Regarding your second question, it’s totally possible that a driver might
hang around after being loaded by a program.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@comcast.net
Sent: Thursday, April 14, 2011 5:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Strange Driver loaded
All,
I hope I have posted this in the correct place. After seeing the commercial
for 100th time I went to www.mycleanpc.com and downloaded the app. I decided
to first throw it in my virtual machine and watch what it did. After
spending a considerable amount of time wading through the Sysinternals suite
I noticed this program installs a “device driver” (hence me posting here.)
When I broke into my VM with Windbg I noticed that it was siting the PE file
as the symbol file. Is this normal? I have seen .sys and .dll listed as
symbol files before but never an exe file. Also this “device driver” seems
to persist after I killed (or at least I thought I did) all instances of the
program. I know this isn’t exactly a driver question, but I was hoping that
someone here could help me out a little bit.
Thank you in advance,
-JC
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer