Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old September 17th, 2012, 06:09 PM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
check for virus

hi
running vista and when on firefox it went very slow so i deleted firefox and use ie
still the same any help would be gratefull
downloaded otl results below
OTL logfile created on: 17/09/2012 17:54:36 - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Bill\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.87 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 44.45% Memory free
3.98 Gb Paging File | 2.82 Gb Available in Paging File | 70.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.69 Gb Total Space | 213.75 Gb Free Space | 74.30% Space Free | Partition Type: NTFS
Drive D: | 10.40 Gb Total Space | 1.39 Gb Free Space | 13.38% Space Free | Partition Type: NTFS

Computer Name: BILL-PC | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/17 17:54:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
PRC - [2012/06/19 13:44:22 | 002,784,256 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
PRC - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccsvchst.exe
PRC - [2010/02/06 11:36:40 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/07 12:50:52 | 001,584,640 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
PRC - [2009/07/18 04:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.ex e
PRC - [2008/12/11 17:39:12 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2008/12/11 17:39:12 | 000,024,688 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/10/12 10:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/08/02 15:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe
PRC - [2007/01/30 13:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe


========== Modules (No Company Name) ==========

MOD - [2010/10/20 16:33:18 | 000,481,872 | ---- | M] () -- C:\Program Files\vShare\vshare_toolbar.dll
MOD - [2007/02/16 21:01:00 | 000,081,920 | ---- | M] () -- C:\Program Files\FinePixViewer\wia_register_event.dll


========== Services (SafeList) ==========

SRV - [2012/08/15 19:43:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 13:44:22 | 000,777,728 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2012/06/18 21:13:46 | 000,394,712 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe -- (NIS)
SRV - [2011/07/15 11:07:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/12/11 17:39:12 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/12 10:33:38 | 000,202,016 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk)
SRV - [2007/08/02 15:42:16 | 000,382,320 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2007/08/02 15:42:14 | 000,148,768 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/09/14 14:09:06 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120917.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/09/14 14:09:06 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120917.002\NAVENG.SYS -- (NAVENG)
DRV - [2012/09/01 01:27:25 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\201 20914.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/31 23:09:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20 120905.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/13 19:33:58 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/13 19:33:58 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/29 20:52:38 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/07/29 20:52:38 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/07/29 20:52:38 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/07/06 03:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtsp. sys -- (SRTSP)
DRV - [2012/07/06 03:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\srtspx .sys -- (SRTSPX)
DRV - [2012/06/07 05:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ccsetx 86.sys -- (ccSet_NIS)
DRV - [2012/05/30 20:33:44 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\Rapport MS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/05/22 02:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symefa .sys -- (SymEFA)
DRV - [2012/04/18 03:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symtdi v.sys -- (SYMTDIv)
DRV - [2012/04/18 02:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\ironx8 6.sys -- (SymIRON)
DRV - [2012/03/23 11:18:07 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/16 11:42:11 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\34302\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2011/07/26 03:18:35 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1308000.00E\symds. sys -- (SymDS)
DRV - [2011/05/26 16:03:56 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2011/05/26 16:03:50 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/05/22 22:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/26 18:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2008/01/29 13:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{1496F5FB-0845-4DAC-9E9B-AD7480F11B7B}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationT ype=tb50hpcndtie7-en-gb
IE - HKLM\..\SearchScopes\{169DC95B-908A-4714-894B-45BE961D52ED}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true &x=true&y=true&partner=hp&partnerId=96913936
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm103YYGB&fl=0&ptb=Pok52TZBEi W8DUWSMSnBrw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{1496F5FB-0845-4DAC-9E9B-AD7480F11B7B}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationT ype=tb50hpcndtie7-en-gb
IE - HKCU\..\SearchScopes\{169DC95B-908A-4714-894B-45BE961D52ED}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true &x=true&y=true&partner=hp&partnerId=96913936
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm103YYGB&fl=0&ptb=Pok52TZBEi W8DUWSMSnBrw&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=0777F24001CA 8C64000B59C3&install_time=03-01-2010:11:01&src_id=11031&camp_id=38&tb_version=2.5. 7002.477
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/myhome?search={searchTerms}&loc=search_box
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3008668.browser.search.defaultthis.eng ineName: true
FF - prefs.js..CT3209604.browser.search.defaultthis.eng ineName: true
FF - prefs.js..browser.search.selectedEngine: "ALOT Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3008668&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: appbar@alot.com:1.0.19000
FF - prefs.js..extensions.enabledAddons: {b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}:10.10.27.6
FF - prefs.js..extensions.enabledAddons: {9427041a-a8dc-4d06-9a68-93873486e957}:10.10.27.6
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3008668&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_30 0_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic .com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB. dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/03 11:16:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2012/09/17 17:26:30 | 000,000,000 | ---D | M]

[2011/10/21 11:21:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Extensions
[2012/08/22 10:44:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\y2bizekh.default\extensions
[2012/08/22 10:43:58 | 000,000,000 | ---D | M] (Productivity 3.1) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\y2bizekh.default\extensions\{9427041a-a8dc-4d06-9a68-93873486e957}
[2012/08/22 10:44:53 | 000,000,000 | ---D | M] (Produtools Manuals 2.1) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\y2bizekh.default\extensions\{b2bf7b3f-bf0b-4c48-aec6-f92c51be63e1}
[2012/07/25 18:16:44 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\y2bizekh.default\extensions\appbar@alot.com
[2012/07/25 18:16:46 | 000,002,205 | ---- | M] () -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\y2bizekh.default\searchplugins\alot-search.xml
[2012/07/25 21:09:28 | 000,000,925 | ---- | M] () -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Prof iles\y2bizekh.default\searchplugins\conduit.xml
[2012/08/22 10:43:58 | 000,000,000 | ---D | M] (Productivity 3.1) -- C:\USERS\BILL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y2BIZEKH.DEFAULT\EXT ENSIONS\{9427041A-A8DC-4D06-9A68-93873486E957}
[2012/08/22 10:44:53 | 000,000,000 | ---D | M] (Produtools Manuals 2.1) -- C:\USERS\BILL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y2BIZEKH.DEFAULT\EXT ENSIONS\{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1}
[2012/07/25 18:16:44 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\USERS\BILL\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Y2BIZEKH.DEFAULT\EXT ENSIONS\APPBAR@ALOT.COM
[2009/09/05 16:00:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstan ce.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (BT Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.8.0.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableChangePassword = 0
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZRxdm103YYGB File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1247EF16-3909-48B5-ABD3-9F13A4B38609}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{57E83314-4ECD-4301-8B98-C873FA7D707A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\ezShellStart.exe) - C:\Windows\System32\ezShellStart.exe (EasyBits Software AS)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Bill\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bill\Application Data\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/19 12:28:20 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/17 17:53:41 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2012/09/17 17:38:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/17 17:38:20 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/08/29 11:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Produtools_Manuals_2.1
[2012/08/23 19:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\TelevisionFanaticEI

========== Files - Modified Within 30 Days ==========

[2012/09/17 18:00:18 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{B1D62918-E9CD-42B6-B33A-5A64DCF9CE2C}.job
[2012/09/17 17:59:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/17 17:54:16 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2012/09/17 17:43:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/17 17:25:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/17 17:25:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 17:25:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/17 17:25:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/17 17:25:29 | 2010,222,592 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/16 13:47:54 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/16 13:47:54 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/07/22 11:29:47 | 000,000,833 | ---- | C] () -- C:\Users\Bill\RealPlayer SP.lnk
[2011/11/06 08:37:09 | 000,000,000 | ---- | C] () -- C:\Users\Bill\AppData\Local\{F592BEE5-2643-44C7-871A-3DF6940D0BFF}
[2010/11/12 10:39:03 | 000,007,259 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2010/02/06 12:02:22 | 000,000,371 | ---- | C] () -- C:\Users\Bill\Pictures - Shortcut.lnk
[2008/11/04 12:08:41 | 000,024,206 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\UserTile.png
[2008/11/01 15:12:51 | 000,008,704 | ---- | C] () -- C:\Users\Bill\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/01 12:35:17 | 000,000,102 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\wklnhst.dat
[2008/10/29 13:25:06 | 000,000,680 | ---- | C] () -- C:\Users\Bill\AppData\Local\d3d9caps.dat

< End of report >
Reply With Quote


  #2  
Old September 18th, 2012, 12:54 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,391
Hello loghamm,

The log shows a lot of adware installed there. Since Firefox tends to reserve certain settings, even if uninstalled/reinstalled, it would help if you reinstall it, reboot, then do the following, so we can repair it too:


Run and post a new OTL log.

-----------

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Reply With Quote
  #3  
Old September 18th, 2012, 12:09 PM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.5
aioscnnr
Apple Software Update
BT Broadband Desktop Help
BT Yahoo! Toolbar
BTHomeHub
C4USelfUpdater
center
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite Deluxe
CyberLink PowerDirector
Enhanced Multimedia Keyboard Solution
essentials
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.5
GearDrvs
Google Earth
Google Update Helper
GoToAssist Corporate
GoToAssist Corporate
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Feedback
HP Customer Participation Program 9.0
HP Demo
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP Photosmart Essential 2.01
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HPSSupply
Java(TM) SE Runtime Environment 6 Update 1
Kodak AIO Printer
KODAK AiO Software
LabelPrint
LightScribe System Software 1.12.37.1
Magic Desktop
McAfee Security Scan Plus
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 6.1
My HP Games
My Web Search (Popular Screensavers)
Norton Internet Security
NVIDIA Drivers
ocr
Power2Go
PreReq
Python 2.5
QuickTime
Rapport
Rapport
RealPlayer
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
TalkTalk Assist & Go
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
vShare Plugin
Yahoo! Software Update
Reply With Quote
  #4  
Old September 18th, 2012, 12:43 PM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
te gmer installer keeps freezing the pc when i run the scan tried a few times stops half way through scan


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-18 12:38:49
-----------------------------
12:38:49.211 OS Version: Windows 6.0.6001 Service Pack 1
12:38:49.211 Number of processors: 2 586 0xF0D
12:38:49.211 ComputerName: BILL-PC UserName: Bill
12:38:56.684 Initialize success
12:39:02.960 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:39:02.960 Disk 0 Vendor: WDC_WD3200AAJS-65B4A0 01.03A01 Size: 305245MB BusType: 3
12:39:02.991 Disk 0 MBR read successfully
12:39:02.991 Disk 0 MBR scan
12:39:02.991 Disk 0 unknown MBR code
12:39:03.006 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 294596 MB offset 63
12:39:03.038 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10646 MB offset 603333360
12:39:03.084 Disk 0 scanning sectors +625136400
12:39:03.209 Disk 0 scanning C:\Windows\system32\drivers
12:39:16.516 Service scanning
12:39:33.629 Modules scanning
12:39:57.856 Disk 0 trace - called modules:
12:39:57.887 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
12:39:57.887 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87284338]
12:39:57.903 3 CLASSPNP.SYS[89bb7745] -> nt!IofCallDriver -> [0x86a1e8c8]
12:39:57.918 5 acpi.sys[806a06a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8607fba0]
12:39:57.918 Scan finished successfully
12:40:12.302 Disk 0 MBR has been saved successfully to "C:\Users\Bill\Documents\MBR.dat"
12:40:12.317 The log file has been saved successfully to "C:\Users\Bill\Documents\aswMBR.txt"
Reply With Quote
  #5  
Old September 19th, 2012, 12:49 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,391
These:

[2012/09/17 17:38:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/17 17:38:20 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

Suggest a very recent, maybe failed ComboFix run.

Since I am not yet sure I see any really tough malware, was Norton completely disabled when you tried Gmer (or even when that ComboFix run was tried)? If it's a recent Norton version, you can usually right click the taskbar icon, and disable it's firewall and active protection there. I suggest having them "Permanently" disabled, which just means you have to manually re-enable them later. Some uninstalls you can do now, but please post back on what I just asked about/described before we move forward here.


Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

McAfee Security Scan Plus - Just scans, so of no real value.
My Web Search (Popular Screensavers) - Adware, spyware, search hijacker.
vShare Plugin - Adware, spyware, search hijacker.
Yahoo! Software Update - Of no use there.

And if you don't use it regularly, this (these) can be heavy resource users:

Google Earth
Google Update Helper
Reply With Quote
  #6  
Old September 19th, 2012, 09:50 AM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
Suggest a very recent, maybe failed ComboFix run.

Since I am not yet sure I see any really tough malware, was Norton completely disabled when you tried Gmer (or even when that ComboFix run was tried)? If it's a recent Norton version, you can usually right click the taskbar icon, and disable it's firewall and active protection there. I suggest having them "Permanently" disabled, which just means you have to manually re-enable them later. Some uninstalls you can do now, but please post back on what I just asked about/described before we move forward here.

uninstalled your suggestions tried to run gmer and once again half way through windows stopped working
there is a windows shield on the gmer icon would this interfere

thanx in advance

lawrence
Reply With Quote
  #7  
Old September 20th, 2012, 01:29 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,391
Shield - right click, run as Administrator. I suggested it earlier for all the files we run here.

