Computer shuts its self down in safe mode

I think i have a problem on my computer. It keeps using up 100% of the CPU most of the time. This wouldnt be much of a problem but when i play any game i can only get 4-10 fps. I try scanning in normal mode and norton anti virus gamers edition does not find anything. I tried puting the computer back to factory settings by using a recover cd but every time i do my problem comes back instantly. I first tried scanning with norton in safe mode but right after the scan starts the computer shuts down by itself. When i tried scanning with malware bytes in safe mode the computer also shuts down by itself. I am convinced there is something in my computer that is eating up my cpu usage. I know its not any of the programs i download on my computer because the problem came back RIGHT after i reset my computer. I dont know whats wrong but i become so frustrated i want to throw my computer out a window.

I think i have a problem on my computer. It keeps using up 100% of the CPU most of the time. This wouldnt be much of a problem but when i play any game i can only get 4-10 fps. I try scanning in normal mode and norton anti virus gamers edition does not find anything. I tried puting the computer back to factory settings by using a recover cd but every time i do my problem comes back instantly. I first tried scanning with norton in safe mode but right after the scan starts the computer shuts down by itself. When i tried scanning with malware bytes in safe mode the computer also shuts down by itself. I am convinced there is something in my computer that is eating up my cpu usage. I know its not any of the programs i download on my computer because the problem came back RIGHT after i reset my computer. I dont know whats wrong but i become so frustrated i want to throw my computer out a window.

When you perform a System Restore or resetting the computer to factory settings, the Norton product may not be updated. Did you try updating the virus definitions and then perform a scan in safe mode. I think it would be better to uninstall the Norton product, reinstall it and then perform a full system scan.

 

Vineeth--

Restoring to Factory Setting (if this is the same as everyone else’s) means that Norton is no longer on the system.  I would like to have a running system first before anything else.

If there is a rootkit active, Norton actually helps keep it in some kind of check.  Best not to remove it until we know what the problem is.

The hardware checks were fine. This is the HiJackThis file info

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:32:51 PM, on 7/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVGLS\avgtray.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Sanders\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVGLS\avgtray.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1932731494-1738621393-1275148142-1000\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Sanders')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} (Symantec Configuration Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: AVG LinkScanner® WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8399 bytes

 

 

The GMER program failed to complete the scan. I start the scan then the program crashes. It crashes on the same file however. When i reset my computer norton is preinstalled with the computer. I also have vista. The norton that comes with the computer is norton internet security 2007/2008

Only one entry has to be fixed via Hijackthis:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

 

Do you use any AVG programs in your computer?

I see the entry C:\Program Files\AVG\AVGLS\avgtray.exe in the Hijackthis log. If you use AVG AntiVirus/Internet Security of if you had it earlier, get the AVG Remover Tool and run it. This issue may happen due to conflicts between the AVG and Norton program, so you may need to completely remove AVG program from your computer.

I would also advise for the time being to remove the McAfee scanner.  Too many scanning engines running at the same time can cause som system instability.

I think the AVG version of Linkscanner is also going to conflict now whereas the older XPlabs did not.

Norton, McAfee and AVG would be a good conflict

 

Quads 

When i uninstall both mcafee site advisor and agv linkscanner the problem is still there

can anybody help me?

Golf1052:

 

It seems time to bring out bigger guns:

 

Please see if you can get us a log from this. 

 

http://homepages.slingshot.co.nz/~crutches/SysProt

 

You will need to go into your Norton computer settings and turn off auto protect for this to run.  Let's see if we can find out what is happening.

After the scan the program froze up and i couldnt quit by the x button so i had to use task manager to quit. Here is the log...or however much i got. because i got a log file before but this might be the old one before the scan. Its in five parts

 

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

Process:
Name: [System Idle Process]
PID: 0
Hidden: No
Window Visible: No

Name: System
PID: 4
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\smss.exe
PID: 464
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe
PID: 532
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wininit.exe
PID: 584
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\csrss.exe
PID: 592
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\services.exe
PID: 628
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\lsass.exe
PID: 644
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\lsm.exe
PID: 652
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 784
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\nvvsvc.exe
PID: 832
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 860
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 960
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 988
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1000
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\winlogon.exe
PID: 1080
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\audiodg.exe
PID: 1124
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1144
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SLsvc.exe
PID: 1160
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1204
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1336
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wlanext.exe
PID: 1456
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\spoolsv.exe
PID: 1540
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1604
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PID: 1936
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PID: 2028
Hidden: No
Window Visible: No

Name: C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PID: 2044
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PID: 344
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\PnkBstrA.exe
PID: 844
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\PnkBstrB.exe
PID: 976
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1020
Hidden: No
Window Visible: No

Name: C:\WINDOWS\SMINST\BLService.exe
PID: 1220
Hidden: No
Window Visible: No

Name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PID: 1344
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PID: 1680
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 332
Hidden: No
Window Visible: No

Name: C:\Program Files\Viewpoint\Common\ViewpointService.exe
PID: 688
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\svchost.exe
PID: 1332
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SearchIndexer.exe
PID: 2096
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\drivers\XAudio.exe
PID: 2132
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe
PID: 2456
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\rundll32.exe
PID: 2956
Hidden: No
Window Visible: No

Name: C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
PID: 3992
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\taskeng.exe
PID: 4032
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\dwm.exe
PID: 2868
Hidden: No
Window Visible: No

