[Kasey21]

Volume in drive C has no label.
Volume Serial Number is 206B-7403

[Advertisements]

Nothing found.

Before we continue, I would like to ask why swapping over to a new user account would be too difficult. I do that, oh, once or twice a month, for various reasons. Create the account, reboot to it, enable the actual Admin account, boot to that, copy folders over from your User folder, then reboot to the new account. Do you read anything more into it than that? There are some Outlook files in an Apps Microsoft folder that would need moving, if you use that, but not much more.

[Jintan]

Nothing found.

Before we continue, I would like to ask why swapping over to a new user account would be too difficult. I do that, oh, once or twice a month, for various reasons. Create the account, reboot to it, enable the actual Admin account, boot to that, copy folders over from your User folder, then reboot to the new account. Do you read anything more into it than that? There are some Outlook files in an Apps Microsoft folder that would need moving, if you use that, but not much more.

[Kasey21]

I guess I could do that and try to make it like this account as much as possible. This is my computer, nor do I have my own User Account, although I do use this computer quite frequently.

[Jintan]

C:\Users\kelli\Desktop

Just name it kelli2, and once the right files are copied, the only difference at all should be that "2".

You can follow these procedures. But to make things easier, go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

net user administrator /active:yes

Then type exit and press Enter to close the command window. When you are ready to copy files, reboot to Safe Mode, and log in as that Administrator user account.

Once all the changes have been made, be sure to return to the command prompt, and again disable the Admin account:

net user administrator /active:no

That's the true backup for any problems there, and needs to return to sleep until another real need arises.

[Kasey21]

Looks like making a new user doesn't fix all permission problems. I couldn't change ESET from a hidden to a unhidden file with the new account.

e/ Is it possible that I still have a virus even with all of those scans? I mean, I thought all new users accounts would start off with default settings. But for even a new user to have messed up permissions seems odd. Also, I don't know if this is relevant but just yesterday I closed the laptop and when I opened it again it was doing a blue screen/reboot to avoid crashing. Which I thought was pretty random. And then when it was done rebooting a lot of internet pages are like halfway loaded up for like 30 seconds and then it looks like it refreshes itself and finally loads the whole page. hitting refresh or enter in the URL will only start the process over. This site isn't one of those pages. But on some sites It loads all the text up then 30 seconds later it looks like a refresh and loads the rest up. Other sites will literally only load half a page text and everything and then finally load the other half.

Edited by Kasey21, 07 June 2011 - 07:25 AM.

[Jintan]

Does sound like something remains active there. On some systems I have repaired, removal of the malware did bring about a lot of positive change, though not all.

Run a scan with Gmer again, and post that log please.

Then close and reopen Gmer. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

[Kasey21]

Sorry for the late reply and not informing you that I have been on vacation etc.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-15 21:15:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545016B9A300 rev.PBBOCA0G
Running: fd4kz83z.exe; Driver: C:\Users\kelli\AppData\Local\Temp\pgloqpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----



GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-15 22:23:58
Windows 6.0.6002 Service Pack 2
Running: fd4kz83z.exe; Driver: C:\Users\kelli\AppData\Local\Temp\pgloqpod.sys