If Gmer fails running the "normal" way, open Gmer again. Once it has completed it's opening scan, this time just right click in the white space in the display and select Options - Only non MS files. Then click Scan and allow Gmer to run a different scan. Once that completes click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Post that (or both) scan log please.
Reply With Quote
  #8  
Old September 21st, 2012, 11:06 AM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
thankyou for your reply tom

txt below
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-21 10:57:56
Windows 6.0.6001 Service Pack 1
Running: z7x59y58.exe; Driver: C:\Users\Bill\AppData\Local\Temp\kwldqpod.sys


---- Modules - GMER 1.0.15 ----

Module \SystemRoot\system32\drivers\NIS\1308000.00E\SYMDS .SYS (Symantec Data Store/Symantec Corporation) 89405000-8945C000 (356352 bytes)
Module \SystemRoot\system32\drivers\NIS\1308000.00E\SYMEF A.SYS (Symantec Extended File Attributes/Symantec Corporation) 8946C000-89554000 (950272 bytes)
Module \SystemRoot\System32\Drivers\RapportKELL.sys (RapportKE/Trusteer Ltd.) 89B5F000-89B6D000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) 8993B000-89940000 (20480 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) 89A0B000-89A0E000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\nvmfdx32.sys (NVIDIA MCP Networking Function Driver./NVIDIA Corporation) 8E207000-8E304000 (1036288 bytes)
Module \SystemRoot\system32\DRIVERS\nvlddmkm.sys (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 /NVIDIA Corporation) 8EE0B000-8F52A000 (7467008 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 8EE00000-8EE0A000 (40960 bytes)
Module \SystemRoot\system32\drivers\RTKVHDA.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) 9140F000-91610000 (2101248 bytes)
Module \SystemRoot\system32\drivers\NIS\1308000.00E\ccSet x86.sys (Common Client Settings Driver/Symantec Corporation) 91662000-91686000 (147456 bytes)
Module \SystemRoot\system32\drivers\NIS\1308000.00E\Ironx 86.SYS (Iron Driver/Symantec Corporation) 91686000-916AD000 (159744 bytes)
Module \??\C:\ProgramData\Trusteer\Rapport\store\exts\Rap portCerberus\34302\RapportCerberus32_34302.sys 916AD000-916E3000 (221184 bytes)
Module \SystemRoot\System32\Drivers\NIS\1308000.00E\SYMTD IV.SYS (Network Dispatch Driver/Symantec Corporation) 9176F000-917CA000 (372736 bytes)
Module \??\C:\Windows\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) 917CA000-917F4000 (172032 bytes)
Module \SystemRoot\system32\drivers\NIS\1308000.00E\SRTSP X.SYS (Symantec AutoProtect/Symantec Corporation) 92840000-92850000 (65536 bytes)
Module \??\C:\Program_Files\Trusteer\Rapport\bin\RapportP G.sys (RapportPG/Trusteer Ltd.) 9288C000-928B3000 (159744 bytes)
Module \??\C:\Program_Files\Trusteer\Rapport\bin\RapportE I.sys (RapportEI/Trusteer Ltd.) 928B3000-928C3000 (65536 bytes)
Module \??\C:\Program_Files\Common_Files\Symantec_Shared\ EENGINE\eeCtrl.sys (Symantec Eraser Control Driver/Symantec Corporation) 92930000-9298F000 (389120 bytes)
Module \??\C:\Program_Files\Common_Files\Symantec_Shared\ EENGINE\EraserUtilRebootDrv.sys (Symantec Eraser Utility Driver/Symantec Corporation) 9298F000-929AD000 (122880 bytes)
Module \SystemRoot\system32\DRIVERS\netr73.sys (Ralink 802.11 USB Wireless Adapter Driver/Ralink Technology, Corp.) 93101000-93181000 (524288 bytes)
Module \SystemRoot\System32\Drivers\secdrv.SYS (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) A21AC000-A21B6000 (40960 bytes)
Module \SystemRoot\System32\Drivers\NIS\1308000.00E\SRTSP .SYS (Symantec AutoProtect/Symantec Corporation) B1C00000-B1C94000 (606208 bytes)
Module \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS (PCAUSA NDIS 5.0 SPR Protocol Driver/Printing Communications Assoc., Inc. (PCAUSA)) B1FA1000-B1FA6000 (20480 bytes)
Module \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120920.035\NAVEX15.SYS (AV Engine/Symantec Corporation) B1E00000-B1F86000 (1597440 bytes)
Module \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120920.035\NAVENG.SYS (AV Engine/Symantec Corporation) B1F86000-B1F9B000 (86016 bytes)
Module \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20 120919.001\BHDrvx86.sys (BASH Driver/Symantec Corporation) B1CF7000-B1DED000 (1007616 bytes)
Module \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\201 20920.002\IDSvix86.sys (IDS Core Driver/Symantec Corporation) B1C94000-B1CF7000 (405504 bytes)
Module \??\C:\Users\Bill\AppData\Local\Temp\aswMBR.sys B1FB9000-B1FC5000 (49152 bytes)
Module \??\C:\Users\Bill\AppData\Local\Temp\kwldqpod.sys (GMER) B1FC5000-B1FDE000 (102400 bytes)

---- Processes - GMER 1.0.15 ----

Process iexplore.exe 512
Process nvvsvc.exe (NVIDIA Driver Helper Service, Version 175.21/NVIDIA Corporation) 976
Process EKAiOHostService.exe 1432
Process ieuser.exe 1644
Process z7x59y58.exe 1820
Process EKPrinterSDK.exe 2220
Process LSSrvc.exe 2312
Process hpswp_clipbook.exe 2328
Process realsched.exe 2348
Process BTHelpNotifier.exe 2360
Process McciCMService.exe 2376
Process ccsvchst.exe 2444
Process sprtsvc.exe 2576
Process EKStatusMonitor.exe 2676
Process tgsrvc.exe 2692
Process ccsvchst.exe 2768
Process ehtray.exe 2868
Process wmpnscfg.exe 2956
Process QuickDCF2.exe 3000
Process HPHC_Service.exe 3132
Process ehmsas.exe 3172
Process FlashUtil10c.exe 3780
Process wmpnetwk.exe 3820
Process ehsched.exe 4024

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe (Adobe® Flash® Player Update Service 11.4 r402/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20 120919.001\BHDrvx86.sys [SYSTEM] BHDrvx86
Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx 86.sys (Common Client Settings Driver/Symantec Corporation) [SYSTEM] ccSet_NIS
Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service C:\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [SYSTEM] eeCtrl
Service C:\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [MANUAL] EraserUtilRebootDrv
Service C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (GameConsoleService/WildTangent, Inc.) [MANUAL] GameConsoleService
Service C:\Windows\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online GoToAssist Corporate/Citrix Online, a division of Citrix Systems, Inc.) [MANUAL] GoToAssist
Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard) [AUTO] HP Health Check Service
Service C:\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\201 20920.002\IDSvix86.sys [SYSTEM] IDSVix86
Service C:\Windows\system32\drivers\RTKVHDA.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (EKAiOHostService Module for Kodak AiO Printers/Eastman Kodak Company) [AUTO] Kodak AiO Network Discovery Service
Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Status Monitor SDK for KODAK AiO Printer (32-Bit Intel(R) Pentium(TM) 4 Optimized Build)/Eastman Kodak Company) [AUTO] Kodak AiO Status Monitor Service
Service c:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) [AUTO] LightScribeService
Service C:\Program Files\Common Files\Motive\McciCMService.exe (mcci+McciCMService/Alcatel-Lucent) [AUTO] McciCMService
Service C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) [MANUAL] MozillaMaintenance
Service C:\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [MANUAL] MREMP50
Service C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [MANUAL] MREMPR5
Service C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [MANUAL] MRENDIS5
Service C:\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [MANUAL] MRESP50
Service MSDTC Bridge 3.0.0.0
Service MSDTC Bridge 4.0.0.0
Service C:\Windows\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) [MANUAL] mssmbios
Service C:\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120920.035\NAVENG.SYS [MANUAL] NAVENG
Service C:\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120920.035\NAVEX15.SYS [MANUAL] NAVEX15
Service C:\Windows\system32\DRIVERS\netr73.sys (Ralink 802.11 USB Wireless Adapter Driver/Ralink Technology, Corp.) [MANUAL] netr73
Service C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe (Symantec Service Framework/Symantec Corporation) [AUTO] NIS
Service C:\Windows\system32\DRIVERS\nvmfdx32.sys (NVIDIA MCP Networking Function Driver./NVIDIA Corporation) [MANUAL] NVENETFD
Service C:\Windows\system32\DRIVERS\nvlddmkm.sys (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 /NVIDIA Corporation) [MANUAL] nvlddmkm
Service C:\Windows\system32\nvvsvc.exe (NVIDIA Driver Helper Service, Version 175.21/NVIDIA Corporation) [AUTO] nvsvc
Service system32\DRIVERS\nwlnkflt.sys [MANUAL] NwlnkFlt
Service system32\DRIVERS\nwlnkfwd.sys [MANUAL] NwlnkFwd
Service C:\Windows\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) [MANUAL] Ps2
Service C:\??\C:\ProgramData\Trusteer\Rapport\store\exts\R apportCerberus\34302\RapportCerberus32_34302.sys [SYSTEM] RapportCerberus_34302
Service C:\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys [SYSTEM] RapportEI
Service C:\??\c:\programdata\trusteer\rapport\store\exts\r apportms\39624\rapportiaso.sys [MANUAL] RapportIaso
Service C:\Windows\System32\Drivers\RapportKELL.sys (RapportKE/Trusteer Ltd.) [BOOT] RapportKELL
Service RapportMgmtService
Service C:\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [SYSTEM] RapportPG
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft Agent Service/SupportSoft, Inc.) [AUTO] sprtsvc_TalkTalk
Service C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP. SYS (Symantec AutoProtect/Symantec Corporation) [MANUAL] SRTSP
Service C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX .SYS (Symantec AutoProtect/Symantec Corporation) [SYSTEM] SRTSPX
Service C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe (ssrc Module/SupportSoft, Inc.) [MANUAL] SupportSoft RemoteAssist
Service C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS. SYS (Symantec Data Store/Symantec Corporation) [BOOT] SymDS
Service C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA .SYS (Symantec Extended File Attributes/Symantec Corporation) [BOOT] SymEFA
Service C:\??\C:\Windows\system32\Drivers\SYMEVENT.SYS [MANUAL] SymEvent
Service C:\Windows\system32\drivers\NIS\1308000.00E\Ironx8 6.SYS (Iron Driver/Symantec Corporation) [SYSTEM] SymIRON
Service C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDI V.SYS (Network Dispatch Driver/Symantec Corporation) [SYSTEM] SYMTDIv
Service C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft Repair Service/SupportSoft, Inc.) [AUTO] tgsrvc_TalkTalk
Service Windows Workflow Foundation 3.0.0.0
Service WSearchIdxPi

---- EOF - GMER 1.0.15 ----
Reply With Quote
  #9  
Old September 21st, 2012, 11:08 AM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
second scan
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-21 11:01:10
Windows 6.0.6001 Service Pack 1
Running: z7x59y58.exe; Driver: C:\Users\Bill\AppData\Local\Temp\kwldqpod.sys