Name: C:\WINDOWS\explorer.exe
PID: 3124
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\rundll32.exe
PID: 2880
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PID: 1132
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\QuickPlay\QPService.exe
PID: 1580
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
PID: 1920
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
PID: 3384
Hidden: No
Window Visible: No

Name: C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PID: 2608
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PID: 2948
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
PID: 2300
Hidden: No
Window Visible: No

Name: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 3680
Hidden: No
Window Visible: No

Name: C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
PID: 624
Hidden: No
Window Visible: No

Name: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
PID: 3608
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
PID: 3452
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wbem\WmiPrvSE.exe
PID: 2720
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PID: 3628
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
PID: 3652
Hidden: No
Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PID: 1096
Hidden: No
Window Visible: No

Name: C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
PID: 3516
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\wsqmcons.exe
PID: 2304
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SearchProtocolHost.exe
PID: 508
Hidden: No
Window Visible: No

Name: C:\WINDOWS\System32\SearchFilterHost.exe
PID: 3740
Hidden: No
Window Visible: No

Name: C:\Users\Sanders\Downloads\SysProt.exe
PID: 3404
Hidden: No
Window Visible: Yes

Message Edited by golf1052 on 07-21-2009 12:15 PM



Kernel Modules:
Module Name: ??\C:\Users\Sanders\Downloads\SysProtDrv.sys
Service Name: SysProtDrv.sys
Module Base: A0F9F000
Module End: A0FAA000
Hidden: No

Module Name: C:\Windows\system32\ntkrnlpa.exe
Service Name: —
Module Base: 82036000
Module End: 823EF000
Hidden: No

Module Name: C:\Windows\system32\hal.dll
Service Name: —
Module Base: 82003000
Module End: 82036000
Hidden: No

Module Name: C:\Windows\system32\kdcom.dll
Service Name: —
Module Base: 80409000
Module End: 80411000
Hidden: No

Module Name: C:\Windows\system32\PSHED.dll
Service Name: —
Module Base: 80411000
Module End: 80422000
Hidden: No

Module Name: C:\Windows\system32\BOOTVID.dll
Service Name: —
Module Base: 80422000
Module End: 8042A000
Hidden: No

Module Name: C:\Windows\system32\CLFS.SYS
Service Name: CLFS
Module Base: 8042A000
Module End: 8046B000
Hidden: No

Module Name: C:\Windows\system32\CI.dll
Service Name: —
Module Base: 8046B000
Module End: 8054B000
Hidden: No

Module Name: C:\Windows\system32\drivers\Wdf01000.sys
Service Name: Wdf01000
Module Base: 8054B000
Module End: 805C7000
Hidden: No

Module Name: C:\Windows\system32\drivers\WDFLDR.SYS
Service Name: —
Module Base: 805C7000
Module End: 805D4000
Hidden: No

Module Name: C:\Windows\system32\drivers\acpi.sys
Service Name: ACPI
Module Base: 80608000
Module End: 8064E000
Hidden: No

Module Name: C:\Windows\system32\drivers\WMILIB.SYS
Service Name: —
Module Base: 8064E000
Module End: 80657000
Hidden: No

Module Name: C:\Windows\system32\drivers\msisadrv.sys
Service Name: msisadrv
Module Base: 80657000
Module End: 8065F000
Hidden: No

Module Name: C:\Windows\system32\drivers\pci.sys
Service Name: pci
Module Base: 8065F000
Module End: 80686000
Hidden: No

Module Name: C:\Windows\system32\drivers\isapnp.sys
Service Name: isapnp
Module Base: 80686000
Module End: 80695000
Hidden: No

Module Name: C:\Windows\system32\drivers\mpio.sys
Service Name: mpio
Module Base: 80695000
Module End: 806B1000
Hidden: No

Module Name: C:\Windows\System32\drivers\partmgr.sys
Service Name: partmgr
Module Base: 806B1000
Module End: 806C0000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\compbatt.sys
Service Name: Compbatt
Module Base: 806C0000
Module End: 806C3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\BATTC.SYS
Service Name: BattC
Module Base: 806C3000
Module End: 806CD000
Hidden: No

Module Name: C:\Windows\system32\drivers\volmgr.sys
Service Name: volmgr
Module Base: 806CD000
Module End: 806DC000
Hidden: No

Module Name: C:\Windows\System32\drivers\volmgrx.sys
Service Name: volmgrx
Module Base: 806DC000
Module End: 80726000
Hidden: No

Module Name: C:\Windows\system32\drivers\intelide.sys
Service Name: intelide
Module Base: 80726000
Module End: 8072D000
Hidden: No

Module Name: C:\Windows\system32\drivers\PCIIDEX.SYS
Service Name: —
Module Base: 8072D000
Module End: 8073B000
Hidden: No

Module Name: C:\Windows\system32\drivers\pciide.sys
Service Name: pciide
Module Base: 8073B000
Module End: 80742000
Hidden: No

Module Name: C:\Windows\system32\drivers\aliide.sys
Service Name: aliide
Module Base: 80742000
Module End: 80749000
Hidden: No

Module Name: C:\Windows\system32\drivers\amdide.sys
Service Name: amdide
Module Base: 80749000
Module End: 80750000
Hidden: No

Module Name: C:\Windows\system32\drivers\cmdide.sys
Service Name: cmdide
Module Base: 80750000
Module End: 80758000
Hidden: No

Module Name: C:\Windows\System32\drivers\mountmgr.sys
Service Name: MountMgr
Module Base: 80758000
Module End: 80768000
Hidden: No