---- Modules - GMER 1.0.15 ----

Module \SystemRoot\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) 807BF000-807C6000 (28672 bytes)
Module \SystemRoot\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) 807CD000-807D5000 (32768 bytes)
Module \SystemRoot\system32\drivers\nvraid.sys (NVIDIA® nForce™ RAID Driver/NVIDIA Corporation) 805B4000-805CF000 (110592 bytes)
Module \SystemRoot\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) 805F7000-805FF000 (32768 bytes)
Module \SystemRoot\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) 8B60D000-8B6AE000 (659456 bytes)
Module \SystemRoot\system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) 8B6D4000-8B6EE000 (106496 bytes)
Module \SystemRoot\system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) 8B739000-8B744000 (45056 bytes)
Module \SystemRoot\system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) 8B744000-8B7AE000 (434176 bytes)
Module \SystemRoot\system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) 8B7AE000-8B7FA000 (311296 bytes)
Module \SystemRoot\system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (x86)/Adaptec, Inc.) 8B80C000-8B827000 (110592 bytes)
Module \SystemRoot\system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) 8B84D000-8B873000 (155648 bytes)
Module \SystemRoot\system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) 8B873000-8B887000 (81920 bytes)
Module \SystemRoot\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) 8B887000-8B89D000 (90112 bytes)
Module \SystemRoot\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) 8B89D000-8B8B3000 (90112 bytes)
Module \SystemRoot\system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) 8B8B3000-8B947000 (606208 bytes)
Module \SystemRoot\system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) 8B951000-8B961000 (65536 bytes)
Module \SystemRoot\system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) 8B961000-8B96D000 (49152 bytes)
Module \SystemRoot\system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) 8B96D000-8B979000 (49152 bytes)
Module \SystemRoot\system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) 8B979000-8B993000 (106496 bytes)
Module \SystemRoot\system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) 8B993000-8B9AB000 (98304 bytes)
Module \SystemRoot\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Corporation) 8B9AB000-8B9B5000 (40960 bytes)
Module \SystemRoot\system32\drivers\megasr.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) 8BA0E000-8BAC5000 (749568 bytes)
Module \SystemRoot\system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) 8BAC5000-8BAD0000 (45056 bytes)
Module \SystemRoot\system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) 8BAD0000-8BADE000 (57344 bytes)
Module \SystemRoot\system32\drivers\nvstor.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) 8BADE000-8BAEB000 (53248 bytes)
Module \SystemRoot\system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) 8BC00000-8BD38000 (1277952 bytes)
Module \SystemRoot\system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) 8BD38000-8BD8D000 (348160 bytes)
Module \SystemRoot\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) 8BD9A000-8BDAF000 (86016 bytes)
Module \SystemRoot\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) 8BDAF000-8BDBB000 (49152 bytes)
Module \SystemRoot\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) 8BDBB000-8BDC6000 (45056 bytes)
Module \SystemRoot\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) 8BDC6000-8BDD1000 (45056 bytes)
Module \SystemRoot\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) 8BAEB000-8BB27000 (245760 bytes)
Module \SystemRoot\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) 8BDD1000-8BDF2000 (135168 bytes)
Module \SystemRoot\system32\drivers\ulsata2.sys (Promise SATAII150 Series Windows Drivers/Promise Technology, Inc.) 8BB27000-8BB53000 (180224 bytes)
Module \SystemRoot\system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) 8BB53000-8BB74000 (135168 bytes)
Module \SystemRoot\system32\Drivers\akerneldrv32.sys 8BDF2000-8BDFA000 (32768 bytes)
Module \SystemRoot\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) 8FA04000-90324000 (9568256 bytes)
Module \SystemRoot\system32\DRIVERS\Rtlh86.sys (Realtek 8101E/8168/8169 NDIS6 32-bit Driver /Realtek Corporation ) 8BBBD000-8BBE3000 (155648 bytes)
Module \SystemRoot\system32\DRIVERS\athr.sys (Atheros Extensible Wireless LAN device driver/Atheros Communications, Inc.) 90605000-907D6000 (1904640 bytes)
Module \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.) 907E9000-907EE000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) 8B9B5000-8B9E5000 (196608 bytes)
Module \SystemRoot\system32\DRIVERS\Epfwndis.sys (ESET Personal Firewall NDIS filter/ESET) 903F5000-90400000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 908FF000-90909000 (40960 bytes)
Module \SystemRoot\system32\drivers\CHDRT32.sys (High Definition Audio Function Driver/Conexant Systems Inc.) 9095C000-90997000 (241664 bytes)
Module \SystemRoot\system32\DRIVERS\HSXHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) 90A02000-90A40000 (253952 bytes)
Module \SystemRoot\system32\DRIVERS\HSX_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) 90A40000-90B43000 (1060864 bytes)
Module \SystemRoot\system32\DRIVERS\HSX_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) 90B43000-90BF8000 (741376 bytes)
Module \SystemRoot\system32\drivers\IntcHdmi.sys (Intel® High Definition Audio HDMI/Intel® Corporation) 90C07000-90C28000 (135168 bytes)
Module \SystemRoot\system32\drivers\RTSTOR.SYS (Realtek USB Mass Storage Driver for Vista/Realtek Semiconductor Corp.) 90C28000-90C3B000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) 90C52000-90C71000 (126976 bytes)
Module \SystemRoot\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) 90CB6000-90CBE000 (32768 bytes)
Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 818D0000-818D9000 (36864 bytes)
Module \SystemRoot\System32\ATMFD.DLL (Windows NT OpenType/Type 1 Font Driver/Adobe Systems Incorporated) 81900000-8194D000 (315392 bytes)
Module \SystemRoot\system32\DRIVERS\eamonm.sys (Amon monitor/ESET) AD823000-AD8C9000 (679936 bytes)
Module \SystemRoot\system32\DRIVERS\epfw.sys (ESET Personal Firewall driver/ESET) AD8C9000-AD8EB000 (139264 bytes)
Module \SystemRoot\system32\DRIVERS\epfwwfp.sys (ESET Personal Firewall driver/ESET) AEDE5000-AEDF3000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) AEDF3000-AEDF7000 (16384 bytes)
Module \SystemRoot\System32\Drivers\secdrv.SYS (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) AFEE1000-AFEEB000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\xaudio.sys (Modem Audio Device Driver/Conexant Systems, Inc.) AFEF7000-AFEFF000 (32768 bytes)
Module \SystemRoot\system32\Drivers\LVPr2Mon.sys AFEFF000-AFF04000 (20480 bytes)
Module \SystemRoot\system32\Drivers\pcrasys32.sys AFF1A000-AFF21000 (28672 bytes)
Module \??\C:\Users\kelli\AppData\Local\Temp\pgloqpod.sys (GMER) AFF21000-AFF3A000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET Service/ESET) 336
Library C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET Service/ESET) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000
Library C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll (ESET On-demmand Scanner Kernel/ESET) 0x21E00000
Library C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll (ESET Amon Service/ESET) 0x21300000
Library C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll (ESET Emon Service/ESET) 0x21500000
Library C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll (ESET Document Scanner Kernel/ESET) 0x23400000
Library C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll (ESET Personal Firewall service/ESET) 0x20300000
Library C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll (ESET Antispam Service/ESET) 0x20600000
Library C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll (ESET Update Service/ESET) 0x21100000
Library C:\Program Files\ESET\ESET Smart Security\updater.dll (ESET Update Engine/ESET) 0x21000000
Library C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll (ESET MailPlugins Service/ESET) 0x22900000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 580
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) 616
Library C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) 0x00400000
Library C:\Program Files\Common Files\LightScribe\LSSProxy.dll (Hewlett-Packard Company) 0x67000000
Library C:\Program Files\Common Files\LightScribe\LSLog.dll (Hewlett-Packard Company) 0x68000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\wininit.exe (Windows Start-Up Application/Microsoft Corporation) 624
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Windows\system32\csrss.exe (Client Server Runtime Process/Microsoft Corporation) 636
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Com for QLB application/Hewlett-Packard Development Company, L.P.) 664
Library C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Com for QLB application/Hewlett-Packard Development Company, L.P.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\services.exe (Services and Controller app/Microsoft Corporation) 668
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) 684
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Windows\system32\lsm.exe (Local Session Manager Service/Microsoft Corporation) 692
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Program Files\SMINST\BLService.exe 732
Library C:\Program Files\SMINST\BLService.exe 0x00400000
Library C:\Program Files\SMINST\STWmiM.dll 0x10000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\winlogon.exe (Windows Logon Application/Microsoft Corporation) 784
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 884
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) 892
Library C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\CNGKeyLock.exe 924
Library C:\Windows\system32\CNGKeyLock.exe 0x01330000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\servicescache.exe 964
Library C:\Windows\system32\servicescache.exe 0x00170000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\activeds.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71770000
Library C:\Windows\system32\adsnt.dll (ADs Windows NT Provider DLL/Microsoft Corporation) 0x6F7B0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1048
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1088
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1176
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library c:\windows\system32\fntcache.dll (Windows Font Cache Service/Microsoft Corporation) 0x6AF50000

