[A] Svchost.exe trojan

Inactive
By Dawn Barrientos
Oct 21, 2012
Topic Status:
Not open for further replies.
  1. I have two trojans that I can not get rid of.

    here is the malwarebyte log:


    Malwarebytes Anti-Malware 1.65.0.1400

    www.malwarebytes.org



    Database version: v2012.10.17.08



    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Dawn Barrientos :: FAMILYROOM2 [administrator]



    10/21/2012 2:00:27 PM

    mbam-log-2012-10-21 (14-00-27).txt



    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 206083

    Time elapsed: 6 minute(s), 10 second(s)



    Memory Processes Detected: 0

    (No malicious items detected)



    Memory Modules Detected: 0

    (No malicious items detected)



    Registry Keys Detected: 1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.



    Registry Values Detected: 0

    (No malicious items detected)



    Registry Data Items Detected: 0

    (No malicious items detected)



    Folders Detected: 0

    (No malicious items detected)



    Files Detected: 2

    C:\Users\Dawn Barrientos\AppData\Local\Temp\0.5076059889112969 (Trojan.Happili) -> Quarantined and deleted successfully.

    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.



    (end)
  2. Dawn Barrientos

    Dawn Barrientos Newcomer, in training Topic Starter

    There was no GMER Log
    here is the first DDS log:

    DDS (Ver_2012-10-19.01) - NTFS_AMD64

    Internet Explorer: 9.0.8112.16421

    Run by Dawn Barrientos at 18:28:52 on 2012-10-21

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4506 [GMT -5:00]

    .

    AV: Emsisoft Anti-Malware *Disabled/Outdated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: Emsisoft Anti-Malware *Disabled/Outdated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

    FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\system32\atiesrxx.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\atieclxx.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

    c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe

    C:\Windows\system32\mfevtps.exe

    C:\Program Files\Microsoft LifeCam\MSCamS64.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\system32\rundll32.exe

    C:\Windows\SysWOW64\rundll32.exe

    C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe

    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    C:\Windows\system32\WUDFHost.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

    C:\Windows\System32\rundll32.exe

    C:\Windows\SysWOW64\rundll32.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

    C:\Program Files (x86)\iTunes\iTunesHelper.exe

    C:\Program Files\McAfee.com\Agent\mcagent.exe

    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\Program Files (x86)\Nero\Update\NASvc.exe

    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

    C:\Windows\system32\wuauclt.exe

    C:\Program Files\Common Files\McAfee\Core\mchost.exe

    C:\Program Files (x86)\Internet Explorer\iexplore.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.ask.com/?l=dis&o=2159&gct=hp

    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\CoIEPlg.dll

    BHO: {61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} - <orphaned>

    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\IPS\IPSBHO.dll

    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\CoIEPlg.dll

    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

    EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

    uRun: [Facebook Update] "C:\Users\Dawn Barrientos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

    uRun: [APN] rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW

    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

    mPolicies-Explorer: NoActiveDesktop = dword:1

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

    TCP: NameServer = 192.168.1.1

    TCP: Interfaces\{BBE108C0-5B9E-40F4-88A9-995CB0FA1784} : DHCPNameServer = 192.168.1.1

    TCP: Interfaces\{C649B165-49C4-4FF1-B8E2-F2E2B2AA0C03} : DHCPNameServer = 192.168.1.1

    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll

    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    SSODL: WebCheck - <orphaned>

    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

    x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab

    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll

    x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>

    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

    x64-SSODL: WebCheck - <orphaned>

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2012-6-22 752672]

    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-6-22 335784]

    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-11-10 55856]

    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\0500000.07D\SymDS64.sys [2012-3-1 450608]

    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\0500000.07D\SymEFA64.sys [2012-3-1 802864]

    R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-5-3 23208]

    R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-5-3 41728]

    R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-5-3 14720]

    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20101201.001\IDSviA64.sys [2012-3-1 476792]

    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\0500000.07D\Ironx64.sys [2012-3-1 171128]

    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\0500000.07D\symnets.sys [2012-3-1 382072]

    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

    R2 a2AntiMalware;Emsisoft Anti-Malware 6.5 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-5-3 3065120]