Module Name: C:\Windows\system32\drivers\msdsm.sys
Service Name: msdsm
Module Base: 80768000
Module End: 80782000
Hidden: No

Module Name: C:\Windows\system32\drivers\nvraid.sys
Service Name: nvraid
Module Base: 80782000
Module End: 8079D000
Hidden: No

Module Name: C:\Windows\system32\drivers\CLASSPNP.SYS
Service Name: —
Module Base: 8079D000
Module End: 807BE000
Hidden: No

Module Name: C:\Windows\system32\drivers\viaide.sys
Service Name: viaide
Module Base: 807BE000
Module End: 807C6000
Hidden: No

Module Name: C:\Windows\system32\drivers\iastorv.sys
Service Name: iaStorV
Module Base: 82601000
Module End: 826A2000
Hidden: No

Module Name: C:\Windows\system32\drivers\atapi.sys
Service Name: atapi
Module Base: 826A2000
Module End: 826AA000
Hidden: No

Module Name: C:\Windows\system32\drivers\ataport.SYS
Service Name: —
Module Base: 826AA000
Module End: 826C8000
Hidden: No

Module Name: C:\Windows\system32\drivers\lsi_scsi.sys
Service Name: LSI_SCSI
Module Base: 826C8000
Module End: 826E2000
Hidden: No

Module Name: C:\Windows\system32\drivers\storport.sys
Service Name: —
Module Base: 826E2000
Module End: 82723000
Hidden: No

Module Name: C:\Windows\system32\drivers\nvstor.sys
Service Name: nvstor
Module Base: 82723000
Module End: 82730000
Hidden: No

Module Name: C:\Windows\system32\drivers\hpcisss.sys
Service Name: HpCISSs
Module Base: 82730000
Module End: 8273B000
Hidden: No

Module Name: C:\Windows\system32\drivers\adp94xx.sys
Service Name: adp94xx
Module Base: 8273B000
Module End: 827A5000
Hidden: No

Module Name: C:\Windows\system32\drivers\adpahci.sys
Service Name: adpahci
Module Base: 827A5000
Module End: 827F1000
Hidden: No

Module Name: C:\Windows\system32\drivers\adpu160m.sys
Service Name: adpu160m
Module Base: 807C6000
Module End: 807E1000
Hidden: No

Module Name: C:\Windows\system32\drivers\SCSIPORT.SYS
Service Name: —
Module Base: 805D4000
Module End: 805FA000
Hidden: No

Module Name: C:\Windows\system32\drivers\adpu320.sys
Service Name: adpu320
Module Base: 8A008000
Module End: 8A02E000
Hidden: No

Module Name: C:\Windows\system32\drivers\djsvs.sys
Service Name: aic78xx
Module Base: 8A02E000
Module End: 8A042000
Hidden: No

Module Name: C:\Windows\system32\drivers\arc.sys
Service Name: arc
Module Base: 8A042000
Module End: 8A058000
Hidden: No

Module Name: C:\Windows\system32\drivers\arcsas.sys
Service Name: arcsas
Module Base: 8A058000
Module End: 8A06E000
Hidden: No

Module Name: C:\Windows\system32\drivers\elxstor.sys
Service Name: elxstor
Module Base: 8A06E000
Module End: 8A102000
Hidden: No

Module Name: C:\Windows\system32\drivers\i2omp.sys
Service Name: i2omp
Module Base: 8A102000
Module End: 8A10C000
Hidden: No

Module Name: C:\Windows\system32\drivers\iirsp.sys
Service Name: iirsp
Module Base: 8A10C000
Module End: 8A11C000
Hidden: No

Module Name: C:\Windows\system32\drivers\iteatapi.sys
Service Name: iteatapi
Module Base: 8A11C000
Module End: 8A128000
Hidden: No

Module Name: C:\Windows\system32\drivers\iteraid.sys
Service Name: iteraid
Module Base: 8A128000
Module End: 8A134000
Hidden: No

Module Name: C:\Windows\system32\drivers\lsi_fc.sys
Service Name: LSI_FC
Module Base: 8A134000
Module End: 8A14E000
Hidden: No

Module Name: C:\Windows\system32\drivers\lsi_sas.sys
Service Name: LSI_SAS
Module Base: 8A14E000
Module End: 8A166000
Hidden: No

Module Name: C:\Windows\system32\drivers\megasas.sys
Service Name: megasas
Module Base: 8A166000
Module End: 8A170000
Hidden: No

Module Name: C:\Windows\system32\drivers\megasr.sys
Service Name: MegaSR
Module Base: 8A20A000
Module End: 8A2C1000
Hidden: No

Module Name: C:\Windows\system32\drivers\mraid35x.sys
Service Name: Mraid35x
Module Base: 8A2C1000
Module End: 8A2CC000
Hidden: No

Module Name: C:\Windows\system32\drivers\msahci.sys
Service Name: msahci
Module Base: 8A2CC000
Module End: 8A2D6000
Hidden: No

Module Name: C:\Windows\system32\drivers\nfrd960.sys
Service Name: nfrd960
Module Base: 8A2D6000
Module End: 8A2E4000
Hidden: No

Module Name: C:\Windows\system32\drivers\ql2300.sys
Service Name: ql2300
Module Base: 8A40B000
Module End: 8A543000
Hidden: No

Module Name: C:\Windows\system32\drivers\ql40xx.sys
Service Name: ql40xx
Module Base: 8A543000
Module End: 8A598000
Hidden: No