Process C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1180
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library c:\windows\system32\tabsvc.dll (Microsoft Tablet PC Input Service/Microsoft Corporation) 0x72670000
Library c:\windows\system32\l2gpstore.dll (Policy Storage dll/Microsoft Corporation) 0x72600000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000
Library C:\Windows\System32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71770000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1192
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71770000
Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x728E0000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x75550000
Library C:\Windows\system32\wbem\ncprov.dll (Non-COM WMI Event Provision APIs/Microsoft Corporation) 0x6FC60000

Process c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard) 1280
Library c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard) 0x011B0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll (HP Active Support Library/Hewlett-Packard) 0x6DDA0000

Process C:\Windows\system32\AUDIODG.EXE (Windows Audio Device Graph Isolation /Microsoft Corporation) 1308
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\CnxtAp32.dll (Conexant Audio Processing Objects/Conexant Systems Inc.) 0x72C00000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1332
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) 1400
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1476
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1492
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000
Library c:\windows\system32\webclnt.dll (Web DAV Service DLL/Microsoft Corporation) 0x71970000
Library c:\windows\system32\upnphost.dll (UPnP Device Host/Microsoft Corporation) 0x70D50000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x70080000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1584
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1636
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library c:\windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x728E0000
Library c:\windows\system32\ACTIVEDS.dll (ADs Router Layer DLL/Microsoft Corporation) 0x71770000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\ndptsp.tsp (NDIS Proxy TAPI Service Provider/Microsoft Corporation) 0x70070000

Process C:\Windows\system32\taskeng.exe (Task Scheduler Engine/Microsoft Corporation) 1812
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\pautoenr.dll (Auto Enrollment DLL/Microsoft Corporation) 0x6F860000

Process C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1820
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\System32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000
Library C:\Windows\System32\msonpmon.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x6EC90000
Library C:\Windows\System32\usbmon.dll (Standard Dynamic Printing Port Monitor DLL/Microsoft Corporation) 0x6EA60000
Library C:\Windows\system32\spool\PRTPROCS\W32X86\msonpppr.dll (Microsoft Office OneNote 2007 Printer Driver/Microsoft Corporation) 0x6E7C0000