    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-10 202752]

    R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 173568]

    R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]

    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-9-23 103440]

    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]

    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]

    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-9-23 237920]

    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-9-23 218320]

    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-9-23 177144]

    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Norton Security Suite\Engine\5.0.0.125\ccSvcHst.exe [2012-3-1 130000]

    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-10 1692480]

    R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-5-3 63880]

    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-11-10 320040]

    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-9-23 300392]

    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-9-23 513456]

    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]

    R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\netr28ux.sys [2009-9-15 1061888]

    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

    S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2012-3-1 953904]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-11 136176]

    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-3 201304]

    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-12 250808]

    S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-9-23 69672]

    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-8-11 136176]

    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-25 196440]

    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-9-23 106112]

    S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]

    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-1 1255736]

    S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]

    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    .

    =============== Created Last 30 ================

    .

    2012-10-19 15:15:17 -------- d-----w- C:\rei

    2012-10-19 15:15:17 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

    2012-10-19 15:15:03 -------- d-----w- C:\Program Files (x86)\BabylonToolbar

    2012-10-19 15:14:54 -------- d-----w- C:\Program Files\Reimage

    2012-10-15 00:13:06 -------- d-----w- C:\Users\Dawn Barrientos\AppData\Local\{0BB45123-9394-4D5B-90DF-84A244A7E36A}

    2012-10-14 01:51:53 -------- d-----w- C:\Users\Dawn Barrientos\AppData\Local\{710BD934-5BAD-427D-ACB7-B6F5551255B0}

    2012-10-10 23:52:27 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6EAB.tmp

    2012-10-10 23:52:27 5632 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\6EAA.tmp

    2012-10-10 10:24:03 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys

    2012-10-10 10:22:50 715776 ----a-w- C:\Windows\System32\kerberos.dll

    2012-10-10 10:22:50 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

    2012-10-10 10:22:42 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

    2012-10-10 10:22:42 1464320 ----a-w- C:\Windows\System32\crypt32.dll

    2012-10-10 10:22:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

    2012-10-10 10:22:42 140288 ----a-w- C:\Windows\System32\cryptnet.dll

    2012-10-10 10:22:42 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll

    2012-10-10 10:22:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

    2012-10-07 23:49:30 -------- d-----w- C:\Users\Dawn Barrientos\AppData\Roaming\WildTangent

    2012-09-26 03:28:54 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys

    2012-09-25 23:00:08 -------- d-----w- C:\Users\Dawn Barrientos\AppData\Local\APN

    2012-09-25 20:46:35 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

    2012-09-24 00:28:16 -------- d-----w- C:\Program Files (x86)\McAfee.com

    2012-09-24 00:28:08 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

    2012-09-24 00:28:05 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys

    2012-09-24 00:28:05 513456 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

    2012-09-24 00:28:05 300392 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

    2012-09-24 00:28:05 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

    2012-09-24 00:27:58 -------- d-----w- C:\Program Files\Common Files\McAfee

    2012-09-24 00:27:47 -------- d-----w- C:\Program Files\McAfee.com

    2012-09-24 00:27:47 -------- d-----w- C:\Program Files\McAfee

    2012-09-24 00:21:52 177144 ----a-w- C:\Windows\System32\mfevtps.exe

    .

    ==================== Find3M ====================

    .

    2012-10-08 22:54:06 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2012-10-08 22:54:06 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll

    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll

    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll

    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll

    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll

    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll

    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe

    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe

    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

    2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

    2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

    .

    ============= FINISH: 18:29:19.25 ===============
  3. Dawn Barrientos

    Dawn Barrientos Newcomer, in training Topic Starter

    Here is the next DDS log:




    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-10-19.01)

    .

    Microsoft Windows 7 Home Premium

    Boot Device: \Device\HarddiskVolume2

    Install Date: 11/29/2011 10:59:20 PM

    System Uptime: 10/21/2012 2:35:13 PM (4 hours ago)

    .

    Motherboard: Dell Inc. | | 04GJJT

    Processor: AMD Athlon(tm) II X4 645 Processor | CPU 1 | 3100/200mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 917 GiB total, 770.455 GiB free.