---- Modules - GMER 1.0.15 ----

Module \SystemRoot\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) 83E40000-841F9000 (3903488 bytes)
Module \SystemRoot\system32\hal.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E0D000-83E40000 (208896 bytes)
Module \SystemRoot\system32\kdcom.dll (Kernel Debugger HW Extension DLL/Microsoft Corporation) 8040B000-80413000 (32768 bytes)
Module \SystemRoot\system32\mcupdate_GenuineIntel.dll (Intel Microcode Update Library/Microsoft Corporation) 80413000-80473000 (393216 bytes)
Module \SystemRoot\system32\PSHED.dll (Platform Specific Hardware Error Driver/Microsoft Corporation) 80473000-80484000 (69632 bytes)
Module \SystemRoot\system32\BOOTVID.dll (VGA Boot Driver/Microsoft Corporation) 80484000-8048C000 (32768 bytes)
Module \SystemRoot\system32\CLFS.SYS (Common Log File System Driver/Microsoft Corporation) 8048C000-804CD000 (266240 bytes)
Module \SystemRoot\system32\CI.dll (Code Integrity Module/Microsoft Corporation) 804CD000-805AD000 (917504 bytes)
Module \SystemRoot\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) 80607000-80683000 (507904 bytes)
Module \SystemRoot\system32\drivers\WDFLDR.SYS (WDFLDR/Microsoft Corporation) 80683000-80690000 (53248 bytes)
Module \SystemRoot\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) 80690000-806D6000 (286720 bytes)
Module \SystemRoot\system32\drivers\WMILIB.SYS (WMILIB WMI support library Dll/Microsoft Corporation) 806D6000-806DF000 (36864 bytes)
Module \SystemRoot\system32\drivers\msisadrv.sys (ISA Driver/Microsoft Corporation) 806DF000-806E7000 (32768 bytes)
Module \SystemRoot\system32\drivers\pci.sys (NT Plug and Play PCI Enumerator/Microsoft Corporation) 806E7000-8070E000 (159744 bytes)
Module \SystemRoot\System32\drivers\partmgr.sys (Partition Management Driver/Microsoft Corporation) 8070E000-8071D000 (61440 bytes)
Module \SystemRoot\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) 8071D000-8072C000 (61440 bytes)
Module \SystemRoot\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) 8072C000-80776000 (303104 bytes)
Module \SystemRoot\system32\drivers\pciide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) 80776000-8077D000 (28672 bytes)
Module \SystemRoot\system32\drivers\PCIIDEX.SYS (PCI IDE Bus Driver Extension/Microsoft Corporation) 8077D000-8078B000 (57344 bytes)
Module \SystemRoot\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) 8078B000-8079B000 (65536 bytes)
Module \SystemRoot\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) 8079B000-807A3000 (32768 bytes)
Module \SystemRoot\system32\drivers\ataport.SYS (ATAPI Driver Extension/Microsoft Corporation) 807A3000-807C1000 (122880 bytes)
Module \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) 807C1000-807F3000 (204800 bytes)
Module \SystemRoot\system32\drivers\NIS\1308000.00E\SYMDS .SYS (Symantec Data Store/Symantec Corporation) 89405000-8945C000 (356352 bytes)
Module \SystemRoot\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) 8945C000-8946C000 (65536 bytes)
Module \SystemRoot\system32\drivers\NIS\1308000.00E\SYMEF A.SYS (Symantec Extended File Attributes/Symantec Corporation) 8946C000-89554000 (950272 bytes)
Module \SystemRoot\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) 89554000-895C5000 (462848 bytes)
Module \SystemRoot\system32\drivers\ndis.sys (NDIS 6.0 wrapper driver/Microsoft Corporation) 89608000-89713000 (1093632 bytes)
Module \SystemRoot\system32\drivers\msrpc.sys (Kernel Remote Procedure Call Provider/Microsoft Corporation) 89713000-8973E000 (176128 bytes)
Module \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation) 8973E000-89778000 (237568 bytes)
Module \SystemRoot\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) 89801000-898EA000 (954368 bytes)
Module \SystemRoot\System32\drivers\fwpkclnt.sys (FWP/IPsec Kernel-Mode API/Microsoft Corporation) 898EA000-89905000 (110592 bytes)
Module \SystemRoot\System32\Drivers\Ntfs.sys (NT File System Driver/Microsoft Corporation) 89A0F000-89B1E000 (1110016 bytes)
Module \SystemRoot\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) 89B1E000-89B57000 (233472 bytes)
Module \SystemRoot\System32\Drivers\spldr.sys (loader for security processor/Microsoft Corporation) 89B57000-89B5F000 (32768 bytes)
Module \SystemRoot\System32\Drivers\RapportKELL.sys (RapportKE/Trusteer Ltd.) 89B5F000-89B6D000 (57344 bytes)
Module \SystemRoot\System32\Drivers\mup.sys (Multiple UNC Provider driver/Microsoft Corporation) 89B6D000-89B7C000 (61440 bytes)
Module \SystemRoot\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) 89B7C000-89BA3000 (159744 bytes)
Module \SystemRoot\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) 89BA3000-89BB4000 (69632 bytes)
Module \SystemRoot\system32\drivers\CLASSPNP.SYS (SCSI Class System Dll/Microsoft Corporation) 89BB4000-89BD5000 (135168 bytes)
Module \SystemRoot\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) 89BD5000-89BDE000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) 89A00000-89A0B000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) 89905000-8990E000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) 8990E000-8991D000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) 8991D000-89930000 (77824 bytes)
Module \SystemRoot\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) 89930000-8993B000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\PS2.sys (PS2 SYS/Hewlett-Packard Company) 8993B000-89940000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) 89940000-8994B000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) 8994B000-89955000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\USBPORT.SYS (USB 1.1 & 2.0 Port Driver/Microsoft Corporation) 89955000-89993000 (253952 bytes)
Module \SystemRoot\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) 89993000-899A2000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) 899A2000-899B4000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\ohci1394.sys (1394 OpenHCI Port Driver/Microsoft Corporation) 899B4000-899C4000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\1394BUS.SYS (1394 Bus Device Driver/Microsoft Corporation) 899C4000-899D2000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) 899D2000-899EA000 (98304 bytes)
Module \SystemRoot\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) 89A0B000-89A0E000 (12288 bytes)
Module \SystemRoot\system32\DRIVERS\nvmfdx32.sys (NVIDIA MCP Networking Function Driver./NVIDIA Corporation) 8E207000-8E304000 (1036288 bytes)
Module \SystemRoot\system32\DRIVERS\nvlddmkm.sys (NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.21 /NVIDIA Corporation) 8EE0B000-8F52A000 (7467008 bytes)
Module \SystemRoot\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) 8F52A000-8F5C9000 (651264 bytes)
Module \SystemRoot\System32\drivers\watchdog.sys (Watchdog Driver/Microsoft Corporation) 8F5C9000-8F5D6000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) 8F5D6000-8F5DF000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) 8E304000-8E332000 (188416 bytes)
Module \SystemRoot\system32\DRIVERS\storport.sys (Microsoft Storage Port Driver/Microsoft Corporation) 8E332000-8E373000 (266240 bytes)
Module \SystemRoot\system32\DRIVERS\TDI.SYS (TDI Wrapper/Microsoft Corporation) 8F5DF000-8F5EA000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\rasl2tp.sys (RAS L2TP mini-port/call-manager driver/Microsoft Corporation) 8E373000-8E38A000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\ndistapi.sys (NDIS 3.0 connection wrapper driver/Microsoft Corporation) 8F5EA000-8F5F5000 (45056 bytes)
Module \SystemRoot\system32\DRIVERS\ndiswan.sys (MS PPP Framing Driver (Strong Encryption)/Microsoft Corporation) 8E38A000-8E3AD000 (143360 bytes)
Module \SystemRoot\system32\DRIVERS\raspppoe.sys (RAS PPPoE mini-port/call-manager driver/Microsoft Corporation) 8E3AD000-8E3BC000 (61440 bytes)
Module \SystemRoot\system32\DRIVERS\raspptp.sys (Peer-to-Peer Tunneling Protocol/Microsoft Corporation) 8E3BC000-8E3D0000 (81920 bytes)
Module \SystemRoot\system32\DRIVERS\rassstp.sys (RAS SSTP Miniport Call Manager/Microsoft Corporation) 8E3D0000-8E3E5000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) 8E3E5000-8E3F5000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) 8F5F5000-8F5F7000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\ks.sys (Kernel CSA Library/Microsoft Corporation) 89778000-897A2000 (172032 bytes)
Module \SystemRoot\system32\DRIVERS\mssmbios.sys (System Management BIOS Driver/Microsoft Corporation) 8EE00000-8EE0A000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) 899EA000-899F7000 (53248 bytes)
Module \SystemRoot\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) 897A2000-897D6000 (212992 bytes)
Module \SystemRoot\System32\Drivers\NDProxy.SYS (NDIS Proxy/Microsoft Corporation) 897D6000-897E7000 (69632 bytes)
Module \SystemRoot\system32\drivers\RTKVHDA.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) 9140F000-91610000 (2101248 bytes)
Module \SystemRoot\system32\drivers\portcls.sys (Port Class (Class Driver for Port/Miniport Devices)/Microsoft Corporation) 91610000-9163D000 (184320 bytes)
Module \SystemRoot\system32\drivers\drmk.sys (Microsoft Kernel DRM Descrambler Filter/Microsoft Corporation) 9163D000-91662000 (151552 bytes)
Module \SystemRoot\system32\drivers\NIS\1308000.00E\ccSet x86.sys (Common Client Settings Driver/Symantec Corporation) 91662000-91686000 (147456 bytes)
Module \SystemRoot\system32\drivers\NIS\1308000.00E\Ironx 86.SYS (Iron Driver/Symantec Corporation) 91686000-916AD000 (159744 bytes)
Module \??\C:\ProgramData\Trusteer\Rapport\store\exts\Rap portCerberus\34302\RapportCerberus32_34302.sys 916AD000-916E3000 (221184 bytes)
Module \SystemRoot\System32\Drivers\Fs_Rec.SYS (File System Recognizer Driver/Microsoft Corporation) 916E3000-916EC000 (36864 bytes)
Module \SystemRoot\System32\Drivers\Null.SYS (NULL Driver/Microsoft Corporation) 916EC000-916F3000 (28672 bytes)
Module \SystemRoot\System32\Drivers\Beep.SYS (BEEP Driver/Microsoft Corporation) 916F3000-916FA000 (28672 bytes)
Module \SystemRoot\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) 916FA000-91706000 (49152 bytes)
Module \SystemRoot\System32\drivers\VIDEOPRT.SYS (Video Port Driver/Microsoft Corporation) 91706000-91727000 (135168 bytes)
Module \SystemRoot\System32\DRIVERS\RDPCDD.sys (RDP Miniport/Microsoft Corporation) 91727000-9172F000 (32768 bytes)
Module \SystemRoot\system32\drivers\rdpencdd.sys (RDP Miniport/Microsoft Corporation) 9172F000-91737000 (32768 bytes)
Module \SystemRoot\System32\Drivers\Msfs.SYS (Mailslot driver/Microsoft Corporation) 91737000-91742000 (45056 bytes)
Module \SystemRoot\System32\Drivers\Npfs.SYS (NPFS Driver/Microsoft Corporation) 91742000-91750000 (57344 bytes)
Module \SystemRoot\System32\DRIVERS\rasacd.sys (RAS Automatic Connection Driver/Microsoft Corporation) 91750000-91759000 (36864 bytes)
Module \SystemRoot\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) 91759000-9176F000 (90112 bytes)
Module \SystemRoot\System32\Drivers\NIS\1308000.00E\SYMTD IV.SYS (Network Dispatch Driver/Symantec Corporation) 9176F000-917CA000 (372736 bytes)
Module \??\C:\Windows\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) 917CA000-917F4000 (172032 bytes)
Module \SystemRoot\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) 897E7000-897FB000 (81920 bytes)
Module \SystemRoot\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) 805AD000-805F5000 (294912 bytes)
Module \SystemRoot\System32\DRIVERS\netbt.sys (MBT Transport driver/Microsoft Corporation) 895C5000-895F7000 (204800 bytes)
Module \SystemRoot\system32\DRIVERS\pacer.sys (QoS Packet Scheduler/Microsoft Corporation) 92809000-9281F000 (90112 bytes)
Module \SystemRoot\system32\DRIVERS\netbios.sys (NetBIOS interface driver/Microsoft Corporation) 9281F000-9282D000 (57344 bytes)
Module \SystemRoot\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) 9282D000-92840000 (77824 bytes)
Module \SystemRoot\system32\drivers\NIS\1308000.00E\SRTSP X.SYS (Symantec AutoProtect/Symantec Corporation) 92840000-92850000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\rdbss.sys (Redirected Drive Buffering SubSystem Driver/Microsoft Corporation) 92850000-9288C000 (245760 bytes)
Module \??\C:\Program_Files\Trusteer\Rapport\bin\RapportP G.sys (RapportPG/Trusteer Ltd.) 9288C000-928B3000 (159744 bytes)
Module \??\C:\Program_Files\Trusteer\Rapport\bin\RapportE I.sys (RapportEI/Trusteer Ltd.) 928B3000-928C3000 (65536 bytes)
Module \SystemRoot\system32\drivers\nsiproxy.sys (NSI Proxy/Microsoft Corporation) 928C3000-928CD000 (40960 bytes)
Module \??\C:\Program_Files\Common_Files\Symantec_Shared\ EENGINE\eeCtrl.sys (Symantec Eraser Control Driver/Symantec Corporation) 92930000-9298F000 (389120 bytes)
Module \??\C:\Program_Files\Common_Files\Symantec_Shared\ EENGINE\EraserUtilRebootDrv.sys (Symantec Eraser Utility Driver/Symantec Corporation) 9298F000-929AD000 (122880 bytes)
Module \SystemRoot\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) 929AD000-929C4000 (94208 bytes)
Module \SystemRoot\system32\DRIVERS\netr73.sys (Ralink 802.11 USB Wireless Adapter Driver/Ralink Technology, Corp.) 93101000-93181000 (524288 bytes)
Module \SystemRoot\system32\DRIVERS\USBD.SYS (Universal Serial Bus Driver/Microsoft Corporation) 93181000-93183000 (8192 bytes)
Module \SystemRoot\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) 93183000-93195000 (73728 bytes)
Module \SystemRoot\System32\Drivers\crashdmp.sys (Crash Dump Driver/Microsoft Corporation) 93195000-931A2000 (53248 bytes)
Module \SystemRoot\System32\Drivers\dump_dumpata.sys 931A2000-931AD000 (45056 bytes)
Module \SystemRoot\System32\Drivers\dump_atapi.sys 931AD000-931B5000 (32768 bytes)
Module \SystemRoot\System32\win32k.sys (Multi-User Win32 Driver/Microsoft Corporation) 9D020000-9D224000 (2113536 bytes)
Module \SystemRoot\System32\drivers\Dxapi.sys (DirectX API Driver/Microsoft Corporation) 931B5000-931BF000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) 931BF000-931CE000 (61440 bytes)
Module \SystemRoot\System32\TSDDD.dll (Framebuffer Display Driver/Microsoft Corporation) 9D240000-9D249000 (36864 bytes)
Module \SystemRoot\System32\cdd.dll (Canonical Display Driver/Microsoft Corporation) 9D260000-9D26E000 (57344 bytes)
Module \SystemRoot\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) 931CE000-931E9000 (110592 bytes)
Module \SystemRoot\system32\drivers\spsys.sys (security processor/Microsoft Corporation) A0405000-A04B4000 (716800 bytes)
Module \SystemRoot\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) A04B4000-A04C4000 (65536 bytes)
Module \SystemRoot\system32\DRIVERS\nwifi.sys (NativeWiFi Miniport Driver/Microsoft Corporation) A04C4000-A04EE000 (172032 bytes)
Module \SystemRoot\system32\DRIVERS\ndisuio.sys (NDIS User mode I/O driver/Microsoft Corporation) A04EE000-A04F8000 (40960 bytes)
Module \SystemRoot\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) A04F8000-A050B000 (77824 bytes)
Module \SystemRoot\system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) A050B000-A0578000 (446464 bytes)
Module \SystemRoot\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) A0578000-A0595000 (118784 bytes)
Module \SystemRoot\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) A0595000-A05AE000 (102400 bytes)
Module \SystemRoot\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) A05AE000-A05C3000 (86016 bytes)
Module \SystemRoot\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) A05C3000-A05E3000 (131072 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) 929C4000-929E3000 (126976 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) A2006000-A203F000 (233472 bytes)
Module \SystemRoot\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) A203F000-A2057000 (98304 bytes)
Module \SystemRoot\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) A2057000-A207F000 (163840 bytes)
Module \SystemRoot\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) A207F000-A20CE000 (323584 bytes)
Module \SystemRoot\system32\drivers\peauth.sys (Protected Environment Authentication and Authorization Export Driver/Microsoft Corporation) A20CE000-A21AC000 (909312 bytes)
Module \SystemRoot\System32\Drivers\secdrv.SYS (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) A21AC000-A21B6000 (40960 bytes)
Module \SystemRoot\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) A21B6000-A21C2000 (49152 bytes)
Module \SystemRoot\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) A21C2000-A21D7000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\WUDFPf.sys (Windows Driver Foundation - User-mode Driver Framework Platform Driver/Microsoft Corporation) A21D7000-A21E9000 (73728 bytes)
Module \SystemRoot\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) A21E9000-A21FF000 (90112 bytes)
Module \SystemRoot\System32\Drivers\NIS\1308000.00E\SRTSP .SYS (Symantec AutoProtect/Symantec Corporation) B1C00000-B1C94000 (606208 bytes)
Module \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS (PCAUSA NDIS 5.0 SPR Protocol Driver/Printing Communications Assoc., Inc. (PCAUSA)) B1FA1000-B1FA6000 (20480 bytes)
Module \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120920.035\NAVEX15.SYS (AV Engine/Symantec Corporation) B1E00000-B1F86000 (1597440 bytes)
Module \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120920.035\NAVENG.SYS (AV Engine/Symantec Corporation) B1F86000-B1F9B000 (86016 bytes)
Module \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20 120919.001\BHDrvx86.sys (BASH Driver/Symantec Corporation) B1CF7000-B1DED000 (1007616 bytes)
Module \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\201 20920.002\IDSvix86.sys (IDS Core Driver/Symantec Corporation) B1C94000-B1CF7000 (405504 bytes)
Module \??\C:\Users\Bill\AppData\Local\Temp\aswMBR.sys B1FB9000-B1FC5000 (49152 bytes)
Module \??\C:\Users\Bill\AppData\Local\Temp\kwldqpod.sys (GMER) B1FC5000-B1FDE000 (102400 bytes)
Module \Windows\System32\ntdll.dll (NT Layer DLL/Microsoft Corporation) 77930000-77A58000 (1212416 bytes)