Process C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1852
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x70080000

Process C:\Windows\system32\rundll32.exe (Windows host process (Rundll32)/Microsoft Corporation) 1892
Library C:\Windows\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x71BF0000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\WLANExt.exe (Windows Wireless LAN 802.11 Extensibility Framework/Microsoft Corporation) 1900
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\athihvs.dll (IHVS DLL/Atheros) 0x10000000

Process C:\Program Files\CyberLink\Shared files\RichVideo.exe 1936
Library C:\Program Files\CyberLink\Shared files\RichVideo.exe 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 2164
Library C:\Windows\system32\igfxsrvc.exe (igfxsrvc Module/Intel Corporation) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x10000000
Library C:\Windows\system32\igfxdev.dll (igfxdev Module/Intel Corporation) 0x00390000

Process C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) 2216
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\credssp.dll (TS Single Sign On Security Package/Microsoft Corporation) 0x75A50000
Library C:\Windows\system32\vsstrace.dll (Microsoft® Volume Shadow Copy Requestor/Writer tracing DLL/Microsoft Corporation) 0x728E0000

Process C:\Windows\system32\DRIVERS\xaudio.exe (Modem Audio Service/Conexant Systems, Inc.) 2268
Library C:\Windows\system32\DRIVERS\xaudio.exe (Modem Audio Service/Conexant Systems, Inc.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (AutoUpater Service Module/Yahoo! Inc.) 2284
Library C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (AutoUpater Service Module/Yahoo! Inc.) 0x00400000
Library C:\Windows\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation) 0x71BF0000
Library C:\Windows\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x72F60000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\SearchFilterHost.exe (Microsoft Windows Search Filter Host/Microsoft Corporation) 3172
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\Dwm.exe (Desktop Window Manager/Microsoft Corporation) 3200
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\igdumdx32.dll (LDDM User Mode Driver for Intel® Graphics Technology/Intel Corporation) 0x10000000
Library C:\Windows\system32\igdumd32.dll (LDDM User Mode Driver for Intel® Graphics Technology/Intel Corporation) 0x01CF0000

Process C:\Windows\system32\taskeng.exe (Task Scheduler Engine/Microsoft Corporation) 3260
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\pautoenr.dll (Auto Enrollment DLL/Microsoft Corporation) 0x6F860000
Library C:\Windows\system32\igfxTMM.dll (igfxTMM Module/Intel Corporation) 0x10000000
Library C:\Windows\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x72F60000
Library C:\Windows\system32\igfxdev.dll (igfxdev Module/Intel Corporation) 0x01BC0000
Library C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x01C20000

Process C:\Windows\Explorer.EXE (Windows Explorer/Microsoft Corporation) 3272
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\MSIMG32.dll (GDIEXT Client DLL/Microsoft Corporation) 0x75550000
Library C:\Windows\system32\MSACM32.dll (Microsoft ACM Audio Filter/Microsoft Corporation) 0x72F60000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x70080000
Library C:\Program Files\ESET\ESET Smart Security\shellExt.dll (Shell Extension/ESET) 0x22000000
Library C:\Windows\system32\igfxpph.dll (igfxpph Module/Intel Corporation) 0x10000000
Library C:\Windows\system32\hccutils.DLL (hccutils Module/Intel Corporation) 0x03040000
Library C:\Windows\system32\igfxrENU.lrc (igfxres Module/Intel Corporation) 0x045F0000
Library C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x04CC0000

Process C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Module to process WiFi messages./Hewlett-Packard Development Company, L.P.) 3292
Library C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE (Module to process WiFi messages./Hewlett-Packard Development Company, L.P.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\ehome\ehmsas.exe (Media Center Media Status Aggregator Service/Microsoft Corporation) 3396
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Program Files\HP\QuickPlay\Kernel\Common\MCEMediaStatus.dll 0x10000000

Process C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) 3644
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Program Files\HP\QuickPlay\QPService.exe (HP QuickPlay Resident Program/CyberLink Corp.) 3696
Library C:\Program Files\HP\QuickPlay\QPService.exe (HP QuickPlay Resident Program/CyberLink Corp.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Program Files\HP\QuickPlay\helper.dll (Helper.dll/CyberLink Corp.) 0x10000000
Library C:\Program Files\HP\QuickPlay\Kernel\common\CLRCEngine3.dll (Cyberlink Remote Control Module for PCM/CyberLink Corp.) 0x003A0000

Process C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 3780
Library C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Quick Launch Buttons/ Hewlett-Packard Development Company, L.P.) 3812
Library C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Quick Launch Buttons/ Hewlett-Packard Development Company, L.P.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.DLL (QLB Database Handler/Hewlett-Packard Development Company, L.P.) 0x10000000
Library C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\hpqExec.DLL (Action Dll/Hewlett-Packard Company) 0x003B0000