Module Name: C:\Windows\system32\drivers\sisraid2.sys
Service Name: SiSRaid2
Module Base: 8A598000
Module End: 8A5A5000
Hidden: No

Module Name: C:\Windows\system32\drivers\sisraid4.sys
Service Name: SiSRaid4
Module Base: 8A5A5000
Module End: 8A5BA000
Hidden: No

Module Name: C:\Windows\system32\drivers\symc8xx.sys
Service Name: Symc8xx
Module Base: 8A5BA000
Module End: 8A5C6000
Hidden: No

Module Name: C:\Windows\system32\drivers\sym_hi.sys
Service Name: Sym_hi
Module Base: 8A5C6000
Module End: 8A5D1000
Hidden: No

Module Name: C:\Windows\system32\drivers\sym_u3.sys
Service Name: Sym_u3
Module Base: 8A5D1000
Module End: 8A5DC000
Hidden: No

Module Name: C:\Windows\system32\drivers\uliahci.sys
Service Name: uliahci
Module Base: 8A2E4000
Module End: 8A320000
Hidden: No

Module Name: C:\Windows\system32\drivers\ulsata.sys
Service Name: UlSata
Module Base: 8A5DC000
Module End: 8A5FD000
Hidden: No

Module Name: C:\Windows\system32\drivers\ulsata2.sys
Service Name: ulsata2
Module Base: 8A320000
Module End: 8A34C000
Hidden: No

Module Name: C:\Windows\system32\drivers\vsmraid.sys
Service Name: vsmraid
Module Base: 8A34C000
Module End: 8A36D000
Hidden: No

Module Name: C:\Windows\system32\drivers\fltmgr.sys
Service Name: FltMgr
Module Base: 8A36D000
Module End: 8A39F000
Hidden: No

Module Name: C:\Windows\system32\drivers\fileinfo.sys
Service Name: FileInfo
Module Base: 8A39F000
Module End: 8A3AF000
Hidden: No

Module Name: C:\Windows\system32\drivers\NIS\1005000.087\SYMEFA.SYS
Service Name: SymEFA
Module Base: 8A3AF000
Module End: 8A3FE000
Hidden: No

Module Name: C:\Windows\System32\Drivers\ksecdd.sys
Service Name: KSecDD
Module Base: 8A170000
Module End: 8A1E1000
Hidden: No

Module Name: C:\Windows\system32\drivers\ndis.sys
Service Name: NDIS
Module Base: 8A600000
Module End: 8A70B000
Hidden: No

Module Name: C:\Windows\system32\drivers\msrpc.sys
Service Name: MsRPC
Module Base: 8A70B000
Module End: 8A736000
Hidden: No

Module Name: C:\Windows\system32\drivers\NETIO.SYS
Service Name: —
Module Base: 8A736000
Module End: 8A770000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpip.sys
Service Name: Tcpip
Module Base: 8A807000
Module End: 8A8EE000
Hidden: No

Module Name: C:\Windows\System32\drivers\fwpkclnt.sys
Service Name: —
Module Base: 8A8EE000
Module End: 8A909000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Ntfs.sys
Service Name: Ntfs
Module Base: 8AA0B000
Module End: 8AB1A000
Hidden: No

Module Name: C:\Windows\system32\drivers\wd.sys
Service Name: Wd
Module Base: 8AB1A000
Module End: 8AB22000
Hidden: No

Module Name: C:\Windows\system32\drivers\volsnap.sys
Service Name: volsnap
Module Base: 8AB22000
Module End: 8AB5B000
Hidden: No

Module Name: C:\Windows\System32\Drivers\spldr.sys
Service Name: spldr
Module Base: 8AB5B000
Module End: 8AB63000
Hidden: No

Module Name: C:\Windows\system32\drivers\sbp2port.sys
Service Name: sbp2port
Module Base: 8AB63000
Module End: 8AB78000
Hidden: No

Module Name: C:\Windows\System32\Drivers\mup.sys
Service Name: Mup
Module Base: 8AB78000
Module End: 8AB87000
Hidden: No

Module Name: C:\Windows\System32\drivers\ecache.sys
Service Name: Ecache
Module Base: 8AB87000
Module End: 8ABAE000
Hidden: No

Module Name: C:\Windows\system32\drivers\disk.sys
Service Name: disk
Module Base: 8ABAE000
Module End: 8ABBF000
Hidden: No