---- Processes - GMER 1.0.15 ----

Process System Idle 0
Process System 4
Process smss.exe (Windows Session Manager/Microsoft Corporation) 452
Process explorer.exe (Windows Explorer/Microsoft Corporation) 472
Process taskeng.exe (Task Scheduler Engine/Microsoft Corporation) 476
Process iexplore.exe 512
Process csrss.exe (Client Server Runtime Process/Microsoft Corporation) 592
Process wininit.exe (Windows Start-Up Application/Microsoft Corporation) 644
Process csrss.exe (Client Server Runtime Process/Microsoft Corporation) 652
Process services.exe (Services and Controller app/Microsoft Corporation) 688
Process lsass.exe (Local Security Authority Process/Microsoft Corporation) 700
Process lsm.exe (Local Session Manager Service/Microsoft Corporation) 708
Process winlogon.exe (Windows Logon Application/Microsoft Corporation) 792
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 932
Process nvvsvc.exe (NVIDIA Driver Helper Service, Version 175.21/NVIDIA Corporation) 976
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1004
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1160
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1204
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1220
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1232
Process audiodg.exe (Windows Audio Device Graph Isolation /Microsoft Corporation) 1296
Process SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) 1328
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1376
Process EKAiOHostService.exe 1432
Process rundll32.exe (Windows host process (Rundll32)/Microsoft Corporation) 1460
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1548
Process ieuser.exe 1644
Process spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1792
Process z7x59y58.exe 1820
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 1828
Process taskeng.exe (Task Scheduler Engine/Microsoft Corporation) 1932
Process dwm.exe (Desktop Window Manager/Microsoft Corporation) 2044
Process EKPrinterSDK.exe 2220
Process LSSrvc.exe 2312
Process hpswp_clipbook.exe 2328
Process realsched.exe 2348
Process BTHelpNotifier.exe 2360
Process McciCMService.exe 2376
Process ccsvchst.exe 2444
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 2548
Process sprtsvc.exe 2576
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 2620
Process EKStatusMonitor.exe 2676
Process tgsrvc.exe 2692
Process svchost.exe (Host Process for Windows Services/Microsoft Corporation) 2760
Process ccsvchst.exe 2768
Process SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) 2836
Process ehtray.exe 2868
Process SearchProtocolHost.exe (Microsoft Windows Search Protocol Host/Microsoft Corporation) 2936
Process wmpnscfg.exe 2956
Process QuickDCF2.exe 3000
Process HPHC_Service.exe 3132
Process ehmsas.exe 3172
Process WUDFHost.exe (Windows Driver Foundation - User-mode Driver Framework Host Process/Microsoft Corporation) 3312
Process FlashUtil10c.exe 3780
Process wmpnetwk.exe 3820
Process ehsched.exe 4024
Process wuauclt.exe (Windows Update/Microsoft Corporation) 4188
Process dllhost.exe (COM Surrogate/Microsoft Corporation) 4300
Process WmiPrvSE.exe (WMI Provider Host/Microsoft Corporation) 4588
Process SearchFilterHost.exe (Microsoft Windows Search Filter Host/Microsoft Corporation) 5600

---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET CLR Networking 4.0.0.0
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\Windows\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation)
Reply With Quote
  #10  
Old September 21st, 2012, 11:11 AM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
---- Services - GMER 1.0.15 ----