Process C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (HPWAMain Module/Hewlett-Packard Development Company, L.P.) 3848
Library C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (HPWAMain Module/Hewlett-Packard Development Company, L.P.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Users\kelli\Desktop\fd4kz83z.exe 3860
Library C:\Users\kelli\Desktop\fd4kz83z.exe 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET GUI/ESET) 3872
Library C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET GUI/ESET) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Program Files\ESET\ESET Smart Security\eguiScan.dll (ESET On-demmand Scanner GUI/ESET) 0x21C00000
Library C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll (ESET Amon GUI/ESET) 0x21400000
Library C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll (ESET Emon GUI/ESET) 0x21600000
Library C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll (ESET Document Scanner GUI/ESET) 0x23200000
Library C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll (ESET Personal Firewall UI/ESET) 0x20400000
Library C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll (ESET Antispam GUI/ESET) 0x20800000
Library C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll (ESET Update GUI/ESET) 0x21200000
Library C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll (ESET MailPlugins GUI/ESET) 0x22B00000

Process C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.) 3896
Library C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.) 0x00400000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\wbem\wmiprvse.exe (WMI Provider Host/Microsoft Corporation) 3952
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) 3976
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\upnphost.dll (UPnP Device Host/Microsoft Corporation) 0x70D50000
Library C:\Windows\System32\npmproxy.dll (Network List Manager Proxy/Microsoft Corporation) 0x70080000

Process C:\Windows\System32\hkcmd.exe (hkcmd Module/Intel Corporation) 3984
Library C:\Windows\System32\hkcmd.exe (hkcmd Module/Intel Corporation) 0x00400000
Library C:\Windows\System32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x001D0000
Library C:\Windows\system32\igfxrENU.lrc (igfxres Module/Intel Corporation) 0x01C50000

Process C:\Windows\System32\igfxpers.exe (persistence Module/Intel Corporation) 4004
Library C:\Windows\System32\igfxpers.exe (persistence Module/Intel Corporation) 0x00400000
Library C:\Windows\System32\hccutils.DLL (hccutils Module/Intel Corporation) 0x10000000
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000
Library C:\Windows\system32\igfxsrvc.dll (igfxsrvc Module/Intel Corporation) 0x001E0000

Process C:\Windows\ehome\ehtray.exe (Media Center Tray Applet/Microsoft Corporation) 4028
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\NOTEPAD.EXE (Notepad/Microsoft Corporation) 4980
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

Process C:\Windows\system32\SearchProtocolHost.exe (Microsoft Windows Search Protocol Host/Microsoft Corporation) 5840
Library C:\Windows\system32\USP10.dll (Uniscribe Unicode script processor/Microsoft Corporation) 0x774F0000