Module Name: C:\Windows\system32\drivers\crcdisk.sys
Service Name: crcdisk
Module Base: 8ABBF000
Module End: 8ABC8000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunnel.sys
Service Name: tunnel
Module Base: 8ABE8000
Module End: 8ABF3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tunmp.sys
Service Name: tunmp
Module Base: 8ABF3000
Module End: 8ABFC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\processr.sys
Service Name: Processor
Module Base: 8A909000
Module End: 8A918000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HpqRemHid.sys
Service Name: HpqRemHid
Module Base: 8ABFC000
Module End: 8ABFE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Service Name: —
Module Base: 8A918000
Module End: 8A928000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Service Name: —
Module Base: 8AA00000
Module End: 8AA07000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wmiacpi.sys
Service Name: WmiAcpi
Module Base: 8A928000
Module End: 8A931000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\i8042prt.sys
Service Name: i8042prt
Module Base: 8A931000
Module End: 8A944000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
Service Name: HpqKbFiltr
Module Base: 8A944000
Module End: 8A949000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdclass.sys
Service Name: kbdclass
Module Base: 8A949000
Module End: 8A954000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SynTP.sys
Service Name: SynTP
Module Base: 8A954000
Module End: 8A984000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBD.SYS
Service Name: —
Module Base: 8AA07000
Module End: 8AA09000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouclass.sys
Service Name: mouclass
Module Base: 8A984000
Module End: 8A98F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\CmBatt.sys
Service Name: CmBatt
Module Base: 8A98F000
Module End: 8A993000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvsmu.sys
Service Name: nvsmu
Module Base: 8A993000
Module End: 8A99B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbohci.sys
Service Name: usbohci
Module Base: 8A99B000
Module End: 8A9A5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\USBPORT.SYS
Service Name: —
Module Base: 8A9A5000
Module End: 8A9E3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbehci.sys
Service Name: usbehci
Module Base: 8A9E3000
Module End: 8A9F2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HDAudBus.sys
Service Name: HDAudBus
Module Base: 8A770000
Module End: 8A782000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdrom.sys
Service Name: cdrom
Module Base: 8A782000
Module End: 8A79A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvmfdx32.sys
Service Name: NVENETFD
Module Base: 8E40A000
Module End: 8E507000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Service Name: nvlddmkm
Module Base: 8E606000
Module End: 8ED21000
Hidden: No

Module Name: C:\Windows\System32\drivers\dxgkrnl.sys
Service Name: DXGKrnl
Module Base: 8ED21000
Module End: 8EDC0000
Hidden: No

Module Name: C:\Windows\System32\drivers\watchdog.sys
Service Name: —
Module Base: 8EDC0000
Module End: 8EDCD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\athr.sys
Service Name: athr
Module Base: 8E507000
Module End: 8E5EB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\msiscsi.sys
Service Name: iScsiPrt
Module Base: 8EDCD000
Module End: 8EDFB000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\TDI.SYS
Service Name: —
Module Base: 8E5EB000
Module End: 8E5F6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rasl2tp.sys
Service Name: Rasl2tp
Module Base: 8A79A000
Module End: 8A7B1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndistapi.sys
Service Name: NdisTapi
Module Base: 8A9F2000
Module End: 8A9FD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndiswan.sys
Service Name: NdisWan
Module Base: 8A7B1000
Module End: 8A7D4000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspppoe.sys
Service Name: RasPppoe
Module Base: 8A7D4000
Module End: 8A7E3000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\raspptp.sys
Service Name: PptpMiniport
Module Base: 8A7E3000
Module End: 8A7F7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rassstp.sys
Service Name: RasSstp
Module Base: 8A1E1000
Module End: 8A1F6000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\termdd.sys
Service Name: TermDD
Module Base: 807E1000
Module End: 807F1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\swenum.sys
Service Name: swenum
Module Base: 8EDFB000
Module End: 8EDFD000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ks.sys
Service Name: —
Module Base: 8F005000
Module End: 8F02F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mssmbios.sys
Service Name: mssmbios
Module Base: 8F02F000
Module End: 8F039000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\umbus.sys
Service Name: umbus
Module Base: 8F039000
Module End: 8F046000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\kbdhid.sys
Service Name: kbdhid
Module Base: 8F046000
Module End: 8F04F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\usbhub.sys
Service Name: usbhub
Module Base: 8F04F000
Module End: 8F083000
Hidden: No

Module Name: C:\Windows\System32\Drivers\NDProxy.SYS
Service Name: NDProxy
Module Base: 8F083000
Module End: 8F094000
Hidden: No

Module Name: C:\Windows\system32\drivers\CHDRT32.sys
Service Name: CnxtHdAudService
Module Base: 8F094000
Module End: 8F0CA000
Hidden: No

Module Name: C:\Windows\system32\drivers\portcls.sys
Service Name: —
Module Base: 8F0CA000
Module End: 8F0F7000
Hidden: No

Module Name: C:\Windows\system32\drivers\drmk.sys
Service Name: —
Module Base: 8F0F7000
Module End: 8F11C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSXHWAZL.sys
Service Name: HSXHWAZL
Module Base: 8F11C000
Module End: 8F15A000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_DPV.sys
Service Name: HSF_DPV
Module Base: 8F205000
Module End: 8F308000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\HSX_CNXT.sys
Service Name: winachsf
Module Base: 8F308000
Module End: 8F3BD000
Hidden: No

Module Name: C:\Windows\system32\drivers\modem.sys
Service Name: Modem
Module Base: 8F3BD000
Module End: 8F3CA000
Hidden: No

Module Name: C:\Windows\system32\drivers\nvhda32v.sys
Service Name: NVHDA
Module Base: 8F3CA000
Module End: 8F3D8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Fs_Rec.SYS
Service Name: Fs_Rec
Module Base: 8F3D8000
Module End: 8F3E1000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Null.SYS
Service Name: Null
Module Base: 8F3E1000
Module End: 8F3E8000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Beep.SYS
Service Name: Beep
Module Base: 8F3E8000
Module End: 8F3EF000
Hidden: No

Module Name: C:\Windows\System32\drivers\vga.sys
Service Name: vga
Module Base: 8F3EF000
Module End: 8F3FB000
Hidden: No

Module Name: C:\Windows\System32\drivers\VIDEOPRT.SYS
Service Name: —
Module Base: 8F15A000
Module End: 8F17B000
Hidden: No