Service .NET CLR Data
Service .NET CLR Networking
Service .NET CLR Networking 4.0.0.0
Service .NET Data Provider for Oracle
Service .NET Data Provider for SqlServer
Service .NETFramework
Service C:\Windows\system32\drivers\acpi.sys (ACPI Driver for NT/Microsoft Corporation) [BOOT] ACPI
Service C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe (Adobe® Flash® Player Update Service 11.4 r402/Adobe Systems Incorporated) [MANUAL] AdobeFlashPlayerUpdateSvc
Service C:\Windows\system32\drivers\adp94xx.sys (Adaptec Windows SAS/SATA Storport Driver/Adaptec, Inc.) [DISABLED] adp94xx
Service C:\Windows\system32\drivers\adpahci.sys (Adaptec Windows SATA Storport Driver/Adaptec, Inc.) [DISABLED] adpahci
Service C:\Windows\system32\drivers\adpu160m.sys (Adaptec LH Ultra160 Driver (x86)/Adaptec, Inc.) [DISABLED] adpu160m
Service C:\Windows\system32\drivers\adpu320.sys (Adaptec StorPort Ultra320 SCSI Driver/Adaptec, Inc.) [DISABLED] adpu320
Service adsi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AeLookupSvc
Service C:\Windows\system32\drivers\afd.sys (Ancillary Function Driver for WinSock/Microsoft Corporation) [SYSTEM] AFD
Service C:\Windows\system32\drivers\agp440.sys (440 NT AGP Filter/Microsoft Corporation) [MANUAL] agp440
Service C:\Windows\system32\drivers\djsvs.sys (Adaptec Ultra SCSI miniport/Adaptec, Inc.) [DISABLED] aic78xx
Service C:\Windows\System32\alg.exe (Application Layer Gateway Service/Microsoft Corporation) [MANUAL] ALG
Service C:\Windows\system32\drivers\aliide.sys (ALi mini IDE Driver/Acer Laboratories Inc.) [DISABLED] aliide
Service C:\Windows\system32\drivers\amdagp.sys (AMD NT AGP Filter/Microsoft Corporation) [MANUAL] amdagp
Service C:\Windows\system32\drivers\amdide.sys (AMD IDE Driver/Microsoft Corporation) [DISABLED] amdide
Service C:\Windows\system32\drivers\amdk7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK7
Service C:\Windows\system32\drivers\amdk8.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] AmdK8
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Appinfo
Service C:\Windows\system32\drivers\arc.sys (Adaptec RAID Storport Driver/Adaptec, Inc.) [DISABLED] arc
Service C:\Windows\system32\drivers\arcsas.sys (Adaptec SAS RAID WS03 Driver/Adaptec, Inc.) [DISABLED] arcsas
Service C:\Windows\system32\DRIVERS\asyncmac.sys (MS Remote Access serial network driver/Microsoft Corporation) [MANUAL] AsyncMac
Service C:\Windows\system32\drivers\atapi.sys (ATAPI IDE Miniport Driver/Microsoft Corporation) [BOOT] atapi
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] AudioEndpointBuilder
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Audiosrv
Service (Battery Class Driver/Microsoft Corporation) BattC
Service (BEEP Driver/Microsoft Corporation) [SYSTEM] Beep
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BFE
Service C:\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20 120919.001\BHDrvx86.sys [SYSTEM] BHDrvx86
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] BITS
Service C:\Windows\system32\drivers\blbdrive.sys (BLB Drive Driver/Microsoft Corporation) [DISABLED] blbdrive
Service C:\Windows\system32\DRIVERS\bowser.sys (NT Lan Manager Datagram Receiver Driver/Microsoft Corporation) [MANUAL] bowser
Service C:\Windows\system32\drivers\brfiltlo.sys (Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltLo
Service C:\Windows\system32\drivers\brfiltup.sys (Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver/Brother Industries, Ltd.) [MANUAL] BrFiltUp
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Browser
Service C:\Windows\system32\drivers\brserid.sys (Brotehr Serial I/F Driver (WDM)/Brother Industries Ltd.) [DISABLED] Brserid
Service C:\Windows\system32\drivers\brserwdm.sys (Brother Serial driver (WDM version)/Brother Industries Ltd.) [DISABLED] BrSerWdm
Service C:\Windows\system32\drivers\brusbmdm.sys (Brother USB MDM Driver /Brother Industries Ltd.) [DISABLED] BrUsbMdm
Service C:\Windows\system32\drivers\brusbser.sys (Brother USB Serial Driver/Brother Industries Ltd.) [MANUAL] BrUsbSer
Service C:\Windows\system32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation) [DISABLED] BTHMODEM
Service C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx 86.sys (Common Client Settings Driver/Symantec Corporation) [SYSTEM] ccSet_NIS
Service C:\Windows\system32\DRIVERS\cdfs.sys (CD-ROM File System Driver/Microsoft Corporation) [DISABLED] cdfs
Service C:\Windows\system32\DRIVERS\cdrom.sys (SCSI CD-ROM Driver/Microsoft Corporation) [SYSTEM] cdrom
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] CertPropSvc
Service C:\Windows\system32\drivers\circlass.sys (Consumer IR Class Driver for eHome/Microsoft Corporation) [DISABLED] circlass
Service C:\Windows\System32\CLFS.sys (Common Log File System Driver/Microsoft Corporation) [BOOT] CLFS
Service C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [DISABLED] clr_optimization_v2.0.50727_32
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe (.NET Runtime Optimization Service/Microsoft Corporation) [AUTO] clr_optimization_v4.0.30319_32
Service C:\Windows\system32\drivers\cmdide.sys (CMD PCI IDE Bus Driver/CMD Technology, Inc.) [DISABLED] cmdide
Service C:\Windows\system32\drivers\compbatt.sys (Composite Battery Driver/Microsoft Corporation) [DISABLED] Compbatt
Service C:\Windows\system32\dllhost.exe (COM Surrogate/Microsoft Corporation) [MANUAL] COMSysApp
Service C:\Windows\system32\drivers\crcdisk.sys (Disk Block Verification Filter Driver/Microsoft Corporation) [BOOT] crcdisk
Service C:\Windows\system32\drivers\crusoe.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] Crusoe
Service crypt32
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] CryptSvc
Service DCLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DcomLaunch
Service C:\Windows\System32\Drivers\dfsc.sys (DFS Namespace Client Driver/Microsoft Corporation) [SYSTEM] DfsC
Service C:\Windows\system32\DFSR.exe (Distributed File System Replication/Microsoft Corporation) [MANUAL] DFSR
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dhcp
Service C:\Windows\system32\drivers\disk.sys (PnP Disk Driver/Microsoft Corporation) [BOOT] disk
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Dnscache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] dot3svc
Service C:\Windows\system32\DRIVERS\Dot4.sys (IEEE-1284.4-1999 Driver/Microsoft Corporation) [MANUAL] Dot4
Service C:\Windows\system32\DRIVERS\Dot4Prt.sys (IEEE-1284.4 Print Class Driver/Microsoft Corporation) [MANUAL] Dot4Print
Service C:\Windows\system32\DRIVERS\dot4usb.sys (DOT4USB filter driver/Microsoft Corporation) [MANUAL] dot4usb
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] DPS
Service C:\Windows\system32\drivers\drmkaud.sys (Microsoft Kernel DRM Audio Descrambler Filter/Microsoft Corporation) [MANUAL] drmkaud
Service C:\Windows\System32\drivers\dxgkrnl.sys (DirectX Graphics Kernel/Microsoft Corporation) [MANUAL] DXGKrnl
Service C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver/Intel Corporation) [MANUAL] E1G60
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] EapHost
Service C:\Windows\System32\drivers\ecache.sys (Special Memory Device Cache/Microsoft Corporation) [BOOT] Ecache
Service C:\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [SYSTEM] eeCtrl
Service C:\Windows\ehome\ehRecvr.exe (Windows Media Center Receiver Service/Microsoft Corporation) [MANUAL] ehRecvr
Service C:\Windows\ehome\ehsched.exe (Windows Media Center Scheduler Service/Microsoft Corporation) [MANUAL] ehSched
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ehstart
Service C:\Windows\system32\drivers\elxstor.sys (Storport Miniport Driver for LightPulse HBAs/Emulex) [DISABLED] elxstor
Service EmdCache
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EMDMgmt
Service C:\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [MANUAL] EraserUtilRebootDrv
Service C:\Windows\system32\drivers\errdev.sys (Error Device Driver/Microsoft Corporation) [DISABLED] ErrDev
Service ESENT
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Eventlog
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] EventSystem
Service (Microsoft Extended FAT File System/Microsoft Corporation) [MANUAL] exfat
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ezSharedSvc
Service (Fast FAT File System Driver/Microsoft Corporation) [MANUAL] fastfat
Service C:\Windows\system32\DRIVERS\fdc.sys (Floppy Disk Controller Driver/Microsoft Corporation) [DISABLED] fdc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] fdPHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] FDResPub
Service C:\Windows\system32\drivers\fileinfo.sys (FileInfo Filter Driver/Microsoft Corporation) [BOOT] FileInfo
Service C:\Windows\system32\drivers\filetrace.sys (File Trace Filter Driver/Microsoft Corporation) [MANUAL] Filetrace
Service C:\Windows\system32\DRIVERS\flpydisk.sys (Floppy Driver/Microsoft Corporation) [DISABLED] flpydisk
Service C:\Windows\system32\drivers\fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) [BOOT] FltMgr
Service C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe (PresentationFontCache.exe/Microsoft Corporation) [MANUAL] FontCache3.0.0.0
Service (File System Recognizer Driver/Microsoft Corporation) [SYSTEM] Fs_Rec
Service C:\Windows\system32\drivers\gagp30kx.sys (MS Generic AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] gagp30kx
Service C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (GameConsoleService/WildTangent, Inc.) [MANUAL] GameConsoleService
Service C:\Windows\System32\Drivers\GEARAspiWDM.sys (CD DVD Filter/GEAR Software Inc.) [MANUAL] GEARAspiWDM
Service C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online GoToAssist Corporate/Citrix Online, a division of Citrix Systems, Inc.) [MANUAL] GoToAssist
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] gpsvc
Service C:\Windows\system32\DRIVERS\HDAudBus.sys (High Definition Audio Bus Driver/Microsoft Corporation) [MANUAL] HDAudBus
Service C:\Windows\system32\drivers\hidbth.sys (Bluetooth Miniport Driver for HID Devices/Microsoft Corporation) [DISABLED] HidBth
Service C:\Windows\system32\drivers\hidir.sys (Infrared Miniport Driver for Input Devices/Microsoft Corporation) [DISABLED] HidIr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hidserv
Service C:\Windows\system32\drivers\hidusb.sys (USB Miniport Driver for Input Devices/Microsoft Corporation) [DISABLED] HidUsb
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hkmsvc
Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (HP Health Check Service/Hewlett-Packard) [AUTO] HP Health Check Service
Service C:\Windows\system32\drivers\hpcisss.sys (Smart Array Storport Driver/Hewlett-Packard Company) [DISABLED] HpCISSs
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] hpqcxs08
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] hpqddsvc
Service C:\Windows\system32\drivers\HTTP.sys (HTTP Protocol Stack/Microsoft Corporation) [MANUAL] HTTP
Service C:\Windows\system32\drivers\i2omp.sys (I2O Miniport Driver/Microsoft Corporation) [DISABLED] i2omp
Service C:\Windows\system32\DRIVERS\i8042prt.sys (i8042 Port Driver/Microsoft Corporation) [SYSTEM] i8042prt
Service C:\Windows\system32\drivers\iastorv.sys (Intel Matrix Storage Manager driver (base)/Intel Corporation) [DISABLED] iaStorV
Service C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Windows CardSpace/Microsoft Corporation) [MANUAL] idsvc
Service C:\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\201 20920.002\IDSvix86.sys [SYSTEM] IDSVix86
Service C:\Windows\system32\drivers\iirsp.sys (Intel/ICP Raid Storport Driver/Intel Corp./ICP vortex GmbH) [DISABLED] iirsp
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] IKEEXT
Service inetaccs
Service C:\Windows\system32\drivers\RTKVHDA.sys (Realtek(r) High Definition Audio Function Driver/Realtek Semiconductor Corp.) [MANUAL] IntcAzAudAddService
Service C:\Windows\system32\drivers\intelide.sys (Intel PCI IDE Driver/Microsoft Corporation) [DISABLED] intelide
Service C:\Windows\system32\DRIVERS\intelppm.sys (Processor Device Driver/Microsoft Corporation) [MANUAL] intelppm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] IPBusEnum
Service C:\Windows\system32\DRIVERS\ipfltdrv.sys (IP FILTER DRIVER/Microsoft Corporation) [MANUAL] IpFilterDriver
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] iphlpsvc
Service system32\DRIVERS\ipinip.sys [MANUAL] IpInIp
Service C:\Windows\system32\drivers\ipmidrv.sys (WMI IPMI DRIVER/Microsoft Corporation) [DISABLED] IPMIDRV
Service C:\Windows\system32\DRIVERS\ipnat.sys (IP Network Address Translator/Microsoft Corporation) [MANUAL] IPNAT
Service C:\Windows\system32\drivers\irenum.sys (Infra-Red Bus Enumerator/Microsoft Corporation) [MANUAL] IRENUM
Service C:\Windows\system32\drivers\isapnp.sys (PNP ISA Bus Driver/Microsoft Corporation) [DISABLED] isapnp
Service C:\Windows\system32\DRIVERS\msiscsi.sys (Microsoft iSCSI Initiator Driver/Microsoft Corporation) [MANUAL] iScsiPrt
Service C:\Windows\system32\drivers\iteatapi.sys (ITE IT8211 ATA/ATAPI SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteatapi
Service C:\Windows\system32\drivers\iteraid.sys (ITE IT8212 ATA RAID SCSI miniport/Integrated Technology Express, Inc.) [DISABLED] iteraid
Service C:\Windows\system32\DRIVERS\kbdclass.sys (Keyboard Class Driver/Microsoft Corporation) [SYSTEM] kbdclass
Service C:\Windows\system32\drivers\kbdhid.sys (HID Keyboard Filter Driver/Microsoft Corporation) [DISABLED] kbdhid
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [MANUAL] KeyIso
Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (EKAiOHostService Module for Kodak AiO Printers/Eastman Kodak Company) [AUTO] Kodak AiO Network Discovery Service
Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Status Monitor SDK for KODAK AiO Printer (32-Bit Intel(R) Pentium(TM) 4 Optimized Build)/Eastman Kodak Company) [AUTO] Kodak AiO Status Monitor Service
Service C:\Windows\System32\Drivers\ksecdd.sys (Kernel Security Support Provider Interface/Microsoft Corporation) [BOOT] KSecDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] KtmRm
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanServer
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] LanmanWorkstation
Service ldap
Service c:\Program Files\Common Files\LightScribe\LSSrvc.exe (LightScribe Service/Hewlett-Packard Company) [AUTO] LightScribeService
Service C:\Windows\system32\DRIVERS\lltdio.sys (Link-Layer Topology Mapper I/O Driver/Microsoft Corporation) [AUTO] lltdio
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] lltdsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] lmhosts
Service Lsa
Service C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic Fusion-MPT FC Driver (StorPort)/LSI Logic) [DISABLED] LSI_FC
Service C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic Fusion-MPT SAS Driver (StorPort)/LSI Logic) [DISABLED] LSI_SAS
Service C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic Fusion-MPT SCSI Driver (StorPort)/LSI Logic) [DISABLED] LSI_SCSI
Service C:\Windows\system32\drivers\luafv.sys (LUA File Virtualization Filter Driver/Microsoft Corporation) [AUTO] luafv
Service C:\Program Files\Common Files\Motive\McciCMService.exe (mcci+McciCMService/Alcatel-Lucent) [AUTO] McciCMService
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] Mcx2Svc
Service C:\Windows\system32\drivers\megasas.sys (MEGASAS RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Corporation) [DISABLED] megasas
Service C:\Windows\system32\drivers\megasr.sys (LSI MegaRAID Software RAID Driver/LSI Corporation, Inc.) [DISABLED] MegaSR
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MMCSS
Service C:\Windows\system32\drivers\modem.sys (Modem Device Driver/Microsoft Corporation) [MANUAL] Modem
Service C:\Windows\system32\DRIVERS\monitor.sys (Monitor Driver/Microsoft Corporation) [MANUAL] monitor