    D: is CDROM (UDF)

    E: is Removable

    F: is Removable

    G: is Removable

    H: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

    Description: BHDrvx64

    Device ID: ROOT\LEGACY_BHDRVX64\0000

    Manufacturer:

    Name: BHDrvx64

    PNP Device ID: ROOT\LEGACY_BHDRVX64\0000

    Service: BHDrvx64

    .

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

    Description: McAfee Inc. mfeapfk

    Device ID: ROOT\LEGACY_MFEAPFK\0000

    Manufacturer:

    Name: McAfee Inc. mfeapfk

    PNP Device ID: ROOT\LEGACY_MFEAPFK\0000

    Service: mfeapfk

    .

    ==== System Restore Points ===================

    .

    RP169: 10/17/2012 3:00:18 AM - Windows Update

    RP170: 10/18/2012 3:00:36 AM - Windows Update

    RP171: 10/19/2012 3:00:11 AM - Windows Update

    RP172: 10/19/2012 9:16:07 PM - Windows Update

    RP173: 10/20/2012 3:00:13 AM - Windows Update

    RP174: 10/21/2012 3:00:15 AM - Windows Update

    .

    ==== Installed Programs ======================

    .

    Update for Microsoft Office 2007 (KB2508958)

    Accidental Damage Services Agreement

    Adobe AIR

    Adobe Flash Player 11 ActiveX

    Adobe Reader X MUI

    Adobe Shockwave Player 11.6

    Amazon Unbox Video

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    ATI Catalyst Control Center

    Bejeweled 2 Deluxe

    Blackhawk Striker 2

    Blio

    Bonjour

    Bounce Symphony

    Build-a-lot 2

    Cake Mania

    Canon MP495 series MP Drivers

    Catalyst Control Center - Branding

    Catalyst Control Center Core Implementation

    Catalyst Control Center Graphics Full Existing

    Catalyst Control Center Graphics Full New

    Catalyst Control Center Graphics Light

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center Graphics Previews Vista

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    ccc-core-static

    ccc-utility64

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    CCleaner

    Chuzzle Deluxe

    Comcast Desktop Software (v1.2.1)

    Consumer In-Home Service Agreement

    Cozi

    D3DX10

    Dell DataSafe Local Backup

    Dell DataSafe Local Backup - Support Software

    Dell DataSafe Online

    Dell Digital Delivery

    Dell Edoc Viewer

    Dell Getting Started Guide

    Dell MusicStage

    Dell PhotoStage

    Dell Stage

    Dell Support Center

    Dell VideoStage

    Diner Dash 2 Restaurant Rescue

    DirectX 9 Runtime

    Dora's World Adventure

    eBay

    Emsisoft Anti-Malware

    Escape Whisper Valley (TM)

    Facebook Video Calling 1.2.0.159

    Family Tree Maker 2011

    Farm Frenzy

    FATE

    Final Drive Fury

    Final Drive Nitro

    Firebird SQL Server - MAGIX Edition

    Google Chrome

    Google Update Helper

    High-Definition Video Playback

    iTunes

    Java Auto Updater

    Java(TM) 6 Update 27

    Java(TM) 6 Update 27 (64-bit)

    Jewel Quest

    Jewel Quest Solitaire 2

    Junk Mail filter update

    Luxor

    magicJack

    MAGIX 3D Maker (embedded MSI)

    MAGIX PhotoStory on CD & DVD 9 deluxe Download Version

    MAGIX Screenshare

    MAGIX Speed 2 (MSI)

    MAGIX Xtreme Photo Designer 6

    Malwarebytes Anti-Malware version 1.62.0.1300

    McAfee SecurityCenter

    Mesh Runtime

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Extended

    Microsoft Application Error Reporting

    Microsoft Corporation

    Microsoft LifeCam

    Microsoft Office 2007 Service Pack 3 (SP3)

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office File Validation Add-In

    Microsoft Office Home and Student 2007

    Microsoft Office Office 64-bit Components 2007

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (English) 2007

    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    Microsoft Office Shared 64-bit MUI (English) 2007

    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Word MUI (English) 2007

    Microsoft Primary Interoperability Assemblies 2005

    Microsoft Silverlight

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

    Microsoft WSE 3.0 Runtime

    MSVCRT

    MSVCRT_amd64

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    Namco All-Stars PAC-MAN

    Nero 10 Movie ThemePack Basic

    Nero Control Center 10

    Nero ControlCenter 10 Help (CHM)

    Nero Core Components 10

    Nero Update

    Norton Security Suite

    Penguins!