Module Name: C:\Windows\system32\drivers\RTSTOR.SYS
Service Name: RTSTOR
Module Base: 8F17B000
Module End: 8F18F000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\RDPCDD.sys
Service Name: RDPCDD
Module Base: 8F18F000
Module End: 8F197000
Hidden: No

Module Name: C:\Windows\system32\drivers\rdpencdd.sys
Service Name: RDPENCDD
Module Base: 8F197000
Module End: 8F19F000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Msfs.SYS
Service Name: Msfs
Module Base: 8F19F000
Module End: 8F1AA000
Hidden: No

Module Name: C:\Windows\System32\Drivers\Npfs.SYS
Service Name: Npfs
Module Base: 8F1AA000
Module End: 8F1B8000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\rasacd.sys
Service Name: RasAcd
Module Base: 8F1B8000
Module End: 8F1C1000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\tdx.sys
Service Name: tdx
Module Base: 8F1C1000
Module End: 8F1D7000
Hidden: No

Module Name: ??\C:\Windows\system32\drivers\NIS\1005000.087\SYMTDI.SYS
Service Name: SYMTDI
Module Base: 8F406000
Module End: 8F43A000
Hidden: No

Module Name: ??\C:\Windows\system32\Drivers\SYMEVENT.SYS
Service Name: SymEvent
Module Base: 8F43A000
Module End: 8F45F000
Hidden: No

Module Name: ??\C:\Windows\system32\drivers\NIS\1005000.087\SYMNDISV.SYS
Service Name: SYMNDISV
Module Base: 8F45F000
Module End: 8F46B000
Hidden: No

Module Name: ??\C:\Windows\system32\drivers\NIS\1005000.087\SYMFW.SYS
Service Name: SYMFW
Module Base: 8F46B000
Module End: 8F480000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\smb.sys
Service Name: Smb
Module Base: 8F480000
Module End: 8F494000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\netbt.sys
Service Name: netbt
Module Base: 8F494000
Module End: 8F4C6000
Hidden: No

Module Name: C:\Windows\system32\drivers\afd.sys
Service Name: AFD
Module Base: 8F4C6000
Module End: 8F50E000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\pacer.sys
Service Name: PSched
Module Base: 8F50E000
Module End: 8F524000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\SymIMv.sys
Service Name: SymIM
Module Base: 8F524000
Module End: 8F52D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\netbios.sys
Service Name: NetBIOS
Module Base: 8F52D000
Module End: 8F53B000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\wanarp.sys
Service Name: Wanarp
Module Base: 8F53B000
Module End: 8F54E000
Hidden: No

Module Name: ??\C:\Windows\system32\drivers\NIS\1005000.087\SRTSPX.SYS
Service Name: SRTSPX
Module Base: 8F54E000
Module End: 8F558000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rdbss.sys
Service Name: rdbss
Module Base: 8F558000
Module End: 8F594000
Hidden: No

Module Name: C:\Windows\system32\drivers\nsiproxy.sys
Service Name: nsiproxy
Module Base: 8F594000
Module End: 8F59E000
Hidden: No

Module Name: ??\C:\ProgramData\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090715.003\IDSvix86.sys
Service Name: IDSVix86
Module Base: 8F59E000
Module End: 8F5EA000
Hidden: No

Module Name: C:\Windows\System32\Drivers\dfsc.sys
Service Name: DfsC
Module Base: 8F1D7000
Module End: 8F1EE000
Hidden: No

Module Name: ??\C:\Windows\system32\drivers\NIS\1005000.087\ccHPx86.sys
Service Name: ccHP
Module Base: 8FC01000
Module End: 8FC7C000
Hidden: No

Module Name: ??\C:\Windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys
Service Name: BHDrvx86
Module Base: 8FC7C000
Module End: 8FCBE000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\hidusb.sys
Service Name: HidUsb
Module Base: 8FCBE000
Module End: 8FCC7000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mouhid.sys
Service Name: mouhid
Module Base: 8FCC7000
Module End: 8FCCF000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xusb21.sys
Service Name: xusb21
Module Base: 8FCCF000
Module End: 8FCDC000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\cdfs.sys
Service Name: cdfs
Module Base: 8FCDC000
Module End: 8FCF2000
Hidden: No

Module Name: C:\Windows\System32\Drivers\crashdmp.sys
Service Name: —
Module Base: 8FCF2000
Module End: 8FCFF000
Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: —
Module Base: 8FCFF000
Module End: 8FD0A000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: —
Module Base: 8FD0A000
Module End: 8FD12000
Hidden: Yes

Module Name: C:\Windows\System32\drivers\Dxapi.sys
Service Name: —
Module Base: 8FD12000
Module End: 8FD1C000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\monitor.sys
Service Name: monitor
Module Base: 8FD1C000
Module End: 8FD2B000
Hidden: No

Module Name: C:\Windows\system32\drivers\luafv.sys
Service Name: luafv
Module Base: 8FD2B000
Module End: 8FD46000
Hidden: No

Module Name: C:\Windows\system32\drivers\spsys.sys
Service Name: —
Module Base: 8FD46000
Module End: 8FDF5000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\lltdio.sys
Service Name: lltdio
Module Base: 8F5EA000
Module End: 8F5FA000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\nwifi.sys
Service Name: NativeWifiP
Module Base: 9C403000
Module End: 9C42D000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\ndisuio.sys
Service Name: Ndisuio
Module Base: 9C42D000
Module End: 9C437000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\rspndr.sys
Service Name: rspndr
Module Base: 9C437000
Module End: 9C44A000
Hidden: No