Service C:\Windows\system32\DRIVERS\mouclass.sys (Mouse Class Driver/Microsoft Corporation) [SYSTEM] mouclass
Service C:\Windows\system32\drivers\mouhid.sys (HID Mouse Filter Driver/Microsoft Corporation) [DISABLED] mouhid
Service C:\Windows\System32\drivers\mountmgr.sys (Mount Point Manager/Microsoft Corporation) [BOOT] MountMgr
Service C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) [MANUAL] MozillaMaintenance
Service C:\Windows\system32\drivers\mpio.sys (MultiPath Support Bus-Driver/Microsoft Corporation) [DISABLED] mpio
Service C:\Windows\System32\drivers\mpsdrv.sys (Microsoft Protection Service Driver/Microsoft Corporation) [MANUAL] mpsdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] MpsSvc
Service C:\Windows\system32\drivers\mraid35x.sys (MegaRAID RAID Controller Driver for Windows Vista/Longhorn for x86/LSI Logic Corporation) [DISABLED] Mraid35x
Service C:\??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [MANUAL] MREMP50
Service C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [MANUAL] MREMPR5
Service C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [MANUAL] MRENDIS5
Service C:\??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [MANUAL] MRESP50
Service C:\Windows\system32\drivers\mrxdav.sys (Windows NT WebDav Minirdr/Microsoft Corporation) [MANUAL] MRxDAV
Service C:\Windows\system32\DRIVERS\mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) [MANUAL] mrxsmb
Service C:\Windows\system32\DRIVERS\mrxsmb10.sys (Longhorn SMB Downlevel SubRdr/Microsoft Corporation) [MANUAL] mrxsmb10
Service C:\Windows\system32\DRIVERS\mrxsmb20.sys (Longhorn SMB 2.0 Redirector/Microsoft Corporation) [MANUAL] mrxsmb20
Service C:\Windows\system32\drivers\msahci.sys (MS AHCI 1.0 Standard Driver/Microsoft Corporation) [DISABLED] msahci
Service C:\Windows\system32\drivers\msdsm.sys (Microsoft Device Specific Module/Microsoft Corporation) [DISABLED] msdsm
Service C:\Windows\System32\msdtc.exe (MS DTCconsole program/Microsoft Corporation)
Reply With Quote
  #11  
Old September 21st, 2012, 11:18 AM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
Service (RDP Terminal Stack Driver/Microsoft Corporation) [MANUAL] RDPWD
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] RemoteAccess
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] RemoteRegistry
Service C:\Windows\system32\locator.exe (Rpc Locator/Microsoft Corporation) [MANUAL] RpcLocator
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] RpcSs
Service C:\Windows\system32\DRIVERS\rspndr.sys (Link-Layer Topology Responder Driver for NDIS 6/Microsoft Corporation) [AUTO] rspndr
Service C:\Windows\system32\lsass.exe (Local Security Authority Process/Microsoft Corporation) [AUTO] SamSs
Service C:\Windows\system32\drivers\sbp2port.sys (SBP-2 Protocol Driver/Microsoft Corporation) [DISABLED] sbp2port
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCardSvr
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Schedule
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SCPolicySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SDRSVC
Service (Macrovision SECURITY Driver/Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [AUTO] secdrv
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] seclogon
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SENS
Service C:\Windows\system32\drivers\serenum.sys (Serial Port Enumerator/Microsoft Corporation) [MANUAL] Serenum
Service C:\Windows\system32\drivers\serial.sys (Serial Device Driver/Microsoft Corporation) [DISABLED] Serial
Service C:\Windows\system32\drivers\sermouse.sys (Serial Mouse Filter Driver/Microsoft Corporation) [DISABLED] sermouse
Service ServiceModelEndpoint 3.0.0.0
Service ServiceModelOperation 3.0.0.0
Service ServiceModelService 3.0.0.0
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SessionEnv
Service C:\Windows\system32\drivers\sffdisk.sys (Small Form Factor Disk Driver/Microsoft Corporation) [DISABLED] sffdisk
Service C:\Windows\system32\drivers\sffp_mmc.sys (Small Form Factor MMC Protocol Driver/Microsoft Corporation) [MANUAL] sffp_mmc
Service C:\Windows\system32\drivers\sffp_sd.sys (Small Form Factor SD Protocol Driver/Microsoft Corporation) [MANUAL] sffp_sd
Service C:\Windows\system32\drivers\sfloppy.sys (SCSI Floppy Driver/Microsoft Corporation) [DISABLED] sfloppy
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [DISABLED] SharedAccess
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] ShellHWDetection
Service C:\Windows\system32\drivers\sisagp.sys (SIS NT AGP Filter/Microsoft Corporation) [MANUAL] sisagp
Service C:\Windows\system32\drivers\sisraid2.sys (SiS RAID Stor Miniport Driver/Microsoft Corporation) [DISABLED] SiSRaid2
Service C:\Windows\system32\drivers\sisraid4.sys (SiS AHCI Stor-Miniport Driver/Silicon Integrated Systems) [DISABLED] SiSRaid4
Service C:\Windows\system32\SLsvc.exe (Microsoft Software Licensing Service/Microsoft Corporation) [AUTO] slsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SLUINotify
Service C:\Windows\system32\DRIVERS\smb.sys (SMB Transport driver/Microsoft Corporation) [SYSTEM] Smb
Service SMSvcHost 3.0.0.0
Service SMSvcHost 4.0.0.0
Service C:\Windows\System32\snmptrap.exe (SNMP Trap/Microsoft Corporation) [MANUAL] SNMPTRAP
Service (loader for security processor/Microsoft Corporation) [BOOT] spldr
Service C:\Windows\System32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) [AUTO] Spooler
Service C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft Agent Service/SupportSoft, Inc.) [AUTO] sprtsvc_TalkTalk
Service C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP. SYS (Symantec AutoProtect/Symantec Corporation) [MANUAL] SRTSP
Service C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX .SYS (Symantec AutoProtect/Symantec Corporation) [SYSTEM] SRTSPX
Service C:\Windows\System32\DRIVERS\srv.sys (Server driver/Microsoft Corporation) [MANUAL] srv
Service C:\Windows\System32\DRIVERS\srv2.sys (Smb 2.0 Server driver/Microsoft Corporation) [MANUAL] srv2
Service C:\Windows\System32\DRIVERS\srvnet.sys (Server Network driver/Microsoft Corporation) [MANUAL] srvnet
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SSDPSRV
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] SstpSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] stisvc
Service C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe (ssrc Module/SupportSoft, Inc.) [MANUAL] SupportSoft RemoteAssist
Service C:\Windows\system32\DRIVERS\swenum.sys (Plug and Play Software Device Enumerator/Microsoft Corporation) [MANUAL] swenum
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] swprv
Service C:\Windows\system32\drivers\symc8xx.sys (LSI Logic 8XX SCSI Miniport Driver/LSI Logic) [DISABLED] Symc8xx
Service C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS. SYS (Symantec Data Store/Symantec Corporation) [BOOT] SymDS
Service C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA .SYS (Symantec Extended File Attributes/Symantec Corporation) [BOOT] SymEFA
Service C:\??\C:\Windows\system32\Drivers\SYMEVENT.SYS [MANUAL] SymEvent
Service C:\Windows\system32\drivers\NIS\1308000.00E\Ironx8 6.SYS (Iron Driver/Symantec Corporation) [SYSTEM] SymIRON
Service C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDI V.SYS (Network Dispatch Driver/Symantec Corporation) [SYSTEM] SYMTDIv
Service C:\Windows\system32\drivers\sym_hi.sys (LSI Logic Hi-Perf SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_hi
Service C:\Windows\system32\drivers\sym_u3.sys (LSI Logic Ultra160 SCSI Miniport Driver/LSI Logic) [DISABLED] Sym_u3
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] SysMain
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TabletInputService
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] TapiSrv
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TBS
Service C:\Windows\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [BOOT] Tcpip
Service C:\Windows\system32\DRIVERS\tcpip.sys (TCP/IP Driver/Microsoft Corporation) [MANUAL] Tcpip6
Service C:\Windows\System32\drivers\tcpipreg.sys (TCP/IP Registry Compatibility Driver/Microsoft Corporation) [AUTO] tcpipreg
Service C:\Windows\system32\drivers\tdpipe.sys (Named Pipe Transport Driver/Microsoft Corporation) [MANUAL] TDPIPE
Service C:\Windows\system32\drivers\tdtcp.sys (TCP Transport Driver/Microsoft Corporation) [MANUAL] TDTCP
Service C:\Windows\system32\DRIVERS\tdx.sys (TDI Translation Driver/Microsoft Corporation) [SYSTEM] tdx
Service C:\Windows\system32\DRIVERS\termdd.sys (Terminal Server Driver/Microsoft Corporation) [SYSTEM] TermDD
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TermService
Service C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft Repair Service/SupportSoft, Inc.) [AUTO] tgsrvc_TalkTalk
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Themes
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] THREADORDER
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] TrkWks
Service C:\Windows\servicing\TrustedInstaller.exe (Windows Modules Installer/Microsoft Corporation) [MANUAL] TrustedInstaller
Service TSDDD
Service C:\Windows\System32\DRIVERS\tssecsrv.sys (TS Security Filter Driver/Microsoft Corporation) [MANUAL] tssecsrv
Service C:\Windows\system32\DRIVERS\tunmp.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunmp
Service C:\Windows\system32\DRIVERS\tunnel.sys (Microsoft Tunnel Interface Driver/Microsoft Corporation) [MANUAL] tunnel
Service C:\Windows\system32\drivers\uagp35.sys (MS AGPv3.5 Filter/Microsoft Corporation) [MANUAL] uagp35
Service C:\Windows\system32\DRIVERS\udfs.sys (UDF File System Driver/Microsoft Corporation) [DISABLED] udfs
Service UGatherer
Service UGTHRSVC
Service C:\Windows\system32\UI0Detect.exe (Interactive services detection/Microsoft Corporation) [MANUAL] UI0Detect
Service C:\Windows\system32\drivers\uliagpkx.sys (ULi AGPv3.0 Filter for K8/9 Processor Platforms/Microsoft Corporation) [MANUAL] uliagpkx
Service C:\Windows\system32\drivers\uliahci.sys (ULi SATA Controller Driver/ULi Electronics Inc.) [DISABLED] uliahci
Service C:\Windows\system32\drivers\ulsata.sys (Promise Ultra/Sata Series Driver for Win2003/Promise Technology, Inc.) [DISABLED] UlSata
Service C:\Windows\system32\drivers\ulsata2.sys (Promise SATAII150 Series Windows Drivers/Promise Technology, Inc.) [DISABLED] ulsata2
Service C:\Windows\system32\DRIVERS\umbus.sys (User-Mode Bus Enumerator/Microsoft Corporation) [MANUAL] umbus
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] upnphost
Service usb
Service C:\Windows\system32\DRIVERS\usbccgp.sys (USB Common Class Generic Parent Driver/Microsoft Corporation) [MANUAL] usbccgp
Service C:\Windows\system32\drivers\usbcir.sys (USB Consumer IR Driver for eHome/Microsoft Corporation) [DISABLED] usbcir
Service C:\Windows\system32\DRIVERS\usbehci.sys (EHCI eUSB Miniport Driver/Microsoft Corporation) [MANUAL] usbehci
Service C:\Windows\system32\DRIVERS\usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) [MANUAL] usbhub
Service C:\Windows\system32\DRIVERS\usbohci.sys (OHCI USB Miniport Driver/Microsoft Corporation) [MANUAL] usbohci
Service C:\Windows\system32\DRIVERS\usbprint.sys (USB Printer driver/Microsoft Corporation) [MANUAL] usbprint
Service C:\Windows\system32\DRIVERS\usbscan.sys (USB Scanner Driver/Microsoft Corporation) [MANUAL] usbscan
Service C:\Windows\system32\DRIVERS\USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) [MANUAL] USBSTOR
Service C:\Windows\system32\DRIVERS\usbuhci.sys (UHCI USB Miniport Driver/Microsoft Corporation) [DISABLED] usbuhci
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] UxSms
Service C:\Windows\System32\vds.exe (Virtual Disk Service/Microsoft Corporation) [MANUAL] vds
Service C:\Windows\system32\DRIVERS\vgapnp.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [MANUAL] vga
Service C:\Windows\System32\drivers\vga.sys (VGA/Super VGA Video Driver/Microsoft Corporation) [SYSTEM] VgaSave
Service C:\Windows\system32\drivers\viaagp.sys (VIA NT AGP Filter/Microsoft Corporation) [MANUAL] viaagp
Service C:\Windows\system32\drivers\viac7.sys (Processor Device Driver/Microsoft Corporation) [DISABLED] ViaC7
Service C:\Windows\system32\drivers\viaide.sys (VIA Generic PCI IDE Bus Driver/VIA Technologies, Inc.) [DISABLED] viaide
Service C:\Windows\system32\drivers\volmgr.sys (Volume Manager Driver/Microsoft Corporation) [BOOT] volmgr
Service C:\Windows\System32\drivers\volmgrx.sys (Volume Manager Extension Driver/Microsoft Corporation) [BOOT] volmgrx
Service C:\Windows\system32\drivers\volsnap.sys (Volume Shadow Copy Driver/Microsoft Corporation) [BOOT] volsnap
Service C:\Windows\system32\drivers\vsmraid.sys (VIA RAID DRIVER FOR AMD-X86-64/VIA Technologies Inc.,Ltd) [DISABLED] vsmraid
Service C:\Windows\system32\vssvc.exe (Microsoft® Volume Shadow Copy Service/Microsoft Corporation) [MANUAL] VSS
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] W32Time
Service W3SVC
Service C:\Windows\system32\drivers\wacompen.sys (Wacom Serial Pen Tablet HID Driver/Microsoft Corporation) [DISABLED] WacomPen
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [MANUAL] Wanarp
Service C:\Windows\system32\DRIVERS\wanarp.sys (MS Remote Access and Routing ARP Driver/Microsoft Corporation) [SYSTEM] Wanarpv6
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wcncsvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WcsPlugInService
Service C:\Windows\system32\drivers\wd.sys (Microsoft Watchdog Timer Driver/Microsoft Corporation) [DISABLED] Wd
Service C:\Windows\system32\drivers\Wdf01000.sys (WDF Dynamic/Microsoft Corporation) [BOOT] Wdf01000
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiServiceHost
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WdiSystemHost
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WebClient
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] Wecsvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] wercplsupport
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WerSvc
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WinDefend
Service Windows Workflow Foundation 3.0.0.0
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinHttpAutoProxySvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Winmgmt
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WinRM
Service [MANUAL] Winsock
Service WinSock2
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] Wlansvc
Service C:\Windows\system32\DRIVERS\wmiacpi.sys (Windows Management Interface for ACPI/Microsoft Corporation) [MANUAL] WmiAcpi
Service WmiApRpl
Service C:\Windows\system32\wbem\WmiApSrv.exe (WMI Performance Reverse Adapter/Microsoft Corporation) [MANUAL] wmiApSrv
Service C:\Program Files\Windows Media Player\wmpnetwk.exe (Windows Media Player Network Sharing Service/Microsoft Corporation) [MANUAL] WMPNetworkSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [MANUAL] WPCSvc
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] WPDBusEnum
Service C:\Windows\system32\DRIVERS\wpdusb.sys (WPD USB Driver/Microsoft Corporation) [MANUAL] WpdUsb
Service C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe (wpffontcache_v0400.exe/Microsoft Corporation) [MANUAL] WPFFontCache_v0400
Service C:\Windows\system32\drivers\ws2ifsl.sys (Winsock2 IFS Layer/Microsoft Corporation) [DISABLED] ws2ifsl
Service C:\Windows\System32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wscsvc
Service C:\Windows\system32\SearchIndexer.exe (Microsoft Windows Search Indexer/Microsoft Corporation) [AUTO] WSearch
Service WSearchIdxPi
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wuauserv
Service C:\Windows\system32\DRIVERS\WUDFRd.sys (Windows Driver Foundation - User-mode Driver Framework Reflector/Microsoft Corporation) [MANUAL] WUDFRd
Service C:\Windows\system32\svchost.exe (Host Process for Windows Services/Microsoft Corporation) [AUTO] wudfsvc
Service xmlprov
Service {1247EF16-3909-48B5-ABD3-9F13A4B38609}
Service {57E83314-4ECD-4301-8B98-C873FA7D707A}

