5/11/2009 12:56:27 PM
Product Name      : Microsoft® Windows® Operating System
File Description  : loader for security processor
File Version      : 6.1.7127.0 (fbl_security_bugfix(sepbld-s).090511-0943)
Company           : Microsoft Corporation
Full Path         : C:\Windows\system32\drivers\spldr.sys
==================================================

==================================================
Filename          : UBHelper.sys
Address In Stack  :
From Address      : fffff880`04d60000
To Address        : dc94c11a`04d68000
Size              : 0xdc94c89a00008000
Time Stamp        : 0x49f57153
Time String       : 4/27/2009 4:48:19 AM
Product Name      : UBHelper
File Description  : NTI CDROM Filter Driver
File Version      : 2, 0, 0, 11
Company           : NewTech Infosystems Corporation
Full Path         : C:\Windows\system32\drivers\UBHelper.sys
==================================================

==================================================
Filename          : NTIDrvr.sys
Address In Stack  :
From Address      : fffff880`04d68000
To Address        : fffff880`04d70000
Size              : 0x00008000
Time Stamp        : 0x49c9a073
Time String       : 3/24/2009 11:09:39 PM
Product Name      :
File Description  : NTI CD-ROM Filter Driver
File Version      : 1, 0, 0, 9
Company           : NewTech Infosystems, Inc.
Full Path         : C:\Windows\system32\drivers\NTIDrvr.sys
==================================================

==================================================
Filename          : mcdbus.sys
Address In Stack  :
From Address      : fffff880`063aa000
To Address        : fffff300`063e6880
Size              : 0xfffffa800003c880
Time Stamp        : 0x49a3cd1f
Time String       : 2/24/2009 6:34:07 AM
Product Name      : MagicISO SCSI Host Controller
File Description  : MagicISO SCSI Host Controller
File Version      : 2.7.106.519
Company           : MagicISO, Inc.
Full Path         : C:\Windows\system32\drivers\mcdbus.sys
==================================================

==================================================
Filename          : hamachi.sys
Address In Stack  :
From Address      : fffff880`04a6b000
To Address        : fffff880`04a76000
Size              : 0x0000b000
Time Stamp        : 0x499d3639
Time String       : 2/19/2009 6:36:41 AM
Product Name      : Hamachi Virtual Network Interface Driver
File Description  : Hamachi Virtual Network Interface Driver
File Version      : 7.0.1.1 built by: WinDDK
Company           : LogMeIn, Inc.
Full Path         : C:\Windows\system32\drivers\hamachi.sys
==================================================

==================================================
Filename          : wacommousefilter.sys
Address In Stack  :
From Address      : fffff880`04f32000
To Address        : fffff880`04f3a000
Size              : 0x00008000
Time Stamp        : 0x45d5f401
Time String       : 2/16/2007 2:12:17 PM
Product Name      : Wacom Mouse Filter Driver
File Description  : Wacom Mouse Filter Driver
File Version      : 1.2.0002.0
Company           : Wacom Technology
Full Path         : C:\Windows\system32\drivers\wacommousefilter.sys
==================================================

==================================================
Filename          : secdrv.SYS
Address In Stack  :
From Address      : fffff880`03dc2000
To Address        : fffff880`03dcd000
Size              : 0x0000b000
Time Stamp        : 0x4508052e
Time String       : 9/13/2006 9:18:38 AM
Product Name      : Macrovision SECURITY Driver
File Description  : Macrovision SECURITY Driver
File Version      : 4.03.086
Company           : Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Full Path         : C:\Windows\system32\drivers\secdrv.SYS
==================================================
 

Attached Files

  • Attached File  x_x.txt   181.54KB   0 downloads

Edited by RisingManes, 24 July 2013 - 02:29 PM.


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:00 PM

Posted 24 July 2013 - 03:08 PM

It looks like the last BSODs are related to Avast. Do you know how to cause the BSOD? If so, can you uninstall Avast and see if it still occurs?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 24 July 2013 - 03:20 PM

I have uninstalled. However, as I said before, the dump does not log the entirety of July, which refers to my video driver. I'll stress test this regardless, but it will not show up on any dump file.

 

However, since the blue screen hangs indefinitely, this also means I can safely log the information by hand.

 

UPDATE: I have successfully replicated the BSOD by opening upwards of 15 tabs on Firefox then opening a Flash video, which is consistent with the unlogged BSODs. I wrote the code by hand, on pen and paper.

 

This may appear to be the video driver, but the obvious troubleshooting---reinstalling the driver---has not worked, even on Safe Mode. Also note that without a working pagefile, I cannot stress the computer much. Aforementioned steps to replicate the BSOD is very consistent.

 

===

 

*** STOP: 0x0000166 (0xFFFFFA800E46B4E0, 0xFFFFF880059862B0, 0x0000000000000000, 0x0000000000000002)

***nvlddmkm.sys - Address FFFFF880059862B0 at FFFFF8800584D000, DateStamp 51427b3C

 

===


Edited by RisingManes, 24 July 2013 - 03:46 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:00 PM

Posted 24 July 2013 - 03:35 PM

Okay, could you give me the BSOD code (it will look like 0x000000XX plus some information)?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 RisingManes

RisingManes
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Puerto Rico
  • Local time:06:00 AM

Posted 24 July 2013 - 03:45 PM

I appended it to my above post to prevent doubleposting. Didn't think my edit would be ninja'd.



#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,247 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:00 PM

Posted 24 July 2013 - 04:12 PM

Can you test this also in safe mode with networking, does the BSOD occur there too?

 

This is unlikely to be malware related, where did you redownload the driver, via microsoft update, driver CD, at the manufacturer's website? 


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users