Module Name: C:\Windows\system32\drivers\HTTP.sys
Service Name: HTTP
Module Base: 9C44A000
Module End: 9C4B5000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srvnet.sys
Service Name: srvnet
Module Base: 9C4B5000
Module End: 9C4D2000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\bowser.sys
Service Name: bowser
Module Base: 9C4D2000
Module End: 9C4EB000
Hidden: No

Module Name: C:\Windows\System32\drivers\mpsdrv.sys
Service Name: mpsdrv
Module Base: 9C4EB000
Module End: 9C500000
Hidden: No

Module Name: C:\Windows\system32\drivers\mrxdav.sys
Service Name: MRxDAV
Module Base: 9C500000
Module End: 9C520000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Name: mrxsmb
Module Base: 9C520000
Module End: 9C53F000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Service Name: mrxsmb10
Module Base: 9C53F000
Module End: 9C578000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Name: mrxsmb20
Module Base: 9C578000
Module End: 9C590000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv2.sys
Service Name: srv2
Module Base: 9C590000
Module End: 9C5B7000
Hidden: No

Module Name: C:\Windows\System32\DRIVERS\srv.sys
Service Name: srv
Module Base: 9D409000
Module End: 9D455000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\mdmxsdk.sys
Service Name: mdmxsdk
Module Base: 9D46D000
Module End: 9D471000
Hidden: No

Module Name: C:\Windows\system32\drivers\peauth.sys
Service Name: PEAUTH
Module Base: 9D471000
Module End: 9D54F000
Hidden: No

Module Name: C:\Windows\System32\Drivers\secdrv.SYS
Service Name: secdrv
Module Base: 9D54F000
Module End: 9D559000
Hidden: No

Module Name: C:\Windows\System32\drivers\tcpipreg.sys
Service Name: tcpipreg
Module Base: 9D559000
Module End: 9D565000
Hidden: No

Module Name: C:\Windows\system32\DRIVERS\xaudio.sys
Service Name: XAudio
Module Base: 9D565000
Module End: 9D56D000
Hidden: No

Module Name: ??\C:\Windows\system32\drivers\NIS\1005000.087\SRTSP.SYS
Service Name: SRTSP
Module Base: 9D56D000
Module End: 9D5BF000
Hidden: No

Module Name: ??\C:\ProgramData\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090721.006\NAVEX15.SYS
Service Name: NAVEX15
Module Base: A0E0E000
Module End: A0EE3000
Hidden: No

Module Name: ??\C:\ProgramData\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090721.006\NAVENG.SYS
Service Name: NAVENG
Module Base: A0EE3000
Module End: A0EF8000
Hidden: No

Module Name: ??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Service Name: eeCtrl
Module Base: A0EF8000
Module End: A0F56000
Hidden: No

Module Name: ??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys
Service Name: EraserUtilDrv10910
Module Base: A0F56000
Module End: A0F73000
Hidden: No



SSDT:
Function Name: ZwAlertResumeThread
Address: 87D1C158
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwAlertThread
Address: 87D1C6D0
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwAllocateVirtualMemory
Address: 889265E8
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwAlpcConnectPort
Address: 87B2D400
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwAssignProcessToJobObject
Address: 88901048
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwCreateMutant
Address: 888F3C90
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwCreateSymbolicLinkObject
Address: 888F9008
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwCreateThread
Address: 88892390
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwDebugActiveProcess
Address: 88890490
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwDuplicateObject
Address: 889268C0
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwFreeVirtualMemory
Address: 889287F0
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwImpersonateAnonymousToken
Address: 87D34B10
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwImpersonateThread
Address: 886BD048
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwLoadDriver
Address: 87B43400
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwMapViewOfSection
Address: 88928690
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwOpenEvent
Address: 886BC268
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwOpenProcess
Address: 88928008
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwOpenProcessToken
Address: 87BCADA8
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwOpenSection
Address: 887C7048
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwOpenThread
Address: 88926A50
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwProtectVirtualMemory
Address: 888F65B8
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwResumeThread
Address: 87DC4DB0
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwSetContextThread
Address: 88252920
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwSetInformationProcess
Address: 88928338
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwSetSystemInformation
Address: 887B2048
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwSuspendProcess
Address: 88838428
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwSuspendThread
Address: 87D2D048
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwTerminateProcess
Address: 87C64A30
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwTerminateThread
Address: 87D60018
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwUnmapViewOfSection
Address: 88457618
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwWriteVirtualMemory
Address: 88928E40
Driver Base: 0
Driver End: 0
Driver Name: unknown

Function Name: ZwCreateThreadEx
Address: 888F70E8
Driver Base: 0
Driver End: 0
Driver Name: unknown



No Kernel Hooks found



No IRP Hooks found



Ports:
Local Address: SANDERS-PC.PHUB.NET.CABLE.ROGERS.COM:49168
Remote Address: A72-247-244-91.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP
Type: TCP
Process: C:\Program Files\Java\jre6\bin\jusched.exe
State: CLOSE_WAIT

Local Address: SANDERS-PC.PHUB.NET.CABLE.ROGERS.COM:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: SANDERS-PC:49160
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
State: LISTENING

Local Address: SANDERS-PC:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\services.exe
State: LISTENING

Local Address: SANDERS-PC:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: SANDERS-PC:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\lsass.exe
State: LISTENING

Local Address: SANDERS-PC:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: SANDERS-PC:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: SANDERS-PC:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\wininit.exe
State: LISTENING