---- EOF - GMER 1.0.15 ----
Reply With Quote
  #12  
Old September 22nd, 2012, 12:16 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,391
Sure smells like a Winsock bootkit:

Service [MANUAL] Winsock
Service WinSock2

Service {1247EF16-3909-48B5-ABD3-9F13A4B38609}
Service {57E83314-4ECD-4301-8B98-C873FA7D707A}

Unknown network devices, and those odd Winsock entries (not real sure of a reason for it to be manual etc.).


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.
Reply With Quote
  #13  
Old September 24th, 2012, 10:46 AM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
thankyou tom for your time.


10:38:00.0589 5612 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
10:38:00.0792 5612 ================================================== ==========
10:38:00.0792 5612 Current date / time: 2012/09/24 10:38:00.0792
10:38:00.0792 5612 SystemInfo:
10:38:00.0792 5612
10:38:00.0792 5612 OS Version: 6.0.6001 ServicePack: 1.0
10:38:00.0792 5612 Product type: Workstation
10:38:00.0792 5612 ComputerName: BILL-PC
10:38:00.0792 5612 UserName: Bill
10:38:00.0792 5612 Windows directory: C:\Windows
10:38:00.0792 5612 System windows directory: C:\Windows
10:38:00.0792 5612 Processor architecture: Intel x86
10:38:00.0792 5612 Number of processors: 2
10:38:00.0792 5612 Page size: 0x1000
10:38:00.0792 5612 Boot type: Normal boot
10:38:00.0792 5612 ================================================== ==========
10:38:03.0225 5612 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
10:38:03.0256 5612 ================================================== ==========
10:38:03.0256 5612 \Device\Harddisk0\DR0:
10:38:03.0256 5612 MBR partitions:
10:38:03.0256 5612 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23F622B1
10:38:03.0256 5612 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23F622F0, BlocksNum 0x14CB020
10:38:03.0256 5612 ================================================== ==========
10:38:03.0319 5612 C: <-> \Device\Harddisk0\DR0\Partition1
10:38:03.0537 5612 D: <-> \Device\Harddisk0\DR0\Partition2
10:38:03.0537 5612 ================================================== ==========
10:38:03.0537 5612 Initialize success
10:38:03.0537 5612 ================================================== ==========
10:38:09.0200 5824 ================================================== ==========
10:38:09.0200 5824 Scan started
10:38:09.0200 5824 Mode: Manual;
10:38:09.0200 5824 ================================================== ==========
10:38:10.0308 5824 ================ Scan system memory ========================
10:38:10.0308 5824 System memory - ok
10:38:10.0308 5824 ================ Scan services =============================
10:38:10.0448 5824 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
10:38:10.0464 5824 ACPI - ok
10:38:10.0526 5824 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
10:38:10.0526 5824 AdobeFlashPlayerUpdateSvc - ok
10:38:10.0573 5824 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:38:10.0588 5824 adp94xx - ok
10:38:10.0635 5824 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:38:10.0635 5824 adpahci - ok
10:38:10.0651 5824 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:38:10.0651 5824 adpu160m - ok
10:38:10.0682 5824 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:38:10.0682 5824 adpu320 - ok
10:38:10.0729 5824 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:38:10.0729 5824 AeLookupSvc - ok
10:38:10.0776 5824 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
10:38:10.0791 5824 AFD - ok
10:38:10.0822 5824 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:38:10.0822 5824 agp440 - ok
10:38:10.0854 5824 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:38:10.0854 5824 aic78xx - ok
10:38:10.0900 5824 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:38:10.0900 5824 ALG - ok
10:38:10.0916 5824 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
10:38:10.0916 5824 aliide - ok
10:38:10.0947 5824 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:38:10.0947 5824 amdagp - ok
10:38:10.0978 5824 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
10:38:10.0978 5824 amdide - ok
10:38:10.0994 5824 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:38:10.0994 5824 AmdK7 - ok
10:38:11.0025 5824 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:38:11.0025 5824 AmdK8 - ok
10:38:11.0056 5824 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:38:11.0072 5824 Appinfo - ok
10:38:11.0103 5824 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
10:38:11.0103 5824 arc - ok
10:38:11.0150 5824 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:38:11.0150 5824 arcsas - ok
10:38:11.0181 5824 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:38:11.0181 5824 AsyncMac - ok
10:38:11.0212 5824 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
10:38:11.0212 5824 atapi - ok
10:38:11.0275 5824 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:38:11.0275 5824 AudioEndpointBuilder - ok
10:38:11.0290 5824 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:38:11.0290 5824 Audiosrv - ok
10:38:11.0322 5824 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:38:11.0322 5824 Beep - ok
10:38:11.0353 5824 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
10:38:11.0368 5824 BFE - ok
10:38:11.0571 5824 [ C364F02969E9A842321DD91BCFF749D4 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20 120919.001\BHDrvx86.sys
10:38:11.0602 5824 BHDrvx86 - ok
10:38:11.0665 5824 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
10:38:11.0680 5824 BITS - ok
10:38:11.0712 5824 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:38:11.0712 5824 blbdrive - ok
10:38:11.0774 5824 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:38:11.0774 5824 bowser - ok
10:38:11.0790 5824 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:38:11.0790 5824 BrFiltLo - ok
10:38:11.0805 5824 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:38:11.0821 5824 BrFiltUp - ok
10:38:11.0883 5824 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:38:11.0883 5824 Browser - ok
10:38:11.0914 5824 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:38:11.0914 5824 Brserid - ok
10:38:11.0930 5824 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:38:11.0930 5824 BrSerWdm - ok
10:38:11.0961 5824 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:38:11.0961 5824 BrUsbMdm - ok
10:38:11.0977 5824 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:38:11.0977 5824 BrUsbSer - ok
10:38:12.0008 5824 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:38:12.0008 5824 BTHMODEM - ok
10:38:12.0148 5824 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1308000.00E\ccSetx 86.sys
10:38:12.0164 5824 ccSet_NIS - ok
10:38:12.0226 5824 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:38:12.0226 5824 cdfs - ok
10:38:12.0258 5824 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:38:12.0289 5824 cdrom - ok
10:38:12.0320 5824 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
10:38:12.0320 5824 CertPropSvc - ok
10:38:12.0351 5824 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
10:38:12.0351 5824 circlass - ok
10:38:12.0382 5824 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
10:38:12.0382 5824 CLFS - ok
10:38:12.0445 5824 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe
10:38:12.0445 5824 clr_optimization_v2.0.50727_32 - ok
10:38:12.0538 5824 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
10:38:12.0538 5824 clr_optimization_v4.0.30319_32 - ok
10:38:12.0570 5824 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:38:12.0570 5824 cmdide - ok
10:38:12.0601 5824 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:38:12.0601 5824 Compbatt - ok
10:38:12.0616 5824 COMSysApp - ok
10:38:12.0648 5824 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:38:12.0648 5824 crcdisk - ok
10:38:12.0679 5824 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:38:12.0679 5824 Crusoe - ok
10:38:12.0726 5824 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:38:12.0726 5824 CryptSvc - ok
10:38:12.0772 5824 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:38:12.0788 5824 DcomLaunch - ok
10:38:12.0835 5824 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:38:12.0835 5824 DfsC - ok
10:38:12.0944 5824 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
10:38:12.0975 5824 DFSR - ok
10:38:13.0006 5824 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:38:13.0006 5824 Dhcp - ok
10:38:13.0038 5824 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
10:38:13.0038 5824 disk - ok
10:38:13.0084 5824 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:38:13.0084 5824 Dnscache - ok
10:38:13.0100 5824 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
10:38:13.0116 5824 dot3svc - ok
10:38:13.0147 5824 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
10:38:13.0162 5824 Dot4 - ok
10:38:13.0178 5824 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:38:13.0178 5824 Dot4Print - ok
10:38:13.0194 5824 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
10:38:13.0194 5824 dot4usb - ok
10:38:13.0225 5824 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:38:13.0225 5824 DPS - ok
10:38:13.0272 5824 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:38:13.0272 5824 drmkaud - ok
10:38:13.0303 5824 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:38:13.0318 5824 DXGKrnl - ok
10:38:13.0365 5824 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:38:13.0365 5824 E1G60 - ok
10:38:13.0396 5824 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:38:13.0396 5824 EapHost - ok
10:38:13.0428 5824 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:38:13.0428 5824 Ecache - ok
10:38:13.0521 5824 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
10:38:13.0537 5824 eeCtrl - ok
10:38:13.0599 5824 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:38:13.0599 5824 ehRecvr - ok
10:38:13.0630 5824 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:38:13.0630 5824 ehSched - ok
10:38:13.0646 5824 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:38:13.0646 5824 ehstart - ok
10:38:13.0693 5824 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:38:13.0708 5824 elxstor - ok
10:38:13.0755 5824 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:38:13.0786 5824 EMDMgmt - ok
10:38:13.0849 5824 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:38:13.0849 5824 EraserUtilRebootDrv - ok
10:38:13.0880 5824 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:38:13.0896 5824 ErrDev - ok
10:38:13.0942 5824 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
10:38:13.0942 5824 EventSystem - ok
10:38:13.0989 5824 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
10:38:13.0989 5824 exfat - ok
10:38:14.0020 5824 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
10:38:14.0020 5824 ezSharedSvc - ok
10:38:14.0067 5824 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:38:14.0067 5824 fastfat - ok
10:38:14.0114 5824 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:38:14.0114 5824 fdc - ok
10:38:14.0145 5824 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:38:14.0145 5824 fdPHost - ok
10:38:14.0176 5824 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:38:14.0176 5824 FDResPub - ok
10:38:14.0223 5824 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:38:14.0223 5824 FileInfo - ok
10:38:14.0239 5824 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:38:14.0254 5824 Filetrace - ok
10:38:14.0270 5824 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:38:14.0270 5824 flpydisk - ok
10:38:14.0286 5824 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:38:14.0286 5824 FltMgr - ok
10:38:14.0395 5824 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\Presen tationFontCache.exe
10:38:14.0395 5824 FontCache3.0.0.0 - ok
10:38:14.0426 5824 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:38:14.0426 5824 Fs_Rec - ok
10:38:14.0457 5824 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:38:14.0473 5824 gagp30kx - ok
10:38:14.0582 5824 [ 44D07E5A444692E9B6A5CDD7401B4402 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
10:38:14.0629 5824 GameConsoleService - ok
10:38:14.0676 5824 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
10:38:14.0676 5824 GEARAspiWDM - ok
10:38:14.0754 5824 [ 5CC2B1D06AC1962AF5FBBCF88D781DD8 ] GoToAssist C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
10:38:14.0769 5824 GoToAssist - ok
10:38:14.0910 5824 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
10:38:14.0925 5824 gpsvc - ok
10:38:15.0003 5824 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:38:15.0019 5824 HDAudBus - ok
10:38:15.0034 5824 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:38:15.0034 5824 HidBth - ok
10:38:15.0066 5824 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:38:15.0066 5824 HidIr - ok
10:38:15.0081 5824 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
10:38:15.0097 5824 hidserv - ok
10:38:15.0112 5824 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
10:38:15.0112 5824 HidUsb - ok
10:38:15.0144 5824 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:38:15.0144 5824 hkmsvc - ok
10:38:15.0206 5824 [ CB383AB0B8BA871D893B86D3C9A3ED9F ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
10:38:15.0237 5824 HP Health Check Service - ok
10:38:15.0268 5824 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:38:15.0268 5824 HpCISSs - ok
10:38:15.0331 5824 [ 38D6B51F04DEF7FB248FA56E4C47407E ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
10:38:15.0362 5824 hpqcxs08 - ok
10:38:15.0378 5824 [ 3EE4A63539EC04EE2D4BD293985087AB ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
10:38:15.0378 5824 hpqddsvc - ok
10:38:15.0502 5824 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:38:15.0518 5824 HTTP - ok
10:38:15.0565 5824 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:38:15.0565 5824 i2omp - ok
10:38:15.0596 5824 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:38:15.0596 5824 i8042prt - ok
10:38:15.0627 5824 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:38:15.0627 5824 iaStorV - ok
10:38:15.0768 5824 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:38:15.0783 5824 idsvc - ok
10:38:15.0877 5824 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\201 20921.001\IDSvix86.sys
10:38:15.0892 5824 IDSVix86 - ok
10:38:15.0939 5824 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:38:15.0955 5824 iirsp - ok
10:38:16.0002 5824 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
10:38:16.0017 5824 IKEEXT - ok
10:38:16.0095 5824 [ 4C01298060CF930D26A75A86B874B6AE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:38:16.0173 5824 IntcAzAudAddService - ok
10:38:16.0204 5824 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
10:38:16.0204 5824 intelide - ok
10:38:16.0220 5824 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:38:16.0236 5824 intelppm - ok
10:38:16.0267 5824 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:38:16.0267 5824 IPBusEnum - ok
10:38:16.0282 5824 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:38:16.0282 5824 IpFilterDriver - ok
10:38:16.0376 5824 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:38:16.0407 5824 iphlpsvc - ok
10:38:16.0423 5824 IpInIp - ok
10:38:16.0438 5824 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:38:16.0438 5824 IPMIDRV - ok
10:38:16.0470 5824 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:38:16.0470 5824 IPNAT - ok
10:38:16.0501 5824 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:38:16.0501 5824 IRENUM - ok
10:38:16.0516 5824 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:38:16.0532 5824 isapnp - ok
10:38:16.0563 5824 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:38:16.0563 5824 iScsiPrt - ok
10:38:16.0594 5824 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:38:16.0594 5824 iteatapi - ok
10:38:16.0626 5824 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:38:16.0641 5824 iteraid - ok
10:38:16.0688 5824 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:38:16.0688 5824 kbdclass - ok
10:38:16.0704 5824 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:38:16.0704 5824 kbdhid - ok
10:38:16.0735 5824 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
10:38:16.0735 5824 KeyIso - ok
10:38:17.0016 5824 [ 162A5E3A691B903111526147C8D29E6D ] Kodak AiO Network Discovery Service C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
10:38:17.0047 5824 Kodak AiO Network Discovery Service - ok
10:38:17.0140 5824 [ B5E53FCA219A6491E9A1BA146A5D2452 ] Kodak AiO Status Monitor Service C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
10:38:17.0156 5824 Kodak AiO Status Monitor Service - ok
10:38:17.0203 5824 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:38:17.0218 5824 KSecDD - ok
10:38:17.0265 5824 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:38:17.0343 5824 KtmRm - ok
10:38:17.0468 5824 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:38:17.0468 5824 LanmanServer - ok
10:38:17.0530 5824 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:38:17.0562 5824 LanmanWorkstation - ok
10:38:17.0671 5824 [ C215E09622118383B236DD56C2065183 ] LightScribeService c:\Program Files\Common Files\LightScribe\LSSrvc.exe
10:38:17.0671 5824 LightScribeService - ok
10:38:17.0702 5824 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:38:17.0702 5824 lltdio - ok
10:38:17.0811 5824 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:38:17.0827 5824 lltdsvc - ok
10:38:17.0858 5824 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:38:17.0858 5824 lmhosts - ok
10:38:17.0889 5824 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:38:17.0905 5824 LSI_FC - ok
10:38:17.0936 5824 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:38:17.0936 5824 LSI_SAS - ok
10:38:17.0983 5824 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:38:17.0983 5824 LSI_SCSI - ok
10:38:18.0014 5824 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:38:18.0014 5824 luafv - ok
10:38:18.0076 5824 [ A19444BED5AA69E4DBE7A68CC334591F ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe
10:38:18.0076 5824 McciCMService - ok
10:38:18.0123 5824 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:38:18.0123 5824 Mcx2Svc - ok
10:38:18.0170 5824 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
10:38:18.0170 5824 megasas - ok
10:38:18.0201 5824 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:38:18.0217 5824 MegaSR - ok
10:38:18.0232 5824 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:38:18.0248 5824 MMCSS - ok
10:38:18.0264 5824 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:38:18.0279 5824 Modem - ok
10:38:18.0326 5824 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:38:18.0326 5824 monitor - ok
10:38:18.0342 5824 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:38:18.0342 5824 mouclass - ok
10:38:18.0373 5824 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\drivers\mouhid.sys
10:38:18.0388 5824 mouhid - ok
10:38:18.0420 5824 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:38:18.0420 5824 MountMgr - ok
10:38:18.0498 5824 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:38:18.0498 5824 MozillaMaintenance - ok
10:38:18.0544 5824 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
10:38:18.0544 5824 mpio - ok
10:38:18.0576 5824 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:38:18.0576 5824 mpsdrv - ok
10:38:18.0607 5824 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
10:38:18.0607 5824 MpsSvc - ok
10:38:18.0638 5824 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:38:18.0654 5824 Mraid35x - ok
10:38:18.0685 5824 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
10:38:18.0685 5824 MREMP50 - ok
10:38:18.0700 5824 MREMPR5 - ok
10:38:18.0716 5824 MRENDIS5 - ok
10:38:18.0732 5824 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
10:38:18.0747 5824 MRESP50 - ok
10:38:18.0763 5824 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:38:18.0763 5824 MRxDAV - ok
10:38:18.0810 5824 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:38:18.0841 5824 mrxsmb - ok
10:38:18.0872 5824 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:38:18.0888 5824 mrxsmb10 - ok
10:38:18.0903 5824 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:38:18.0903 5824 mrxsmb20 - ok
10:38:18.0950 5824 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
10:38:18.0950 5824 msahci - ok
10:38:18.0981 5824 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:38:18.0981 5824 msdsm - ok
10:38:19.0012 5824 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:38:19.0012 5824 MSDTC - ok
10:38:19.0044 5824 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:38:19.0044 5824 Msfs - ok
10:38:19.0059 5824 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:38:19.0059 5824 msisadrv - ok
10:38:19.0090 5824 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:38:19.0122 5824 MSiSCSI - ok
10:38:19.0122 5824 msiserver - ok
10:38:19.0168 5824 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:38:19.0168 5824 MSKSSRV - ok
10:38:19.0184 5824 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:38:19.0184 5824 MSPCLOCK - ok
10:38:19.0215 5824 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:38:19.0215 5824 MSPQM - ok
10:38:19.0246 5824 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:38:19.0246 5824 MsRPC - ok
10:38:19.0278 5824 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:38:19.0278 5824 mssmbios - ok
10:38:19.0324 5824 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:38:19.0324 5824 MSTEE - ok
10:38:19.0340 5824 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
10:38:19.0340 5824 Mup - ok
10:38:19.0371 5824 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
10:38:19.0387 5824 napagent - ok
10:38:19.0418 5824 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:38:19.0418 5824 NativeWifiP - ok
10:38:19.0652 5824 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120921.033\NAVENG.SYS
10:38:19.0683 5824 NAVENG - ok
10:38:19.0730 5824 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\2 0120921.033\NAVEX15.SYS
10:38:19.0792 5824 NAVEX15 - ok
10:38:19.0839 5824 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:38:19.0855 5824 NDIS - ok
10:38:19.0870 5824 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:38:19.0870 5824 NdisTapi - ok
10:38:19.0902 5824 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:38:19.0902 5824 Ndisuio - ok
10:38:19.0917 5824 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:38:19.0917 5824 NdisWan - ok
10:38:19.0933 5824 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:38:19.0933 5824 NDProxy - ok
10:38:19.0964 5824 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
10:38:19.0964 5824 Net Driver HPZ12 - ok
10:38:20.0026 5824 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:38:20.0026 5824 NetBIOS - ok
10:38:20.0104 5824 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:38:20.0167 5824 netbt - ok
10:38:20.0198 5824 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
10:38:20.0198 5824 Netlogon - ok
10:38:20.0385 5824 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:38:20.0385 5824 Netman - ok
10:38:20.0432 5824 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:38:20.0432 5824 netprofm - ok
10:38:20.0479 5824 [ 271AC1312EF1DDE187793183ABBFA8D0 ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
10:38:20.0494 5824 netr73 - ok
10:38:20.0541 5824 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:38:20.0541 5824 NetTcpPortSharing - ok
10:38:20.0572 5824 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:38:20.0572 5824 nfrd960 - ok
10:38:20.0822 5824 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe
10:38:20.0822 5824 NIS - ok
10:38:20.0869 5824 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:38:20.0884 5824 NlaSvc - ok
10:38:20.0931 5824 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:38:20.0931 5824 Npfs - ok
10:38:20.0947 5824 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:38:20.0947 5824 nsi - ok
10:38:20.0994 5824 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:38:20.0994 5824 nsiproxy - ok
10:38:21.0040 5824 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:38:21.0087 5824 Ntfs - ok
10:38:21.0103 5824 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:38:21.0103 5824 ntrigdigi - ok
10:38:21.0118 5824 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:38:21.0134 5824 Null - ok
10:38:21.0181 5824 [ AE78A7285DF03A277415FC62F8CE8F24 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx32.sys
10:38:21.0212 5824 NVENETFD - ok
10:38:22.0070 5824 [ FBBA09782F2FAC5A57619DF378BA9372 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:38:22.0148 5824 nvlddmkm - ok
10:38:22.0179 5824 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:38:22.0195 5824 nvraid - ok
10:38:22.0242 5824 [ C44EE36DD84FA95EB81D79C374756003 ] nvsmu C:\Windows\system32\drivers\nvsmu.sys
10:38:22.0242 5824 nvsmu - ok
10:38:22.0273 5824 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:38:22.0273 5824 nvstor - ok
10:38:22.0304 5824 [ CF7769F13B3ECC5E2BF1B3D1C5831AE8 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:38:22.0320 5824 nvsvc - ok
10:38:22.0335 5824 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:38:22.0351 5824 nv_agp - ok
10:38:22.0351 5824 NwlnkFlt - ok
10:38:22.0366 5824 NwlnkFwd - ok
10:38:22.0398 5824 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:38:22.0398 5824 ohci1394 - ok
10:38:22.0429 5824 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:38:22.0444 5824 p2pimsvc - ok
10:38:22.0476 5824 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
10:38:22.0476 5824 p2psvc - ok
10:38:22.0507 5824 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:38:22.0522 5824 Parport - ok
10:38:22.0554 5824 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:38:22.0554 5824 partmgr - ok
10:38:22.0569 5824 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:38:22.0569 5824 Parvdm - ok
10:38:22.0600 5824 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:38:22.0600 5824 PcaSvc - ok
10:38:22.0616 5824 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
10:38:22.0632 5824 pci - ok
10:38:22.0632 5824 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
10:38:22.0647 5824 pciide - ok
10:38:22.0678 5824 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:38:22.0678 5824 pcmcia - ok
10:38:22.0756 5824 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:38:22.0772 5824 PEAUTH - ok
10:38:23.0022 5824 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:38:23.0084 5824 pla - ok
10:38:23.0100 5824 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:38:23.0115 5824 PlugPlay - ok
10:38:23.0146 5824 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
10:38:23.0146 5824 Pml Driver HPZ12 - ok
10:38:23.0396 5824 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:38:23.0412 5824 PNRPAutoReg - ok
10:38:23.0427 5824 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:38:23.0443 5824 PNRPsvc - ok
10:38:23.0536 5824 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:38:23.0552 5824 PolicyAgent - ok
10:38:23.0599 5824 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:38:23.0599 5824 PptpMiniport - ok
10:38:23.0630 5824 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
10:38:23.0630 5824 Processor - ok
10:38:23.0661 5824 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
10:38:23.0661 5824 ProfSvc - ok
10:38:23.0692 5824 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:38:23.0692 5824 ProtectedStorage - ok
10:38:23.0724 5824 [ 390C204CED3785609AB24E9C52054A84 ] Ps2 C:\Windows\system32\DRIVERS\PS2.sys
10:38:23.0724 5824 Ps2 - ok
10:38:23.0786 5824 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:38:23.0786 5824 PSched - ok
10:38:23.0864 5824 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:38:23.0880 5824 ql2300 - ok
10:38:23.0911 5824 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:38:23.0926 5824 ql40xx - ok
10:38:23.0958 5824 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:38:23.0958 5824 QWAVE - ok
10:38:23.0973 5824 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:38:23.0973 5824 QWAVEdrv - ok
10:38:24.0316 5824 [ 6B6F0A77365667912360FF1D5E984F25 ] RapportCerberus_34302 C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\34302\RapportCerberus32_34302.sys
10:38:24.0348 5824 RapportCerberus_34302 - ok
10:38:24.0441 5824 [ 093B6A040BCF3FD4A0FFF397BAF28330 ] RapportEI C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
10:38:24.0441 5824 RapportEI - ok
10:38:24.0550 5824 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\programdata\trusteer\rapport\store\exts\rapport ms\39624\rapportiaso.sys
10:38:24.0550 5824 RapportIaso - ok
10:38:24.0628 5824 [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL C:\Windows\system32\Drivers\RapportKELL.sys
10:38:24.0644 5824 RapportKELL - ok
10:38:24.0722 5824 [ 3DE33A522BB73E161F20D444687E978B ] RapportPG C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
10:38:24.0722 5824 RapportPG - ok
10:38:24.0769 5824 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:38:24.0769 5824 RasAcd - ok
10:38:24.0800 5824 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:38:24.0800 5824 RasAuto - ok
10:38:24.0831 5824 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:38:24.0831 5824 Rasl2tp - ok
10:38:24.0862 5824 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
10:38:24.0862 5824 RasMan - ok
10:38:24.0878 5824 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:38:24.0878 5824 RasPppoe - ok
10:38:24.0894 5824 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:38:24.0894 5824 RasSstp - ok
10:38:24.0925 5824 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:38:24.0925 5824 rdbss - ok
10:38:24.0940 5824 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:38:24.0940 5824 RDPCDD - ok
10:38:25.0003 5824 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:38:25.0034 5824 rdpdr - ok
10:38:25.0034 5824 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:38:25.0034 5824 RDPENCDD - ok
10:38:25.0065 5824 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:38:25.0065 5824 RDPWD - ok
10:38:25.0128 5824 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:38:25.0128 5824 RemoteAccess - ok
10:38:25.0143 5824 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:38:25.0159 5824 RemoteRegistry - ok
10:38:25.0174 5824 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:38:25.0190 5824 RpcLocator - ok
10:38:25.0221 5824 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
10:38:25.0221 5824 RpcSs - ok
10:38:25.0315 5824 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:38:25.0330 5824 rspndr - ok
10:38:25.0362 5824 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
10:38:25.0362 5824 SamSs - ok
10:38:25.0393 5824 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:38:25.0393 5824 sbp2port - ok
10:38:25.0424 5824 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:38:25.0424 5824 SCardSvr - ok
10:38:25.0564 5824 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
10:38:25.0596 5824 Schedule - ok
10:38:25.0627 5824 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
10:38:25.0627 5824 SCPolicySvc - ok
10:38:25.0658 5824 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:38:25.0689 5824 SDRSVC - ok
10:38:25.0720 5824 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:38:25.0720 5824 secdrv - ok
Reply With Quote
  #14  
Old September 24th, 2012, 10:47 AM
loghamm loghamm is offline
Member
 