    PhotoShowExpress

    Plants vs. Zombies - Game of the Year

    PlayReady PC Runtime x86

    Poker Superstars III

    Polar Bowler

    Polar Golfer

    QualxServ Service Agreement

    RBVirtualFolder64Inst

    Realtek High Definition Audio Driver

    Roxio Activation Module

    Roxio BackOnTrack

    Roxio Burn

    Roxio Creator Starter

    Roxio Express Labeler 3

    Roxio File Backup

    Samantha Swift

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

    Shared C Run-time for x64

    Skins

    Skype Toolbars

    Skype™ 5.10

    Sonic CinePlayer Decoder Pack

    SyncUP

    TrustedID

    TrustedID IDMonitor Identity Protection

    Unity Web Player

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    Update for Microsoft .NET Framework 4 Extended (KB2468871)

    Update for Microsoft .NET Framework 4 Extended (KB2533523)

    Update for Microsoft .NET Framework 4 Extended (KB2600217)

    Update for Microsoft Office 2007 Help for Common Features (KB963673)

    Update for Microsoft Office Excel 2007 Help (KB963678)

    Update for Microsoft Office OneNote 2007 Help (KB963670)

    Update for Microsoft Office Powerpoint 2007 Help (KB963669)

    Update for Microsoft Office Script Editor Help (KB963671)

    Update for Microsoft Office Word 2007 Help (KB963665)

    Update Installer for WildTangent Games App

    Virtual Villagers 4 - The Tree of Life

    Wedding Dash - Ready, Aim, Love!

    WildTangent Games

    WildTangent Games App (Dell Games)

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Language Selector

    Windows Live Mail

    Windows Live Mesh

    Windows Live Mesh ActiveX Control for Remote Connections

    Windows Live Messenger

    Windows Live MIME IFilter

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live Remote Client

    Windows Live Remote Client Resources

    Windows Live Remote Service

    Windows Live Remote Service Resources

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    Windows Media Encoder 9 Series

    Wizard101

    Zinio Reader 4

    Zuma Deluxe

    .

    ==== Event Viewer Messages From Past Week ========

    .

    40512916 BHDrvx64 mfeapfk SRTSP

    10/21/2012 4:16:19 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

    10/21/2012 4:16:19 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has returned a service-specific error code.

    10/21/2012 4:15:53 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

    10/21/2012 4:15:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

    10/21/2012 3:01:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2724197).

    10/21/2012 2:25:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

    10/21/2012 2:22:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 mfeapfk SRTSP

    10/21/2012 2:21:57 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

    10/21/2012 2:21:57 PM, Error: SRTSP [4] - Error loading virus definitions.

    10/21/2012 2:20:21 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DAWN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C649B165-49C4-4FF1-B8E2-F2E2B2AA0C03}. The master browser is stopping or an election is being forced.

    10/19/2012 9:10:40 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034cc405, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-36707-01.

    10/19/2012 10:28:56 AM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The service has not been started.

    10/19/2012 10:26:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:

    10/19/2012 10:26:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034ea915, 0x0000000000000000, 0xffffffffffffffff). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-57111-01.

    10/19/2012 10:20:09 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000022, 0x0000000000000002, 0x0000000000000000, 0xfffff8000351bc27). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101912-49811-01.

    10/19/2012 10:13:30 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.

    10/19/2012 10:12:30 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    10/19/2012 10:12:12 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    10/17/2012 6:40:54 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

    10/17/2012 10:55:14 AM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

    10/14/2012 7:15:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHARLESSTEPH-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{C649B165-49C4-4FF1-B8E2-F2E2B2AA0C03}. The master browser is stopping or an election is being forced.

    10/14/2012 2:37:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800034697ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101412-34429-01.

    10/14/2012 11:24:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.

    .