Local Address: SANDERS-PC:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: SANDERS-PC:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: SANDERS-PC:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\WINDOWS\System32\svchost.exe
State: LISTENING

Local Address: SANDERS-PC.PHUB.NET.CABLE.ROGERS.COM:59315
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC.PHUB.NET.CABLE.ROGERS.COM:SSDP
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC.PHUB.NET.CABLE.ROGERS.COM:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: SANDERS-PC.PHUB.NET.CABLE.ROGERS.COM:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: SANDERS-PC:59316
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC:59130
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC:45301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\PnkBstrB.exe
State: NA

Local Address: SANDERS-PC:44301
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\PnkBstrA.exe
State: NA

Local Address: SANDERS-PC:SSDP
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC:49152
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC:LLMNR
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC:500
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA

Local Address: SANDERS-PC:123
Remote Address: NA
Type: UDP
Process: C:\WINDOWS\System32\svchost.exe
State: NA



Hidden files/folders:
Object: D:\System Volume Information\Desktop.ini
Status: Access denied

Object: D:\System Volume Information\EfaData
Status: Access denied

Object: D:\System Volume Information\Folder.htt
Status: Access denied

Object: D:\System Volume Information\protect.chinese hong kong
Status: Access denied

Object: D:\System Volume Information\protect.chinese simplified
Status: Access denied

Object: D:\System Volume Information\protect.chinese traditional
Status: Access denied

Object: D:\System Volume Information\protect.czech
Status: Access denied

Object: D:\System Volume Information\protect.danish
Status: Access denied

Object: D:\System Volume Information\protect.dutch
Status: Access denied

Object: D:\System Volume Information\Protect.ed
Status: Access denied

Object: D:\System Volume Information\protect.english
Status: Access denied

Object: D:\System Volume Information\protect.finnish
Status: Access denied

Object: D:\System Volume Information\protect.french
Status: Access denied

Object: D:\System Volume Information\protect.german
Status: Access denied

Object: D:\System Volume Information\protect.greek
Status: Access denied

Object: D:\System Volume Information\protect.hebrew
Status: Access denied

Object: D:\System Volume Information\protect.hungarian
Status: Access denied

Object: D:\System Volume Information\protect.italian
Status: Access denied

Object: D:\System Volume Information\protect.japanese
Status: Access denied

Object: D:\System Volume Information\protect.korean
Status: Access denied

Object: D:\System Volume Information\protect.norwegian
Status: Access denied

Object: D:\System Volume Information\protect.polish
Status: Access denied

Object: D:\System Volume Information\protect.portuguese
Status: Access denied

Object: D:\System Volume Information\protect.portuguese brazilian
Status: Access denied

Object: D:\System Volume Information\protect.russian
Status: Access denied

Object: D:\System Volume Information\protect.spanish
Status: Access denied

Object: D:\System Volume Information\protect.swedish
Status: Access denied

Object: D:\System Volume Information\protect.turkish
Status: Access denied

Object: D:\System Volume Information\tracking.log
Status: Access denied

Object: C:\ProgramData\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\2B10A1EB.TMP
Status: Access denied

Object: C:\ProgramData\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\B60DE341.TMP
Status: Access denied

Object: C:\System Volume Information\EfaData
Status: Access denied

Object: C:\System Volume Information\MountPointManagerRemoteDatabase
Status: Access denied

Object: C:\System Volume Information\SPP
Status: Access denied

Object: C:\System Volume Information\tracking.log
Status: Access denied

Object: C:\System Volume Information{24bc5cd8-740b-11de-9a48-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{24bc5d64-740b-11de-9a48-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{24bc5d6b-740b-11de-9a48-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{2bff2070-6b52-11de-afde-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{2bff2076-6b52-11de-afde-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{2bff207c-6b52-11de-afde-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{3699c5a9-6b12-11de-99aa-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{3699c5b2-6b12-11de-99aa-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{484a00fa-6bdc-11de-bbbc-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{529a794a-7232-11de-ab15-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{67b6ea67-6c25-11de-b5cc-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{67b6ea6d-6c25-11de-b5cc-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{72fa3d50-73c4-11de-92b0-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{72fa3dd2-73c4-11de-92b0-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{72fa3e13-73c4-11de-92b0-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{76bbedea-65d0-11de-bef1-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{76bbee0e-65d0-11de-bef1-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{784eefa2-7154-11de-a295-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{7f1e94ae-6679-11de-8ccf-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{7f1e94b5-6679-11de-8ccf-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{87149e5b-65b9-11de-8a35-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{961d9ca2-7453-11de-8eb8-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{c179dfbd-72cf-11de-a8d4-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{c179e0dc-72cf-11de-a8d4-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\System Volume Information{ce683946-6b47-11de-bb60-001d7263ff19}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Access denied

Object: C:\Users\All Users\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\2B10A1EB.TMP
Status: Access denied

Object: C:\Users\All Users\Norton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\B60DE341.TMP
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\WINDOWS\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied

Are you using Rodgers Cable service for your ISP?  Can you check if they are trying to change your security or do you not have the ISP provided suite?

Hi golf1052:

 

I'm not seeing anything in the SysProt, but Quads will check again for us.  For future reference, to make your life a bit easier, there is an "add attachments" link just below the post button.  The freezing on SysProt isn't an issue, it did it on my machine as well.  The log was fine.

 

We will perhaps need to look into other settings issues.