Join Date: Nov 2002
Location: england
Age: 53
Posts: 84
10:38:25.0736 5824 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:38:25.0736 5824 seclogon - ok
10:38:25.0783 5824 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
10:38:25.0783 5824 SENS - ok
10:38:25.0798 5824 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:38:25.0814 5824 Serenum - ok
10:38:25.0830 5824 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:38:25.0830 5824 Serial - ok
10:38:25.0845 5824 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:38:25.0845 5824 sermouse - ok
10:38:25.0876 5824 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:38:25.0876 5824 SessionEnv - ok
10:38:25.0908 5824 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:38:25.0908 5824 sffdisk - ok
10:38:25.0923 5824 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:38:25.0939 5824 sffp_mmc - ok
10:38:25.0970 5824 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:38:25.0970 5824 sffp_sd - ok
10:38:25.0986 5824 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:38:25.0986 5824 sfloppy - ok
10:38:26.0017 5824 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:38:26.0032 5824 SharedAccess - ok
10:38:26.0064 5824 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:38:26.0064 5824 ShellHWDetection - ok
10:38:26.0110 5824 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:38:26.0126 5824 sisagp - ok
10:38:26.0142 5824 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:38:26.0142 5824 SiSRaid2 - ok
10:38:26.0188 5824 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:38:26.0188 5824 SiSRaid4 - ok
10:38:26.0282 5824 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
10:38:26.0329 5824 slsvc - ok
10:38:26.0360 5824 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:38:26.0376 5824 SLUINotify - ok
10:38:26.0391 5824 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:38:26.0391 5824 Smb - ok
10:38:26.0422 5824 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:38:26.0422 5824 SNMPTRAP - ok
10:38:26.0454 5824 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:38:26.0485 5824 spldr - ok
10:38:26.0516 5824 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
10:38:26.0532 5824 Spooler - ok
10:38:26.0594 5824 [ 0D77554B62A9090EB05ECBB96058646E ] sprtsvc_TalkTalk C:\Program Files\TalkTalk\bin\sprtsvc.exe
10:38:26.0594 5824 sprtsvc_TalkTalk - ok
10:38:26.0703 5824 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1308000.00E\SRTSP. SYS
10:38:26.0719 5824 SRTSP - ok
10:38:26.0750 5824 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1308000.00E\SRTSPX .SYS
10:38:26.0750 5824 SRTSPX - ok
10:38:26.0812 5824 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:38:26.0812 5824 srv - ok
10:38:26.0875 5824 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:38:26.0890 5824 srv2 - ok
10:38:26.0937 5824 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:38:26.0937 5824 srvnet - ok
10:38:26.0968 5824 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:38:26.0984 5824 SSDPSRV - ok
10:38:27.0000 5824 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:38:27.0015 5824 SstpSvc - ok
10:38:27.0078 5824 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
10:38:27.0093 5824 stisvc - ok
10:38:27.0156 5824 [ 882FC174AC21C536E41351AFF58A7D7D ] SupportSoft RemoteAssist C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
10:38:27.0171 5824 SupportSoft RemoteAssist - ok
10:38:27.0202 5824 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:38:27.0202 5824 swenum - ok
10:38:27.0249 5824 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
10:38:27.0265 5824 swprv - ok
10:38:27.0312 5824 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:38:27.0343 5824 Symc8xx - ok
10:38:27.0374 5824 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1308000.00E\SYMDS. SYS
10:38:27.0390 5824 SymDS - ok
10:38:27.0452 5824 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1308000.00E\SYMEFA .SYS
10:38:27.0483 5824 SymEFA - ok
10:38:27.0546 5824 [ 555FB450FE6908600310E990738B41D6 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
10:38:27.0561 5824 SymEvent - ok
10:38:27.0608 5824 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1308000.00E\Ironx8 6.SYS
10:38:27.0624 5824 SymIRON - ok
10:38:27.0655 5824 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\NIS\1308000.00E\SYMTDI V.SYS
10:38:27.0670 5824 SYMTDIv - ok
10:38:27.0686 5824 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:38:27.0686 5824 Sym_hi - ok
10:38:27.0717 5824 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:38:27.0717 5824 Sym_u3 - ok
10:38:27.0748 5824 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
10:38:27.0780 5824 SysMain - ok
10:38:27.0811 5824 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:38:27.0811 5824 TabletInputService - ok
10:38:27.0904 5824 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
10:38:27.0920 5824 TapiSrv - ok
10:38:27.0951 5824 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:38:27.0951 5824 TBS - ok
10:38:28.0107 5824 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:38:28.0138 5824 Tcpip - ok
10:38:28.0154 5824 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:38:28.0170 5824 Tcpip6 - ok
10:38:28.0216 5824 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:38:28.0216 5824 tcpipreg - ok
10:38:28.0248 5824 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:38:28.0263 5824 TDPIPE - ok
10:38:28.0294 5824 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:38:28.0294 5824 TDTCP - ok
10:38:28.0326 5824 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:38:28.0326 5824 tdx - ok
10:38:28.0341 5824 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:38:28.0341 5824 TermDD - ok
10:38:28.0388 5824 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
10:38:28.0404 5824 TermService - ok
10:38:28.0435 5824 [ 0E8BE65DAA22027624A7289090E3841E ] tgsrvc_TalkTalk C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
10:38:28.0435 5824 tgsrvc_TalkTalk - ok
10:38:28.0466 5824 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
10:38:28.0466 5824 Themes - ok
10:38:28.0497 5824 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:38:28.0497 5824 THREADORDER - ok
10:38:28.0513 5824 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:38:28.0513 5824 TrkWks - ok
10:38:28.0560 5824 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:38:28.0560 5824 TrustedInstaller - ok
10:38:28.0606 5824 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:28.0606 5824 tssecsrv - ok
10:38:28.0638 5824 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:38:28.0638 5824 tunmp - ok
10:38:28.0653 5824 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:38:28.0653 5824 tunnel - ok
10:38:28.0684 5824 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:38:28.0684 5824 uagp35 - ok
10:38:28.0716 5824 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:38:28.0716 5824 udfs - ok
10:38:28.0778 5824 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:38:28.0778 5824 UI0Detect - ok
10:38:28.0809 5824 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:38:28.0809 5824 uliagpkx - ok
10:38:28.0840 5824 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:38:28.0856 5824 uliahci - ok
10:38:28.0872 5824 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:38:28.0872 5824 UlSata - ok
10:38:28.0903 5824 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:38:28.0903 5824 ulsata2 - ok
10:38:28.0934 5824 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:38:28.0934 5824 umbus - ok
10:38:28.0950 5824 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:38:28.0965 5824 upnphost - ok
10:38:29.0012 5824 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:29.0012 5824 usbccgp - ok
10:38:29.0043 5824 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:38:29.0043 5824 usbcir - ok
10:38:29.0059 5824 [ CEBE90821810E76320155BEBA722FCF9 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:38:29.0059 5824 usbehci - ok
10:38:29.0090 5824 [ CC6B28E4CE39951357963119CE47B143 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:38:29.0106 5824 usbhub - ok
10:38:29.0137 5824 [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
10:38:29.0137 5824 usbohci - ok
10:38:29.0137 5824 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:38:29.0137 5824 usbprint - ok
10:38:29.0168 5824 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:38:29.0168 5824 usbscan - ok
10:38:29.0199 5824 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:38:29.0199 5824 USBSTOR - ok
10:38:29.0215 5824 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:38:29.0215 5824 usbuhci - ok
10:38:29.0246 5824 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
10:38:29.0246 5824 UxSms - ok
10:38:29.0386 5824 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
10:38:29.0402 5824 vds - ok
10:38:29.0449 5824 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:38:29.0449 5824 vga - ok
10:38:29.0464 5824 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:38:29.0464 5824 VgaSave - ok
10:38:29.0496 5824 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:38:29.0496 5824 viaagp - ok
10:38:29.0527 5824 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:38:29.0542 5824 ViaC7 - ok
10:38:29.0558 5824 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
10:38:29.0558 5824 viaide - ok
10:38:29.0574 5824 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:38:29.0574 5824 volmgr - ok
10:38:29.0605 5824 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:38:29.0620 5824 volmgrx - ok
10:38:29.0652 5824 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:38:29.0652 5824 volsnap - ok
10:38:29.0683 5824 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:38:29.0683 5824 vsmraid - ok
10:38:29.0730 5824 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
10:38:29.0808 5824 VSS - ok
10:38:29.0839 5824 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
10:38:29.0870 5824 W32Time - ok
10:38:29.0901 5824 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:38:29.0901 5824 WacomPen - ok
10:38:29.0932 5824 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:38:29.0932 5824 Wanarp - ok
10:38:29.0932 5824 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:38:29.0948 5824 Wanarpv6 - ok
10:38:29.0964 5824 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:38:29.0979 5824 wcncsvc - ok
10:38:29.0995 5824 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:38:30.0010 5824 WcsPlugInService - ok
10:38:30.0057 5824 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
10:38:30.0057 5824 Wd - ok
10:38:30.0104 5824 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:38:30.0135 5824 Wdf01000 - ok
10:38:30.0151 5824 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:38:30.0166 5824 WdiServiceHost - ok
10:38:30.0166 5824 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:38:30.0166 5824 WdiSystemHost - ok
10:38:30.0198 5824 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
10:38:30.0198 5824 WebClient - ok
10:38:30.0291 5824 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:38:30.0291 5824 Wecsvc - ok
10:38:30.0322 5824 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:38:30.0322 5824 wercplsupport - ok
10:38:30.0338 5824 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
10:38:30.0354 5824 WerSvc - ok
10:38:30.0525 5824 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:38:30.0525 5824 WinDefend - ok
10:38:30.0525 5824 WinHttpAutoProxySvc - ok
10:38:30.0603 5824 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:38:30.0603 5824 Winmgmt - ok
10:38:30.0666 5824 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:38:30.0728 5824 WinRM - ok
10:38:30.0853 5824 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:38:30.0884 5824 Wlansvc - ok
10:38:30.0931 5824 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
10:38:30.0931 5824 WmiAcpi - ok
10:38:31.0040 5824 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:38:31.0040 5824 wmiApSrv - ok
10:38:31.0102 5824 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:38:31.0134 5824 WMPNetworkSvc - ok
10:38:31.0165 5824 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:38:31.0180 5824 WPCSvc - ok
10:38:31.0212 5824 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:38:31.0212 5824 WPDBusEnum - ok
10:38:31.0243 5824 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:38:31.0243 5824 WpdUsb - ok
10:38:31.0602 5824 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\ WPFFontCache_v0400.exe
10:38:31.0617 5824 WPFFontCache_v0400 - ok
10:38:31.0664 5824 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:38:31.0664 5824 ws2ifsl - ok
10:38:31.0695 5824 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
10:38:31.0695 5824 wscsvc - ok
10:38:31.0711 5824 WSearch - ok
10:38:31.0789 5824 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
10:38:31.0851 5824 wuauserv - ok
10:38:31.0898 5824 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:38:31.0898 5824 WUDFRd - ok
10:38:31.0929 5824 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:38:31.0929 5824 wudfsvc - ok
10:38:31.0945 5824 ================ Scan global ===============================
10:38:32.0023 5824 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:38:32.0085 5824 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
10:38:32.0116 5824 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
10:38:32.0163 5824 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
10:38:32.0179 5824 [Global] - ok
10:38:32.0194 5824 ================ Scan MBR ==================================
10:38:32.0210 5824 [ 81CD5EC01DB0CE57EDD853F82462EF27 ] \Device\Harddisk0\DR0
10:38:32.0803 5824 \Device\Harddisk0\DR0 - ok
10:38:32.0803 5824 ================ Scan VBR ==================================
10:38:32.0818 5824 [ A560D20FC44EC66A2B2B6630E6A0C859 ] \Device\Harddisk0\DR0\Partition1
10:38:32.0818 5824 \Device\Harddisk0\DR0\Partition1 - ok
10:38:32.0818 5824 [ 34D536D099F0C6F636C3D1FFAAA39972 ] \Device\Harddisk0\DR0\Partition2
10:38:32.0818 5824 \Device\Harddisk0\DR0\Partition2 - ok
10:38:32.0834 5824 ================================================== ==========
10:38:32.0834 5824 Scan finished
10:38:32.0834 5824 ================================================== ==========
10:38:32.0850 5816 Detected object count: 0
10:38:32.0850 5816 Actual detected object count: 0
10:39:48.0432 5604 Deinitialize success
Reply With Quote
  #15  
Old September 25th, 2012, 12:30 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 50,391
Didn't locate anything so far.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 11:42 PM.