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [BOOT] adp94xx
Service C:\Windows\system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [BOOT] adpahci
Service C:\Windows\system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (x86)/Adaptec, Inc.) [BOOT] adpu160m
Service C:\Windows\system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [BOOT] adpu320
Service C:\Windows\system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [BOOT] aic78xx
Service system32\Drivers\akerneldrv32.sys [BOOT] akerneldrv
Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [BOOT] aliide
Service C:\Windows\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [BOOT] arc
Service C:\Windows\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [BOOT] arcsas
Service C:\Windows\system32\DRIVERS\athr.sys (Atheros Extensible Wireless LAN device driver/Atheros Communications, Inc.) [MANUAL] athr
Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [MANUAL] Brserid
Service C:\Windows\system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [MANUAL] BrSerWdm
Service C:\Windows\system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [MANUAL] BrUsbMdm
Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service BTHPORT
Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [BOOT] cmdide
Service system32\CNGKeyLock.exe [AUTO] CNGKeyLock
Service C:\Windows\system32\drivers\CHDRT32.sys (High Definition Audio Function Driver/Conexant Systems Inc.) [MANUAL] CnxtHdAudService
Service C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Com for QLB application/Hewlett-Packard Development Company, L.P.) [MANUAL] Com4QLBEx
Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel® PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service eamon
Service C:\Windows\system32\DRIVERS\eamonm.sys (Amon monitor/ESET) [AUTO] eamonm
Service C:\Windows\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) [SYSTEM] ehdrv
Service C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET HTTP Server Service/ESET) [MANUAL] EhttpSrv
Service C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET Service/ESET) [AUTO] ekrn
Service C:\Windows\system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [BOOT] elxstor
Service C:\Windows\system32\DRIVERS\epfw.sys (ESET Personal Firewall driver/ESET) [AUTO] epfw
Service C:\Windows\system32\DRIVERS\Epfwndis.sys (ESET Personal Firewall NDIS filter/ESET) [MANUAL] Epfwndis
Service C:\Windows\system32\DRIVERS\epfwwfp.sys (ESET Personal Firewall driver/ESET) [AUTO] epfwwfp
Service C:\Windows\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [MANUAL] flpydisk
Service C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (GameConsoleService/WildTangent, Inc.) [MANUAL] GameConsoleService
Service C:\Program [AUTO] gupdate
Service C:\Program [MANUAL] gupdatem
Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard) [AUTO] HP Health Check Service
Service C:\Windows\system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [BOOT] HpCISSs
Service C:\Windows\system32\DRIVERS\HpqKbFiltr.sys (HpqKbFiltr Keyboard Filter Driver/Hewlett-Packard Development Company, L.P.) [MANUAL] HpqKbFiltr
Service C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (hpqwmiex Module/Hewlett-Packard Development Company, L.P.) [MANUAL] hpqwmiex
Service C:\Windows\system32\DRIVERS\HSX_DPV.sys (HSF_DP driver/Conexant Systems, Inc.) [MANUAL] HSF_DPV
Service C:\Windows\system32\DRIVERS\HSXHWAZL.sys (HSF_HWAZL WDM driver/Conexant Systems, Inc.) [MANUAL] HSXHWAZL
Service ialm
Service C:\Windows\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [BOOT] iaStorV
Service C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (IDriverT Module/Macrovision Corporation) [MANUAL] IDriverT
Service C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Graphics Kernel Mode Driver/Intel Corporation) [MANUAL] igfx
Service C:\Windows\system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [BOOT] iirsp
Service C:\Windows\system32\drivers\IntcHdmi.sys (Intel® High Definition Audio HDMI/Intel® Corporation) [MANUAL] IntcHdmiAddService
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\Windows\system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [BOOT] iteatapi
Service C:\Windows\system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [BOOT] iteraid
Service C:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) [AUTO] LightScribeService
Service C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [BOOT] LSI_FC
Service C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [BOOT] LSI_SAS
Service C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [BOOT] LSI_SCSI
Service C:\Windows\system32\Drivers\LVPr2Mon.sys [MANUAL] LVPr2Mon
Service C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech LVPrcSrv Module./Logitech Inc.) [AUTO] LVPrcSrv
Service C:\Windows\system32\DRIVERS\lvuvc.sys (Logitech USB Video Class Driver/Logitech Inc.) [MANUAL] LVUVC
Service C:\Windows\system32\DRIVERS\mdmxsdk.sys (Diagnostic Interface x86 Driver/Conexant) [AUTO] mdmxsdk
Service C:\Windows\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Corporation) [BOOT] megasas
Service C:\Windows\system32\drivers\megasr.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [BOOT] MegaSR
Service system32\sysDriverHardWare.exe [AUTO] MicrosoftHardwareDriver
Service C:\Windows\system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [BOOT] Mraid35x
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\Windows\system32\DRIVERS\NETw3v32.sys (Intel® Wireless WiFi Link Driver/Intel Corporation) [MANUAL] NETw3v32
Service C:\Windows\system32\drivers\nfrd960.sys (IBM ServeRAID Controller Driver/IBM Corporation) [BOOT] nfrd960
Service C:\Windows\system32\drivers\ntrigdigi.sys (N-trig tablet digitizer in-box driver/N-trig Innovative Technologies) [MANUAL] ntrigdigi
Service C:\Windows\system32\drivers\nvraid.sys (NVIDIA® nForce™ RAID Driver/NVIDIA Corporation) [BOOT] nvraid
Service C:\Windows\system32\drivers\nvstor.sys (NVIDIA® nForce™ Sata Performance Driver/NVIDIA Corporation) [BOOT] nvstor
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service system32\Drivers\pcrasys32.sys [BOOT] pcrasys
Service C:\Windows\system32\DRIVERS\LV561AV.SYS (Logitech Video Driver/Logitech Inc.) [MANUAL] PID_0928
Service C:\Windows\system32\drivers\ql2300.sys (QLogic Fibre Channel Stor Miniport Driver/QLogic Corporation) [BOOT] ql2300
Service C:\Windows\system32\drivers\ql40xx.sys (QLogic iSCSI Storport Miniport Driver/QLogic Corporation) [BOOT] ql40xx
Service C:\Windows\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) [SYSTEM] RDPENCDD
Service Realtek USB 2.0 Card Reader
Service C:\Program Files\SMINST\BLService.exe [AUTO] Recovery Service for Windows
Service C:\Program Files\CyberLink\Shared files\RichVideo.exe [AUTO] RichVideo
Service C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek 8101E/8168/8169 NDIS6 32-bit Driver /Realtek Corporation ) [MANUAL] RTL8169
Service C:\Windows\system32\drivers\RTSTOR.SYS (Realtek USB Mass Storage Driver for Vista/Realtek Semiconductor Corp.) [MANUAL] RTSTOR
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service C:\Windows\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [BOOT] SiSRaid4
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Windows\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [BOOT] Symc8xx
Service C:\Windows\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [BOOT] Sym_hi
Service C:\Windows\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [BOOT] Sym_u3
Service C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) [MANUAL] SynTP
Service system32\sysSecurityCheck.exe [AUTO] SysCacheDriver
Service system32\servicescache.exe [AUTO] systemCheck
Service C:\Windows\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [BOOT] uliahci
Service C:\Windows\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [BOOT] UlSata
Service C:\Windows\system32\drivers\ulsata2.sys (Promise SATAII150 Series Windows Drivers/Promise Technology, Inc.) [BOOT] ulsata2
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [BOOT] viaide
Service C:\Windows\system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [BOOT] vsmraid
Service C:\Windows\system32\DRIVERS\wimmount.sys (Wim file system Driver/Microsoft Corporation) [MANUAL] wimmount
Service C:\Windows\system32\DRIVERS\HSX_CNXT.sys (HSF_CNXT driver/Conexant Systems, Inc.) [MANUAL] winachsf
Service Windows Workflow Foundation 3.0.0.0
Service WSearchIdxPi
Service C:\Windows\system32\DRIVERS\xaudio.sys (Modem Audio Device Driver/Conexant Systems, Inc.) [AUTO] XAudio
Service C:\Windows\system32\DRIVERS\xaudio.exe (Modem Audio Service/Conexant Systems, Inc.) [AUTO] XAudioService
Service C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (AutoUpater Service Module/Yahoo! Inc.) [AUTO] YahooAUService
Service C:\Windows\system32\DRIVERS\yk60x86.sys (NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller/Marvell) [MANUAL] yukonwlh

---- EOF - GMER 1.0.15 ----

I was checking out some things in the Underclassman area. I like to check my own settings when it comes to registry keys. and I came across this:




Is it possible this is the problem? I'm not sure if they are the same. they are really close so . Just thought I would add it just in case .

e/ I think the only difference is due to the fact that mine is REGEDIT 5.00 instead of 4.00.

Edited by Kasey21, 15 June 2011 - 09:41 PM.

[Jintan]

Phew - sorry about the large log to post. No, the LSA key isn't involved. Beyond that though, better to ask questions related to it of an academy instructor.


But we do need to learn more about these:

Module \SystemRoot\system32\Drivers\akerneldrv32.sys 8BDF2000-8BDFA000 (32768 bytes)
Module \SystemRoot\system32\Drivers\pcrasys32.sys AFF1A000-AFF21000 (28672 bytes)

Process C:\Windows\system32\servicescache.exe 964
Library C:\Windows\system32\servicescache.exe 0x00170000

In a few other forum threads those first two web search to, they seem to exist where this is present:

R2 CNGKeyLock;CNG Key Isolation Service;c:\windows\system32\CNGKeyLock.exe [2011-1-15 192512]

A crypto-related service. Have to see though. And the other has little web documentation.


If we haven't already used it there, click here and download jpshortstuff's SystemLook to your desktop, then click that file to open the scan display. In the open textbox, copy and paste the following (inside the Code box below):

:filefind
akerneldrv32.sys
pcrasys32.sys
servicescache.exe

Then click Look. Once the scan completes Notepad will open - copy/paste those contents back here please. That will also be saved as a log where you have the scan file, named SystemLook.txt.

[Kasey21]

Well I asked, not because I was curious, but concerned if I needed a LSA fix . But since that obviously isn't the case then I have no need to ask anymore

SystemLook 04.09.10 by jpshortstuff
Log created at 21:36 on 16/06/2011 by kelli
Administrator - Elevation successful

========== filefind ==========

Searching for "akerneldrv32.sys"
C:\System Volume Information\SystemRestore\FRStaging{66C60756-B635-4274-A272-0191C020F32A}\Windows\System32\drivers\akerneldrv32.sys --a---- 15496 bytes [23:23 30/12/2010] [12:13 01/03/2011] 7EFFB1B3560DEA44AEA98DCCC8CEC918
C:\System Volume Information\SystemRestore\FRStaging{76653D9A-CB8E-49BE-BC43-848621006A1B}\Windows\System32\drivers\akerneldrv32.sys --a---- 15496 bytes [23:23 30/12/2010] [12:13 01/03/2011] 7EFFB1B3560DEA44AEA98DCCC8CEC918
C:\Windows\System32\drivers\akerneldrv32.sys -r----- 19080 bytes [23:23 30/12/2010] [20:32 22/05/2011] (Unable to calculate MD5)

Searching for "pcrasys32.sys"
C:\System Volume Information\SystemRestore\FRStaging{66C60756-B635-4274-A272-0191C020F32A}\Windows\System32\drivers\pcrasys32.sys --a---- 15496 bytes [23:23 30/12/2010] [12:13 01/03/2011] C04EA4BF2D4B593D32C0E3EA933F8060
C:\System Volume Information\SystemRestore\FRStaging{76653D9A-CB8E-49BE-BC43-848621006A1B}\Windows\System32\drivers\pcrasys32.sys --a---- 15496 bytes [23:23 30/12/2010] [12:13 01/03/2011] C04EA4BF2D4B593D32C0E3EA933F8060
C:\Windows\System32\drivers\pcrasys32.sys -r----- 15496 bytes [23:23 30/12/2010] [20:32 22/05/2011] (Unable to calculate MD5)

Searching for "servicescache.exe"
C:\Windows\System32\servicescache.exe -r-h--- 8200968 bytes [23:32 08/03/2010] [20:32 22/05/2011] (Unable to calculate MD5)

-= EOF =-

BTW I believe these files are associated with this computer being rented fro Aron's. There was a law suit on Aron's for installing software on all of their rentals to spy on the users. I was told that this computer has traces of it. And I believe those are it (well the first two (pcrasys32.sys and akerneldrv32.sys)

[Jintan]

Asking is fine, but be sure you do understand the "why" of why that key isn't a factor here by asking a teacher.

I ran into a different system where some Aaron's programs were involved. And yes, it smacks of being not in the customer's best interests. But let's check those files.


Just go here, press NEW TOPIC (right hand side, just at the top of the forum thread list), fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select the following files on your computer.

C:\Windows\System32\drivers\akerneldrv32.sys
C:\Windows\System32\drivers\pcrasys32.sys
C:\Windows\System32\servicescache.exe

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.

Just click the "(more attachments)" next to the Browse button to upload more than one file.

[Kasey21]

I got this error message on all 3 files

[Jintan]

Are you booted into the actual Administrator account?

[Kasey21]

There is only one account on here. so yeah :G

e/ also my internet stopped loading in halves. but as you can see my permissions are disabled as an administrator for most of things.

Edited by Kasey21, 17 June 2011 - 09:05 PM.

[Jintan]

Earlier we did "net user administrator /active:yes". This enabled the actual Admin account. You are using this as your regular account (not recommended)? If not, reboot to that actual Admin account to handle the files. I thought you created a new account, and migrated to it?

If you are already using the Admin account, then for now instead do the following (or if nothing else works):

Disable all security software.

Download subinacl.msi from here to your desktop, then click the file to start the installer.

Accept any agreements, and when it suggests it install SubInACL.exe to it's "C:\Program Files\Windows Resource Kits\Tools\" folder, instead click Browse, and direct it to your C folder, so it will then be C:\SubInACL.exe.

--------------------------

Once you have done that open Notepad (Start Search, type notepad then press Enter) and copy the following text into a new file:

cd\
subinacl /file C:\Windows\System32\drivers\akerneldrv32.sys /setowner=everyone
subinacl /file C:\Windows\System32\drivers\akerneldrv32.sys /grant=everyone=f
subinacl /file C:\Windows\System32\drivers\akerneldrv32.sys /grant=administrator=f
subinacl /file C:\Windows\System32\drivers\akerneldrv32.sys /grant=system=f
subinacl /file C:\Windows\System32\drivers\pcrasys32.sys /setowner=everyone
subinacl /file C:\Windows\System32\drivers\pcrasys32.sys /grant=everyone=f
subinacl /file C:\Windows\System32\drivers\pcrasys32.sys /grant=administrator=f
subinacl /file C:\Windows\System32\drivers\pcrasys32.sys /grant=system=f
subinacl /file C:\Windows\System32\servicescache.exe /setowner=everyone
subinacl /file C:\Windows\System32\servicescache.exe /grant=everyone=f
subinacl /file C:\Windows\System32\servicescache.exe /grant=administrator=f
subinacl /file C:\Windows\System32\servicescache.exe /grant=system=f

Save the file to the desktop as "permdo.bat"

Make sure to use the quotes "" in the name.

Then double-click on permdo.bat. A window should open and you will see some procedures run --- this is normal. Once they have completed the changes the window should close.

Then try the file upload again.

NOTE - I had steps for Inherit.exe here, and removed them. Disregard them if you happened to see the steps, and do these instead.

[Kasey21]

I am on the account that allowed me to update Adobe and not fail due to not having permissions to access a certain folder. I deleted the other account because it wasn't going to be used anymore. Which is why I'm back to 1 account.

Also I followed all instructions and I still get the same error.

I tried to go manually and change the permissions for the files, but it wouldn't even let me view the current permissions. It said to "to view these settings you must continue as administrator. When I pressed continue, it showed me this:


each attempt to change ownership failed.