    ==== End Of File ===========================
  4. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    You're running three AV programs, Emsisoft Anti-Malware, Norton and McAfee.
    You must uninstall TWO of them.
    If McAfee is one of them use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
    If Norton is another one use this tool: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    Next....


    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  5. Dawn Barrientos

    Dawn Barrientos Newcomer, in training Topic Starter

    21:24:25.0581 5912 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    21:24:25.0891 5912 ============================================================
    21:24:25.0891 5912 Current date / time: 2012/10/22 21:24:25.0891
    21:24:25.0891 5912 SystemInfo:
    21:24:25.0891 5912
    21:24:25.0891 5912 OS Version: 6.1.7601 ServicePack: 1.0
    21:24:25.0891 5912 Product type: Workstation
    21:24:25.0891 5912 ComputerName: FAMILYROOM2
    21:24:25.0891 5912 UserName: Dawn Barrientos
    21:24:25.0891 5912 Windows directory: C:\Windows
    21:24:25.0891 5912 System windows directory: C:\Windows
    21:24:25.0891 5912 Running under WOW64
    21:24:25.0891 5912 Processor architecture: Intel x64
    21:24:25.0891 5912 Number of processors: 4
    21:24:25.0891 5912 Page size: 0x1000
    21:24:25.0891 5912 Boot type: Normal boot
    21:24:25.0891 5912 ============================================================
    21:24:27.0251 5912 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:24:27.0271 5912 ============================================================
    21:24:27.0271 5912 \Device\Harddisk0\DR0:
    21:24:27.0271 5912 MBR partitions:
    21:24:27.0271 5912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D9F000
    21:24:27.0271 5912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DB3000, BlocksNum 0x72953000
    21:24:27.0271 5912 ============================================================
    21:24:27.0311 5912 C: <-> \Device\Harddisk0\DR0\Partition2
    21:24:27.0311 5912 ============================================================
    21:24:27.0311 5912 Initialize success
    21:24:27.0311 5912 ============================================================
    21:24:28.0531 1152 ============================================================
    21:24:28.0531 1152 Scan started
    21:24:28.0531 1152 Mode: Manual;
    21:24:28.0531 1152 ============================================================
    21:24:29.0529 1152 ================ Scan system memory ========================
    21:24:29.0529 1152 System memory - ok
    21:24:29.0529 1152 ================ Scan services =============================
    21:24:29.0670 1152 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    21:24:29.0732 1152 1394ohci - ok
    21:24:29.0763 1152 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    21:24:29.0763 1152 ACPI - ok
    21:24:29.0795 1152 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    21:24:29.0857 1152 AcpiPmi - ok
    21:24:29.0982 1152 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:24:29.0982 1152 AdobeFlashPlayerUpdateSvc - ok
    21:24:30.0029 1152 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    21:24:30.0060 1152 adp94xx - ok
    21:24:30.0075 1152 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    21:24:30.0075 1152 adpahci - ok
    21:24:30.0091 1152 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    21:24:30.0107 1152 adpu320 - ok
    21:24:30.0231 1152 [ 96A0FF09E226B023DC6ACA253AACEE2E ] ADVService C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    21:24:30.0309 1152 ADVService - ok
    21:24:30.0325 1152 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    21:24:30.0325 1152 AeLookupSvc - ok
    21:24:30.0372 1152 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    21:24:30.0419 1152 AFD - ok
    21:24:30.0434 1152 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    21:24:30.0434 1152 agp440 - ok
    21:24:30.0465 1152 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    21:24:30.0465 1152 ALG - ok
    21:24:30.0497 1152 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    21:24:30.0512 1152 aliide - ok
    21:24:30.0543 1152 [ E2934A5F82E010D8783544536384B035 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    21:24:30.0606 1152 AMD External Events Utility - ok
    21:24:30.0621 1152 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    21:24:30.0621 1152 amdide - ok
    21:24:30.0637 1152 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    21:24:30.0637 1152 AmdK8 - ok
    21:24:30.0668 1152 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    21:24:30.0668 1152 AmdPPM - ok
    21:24:30.0684 1152 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    21:24:30.0731 1152 amdsata - ok
    21:24:30.0762 1152 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    21:24:30.0762 1152 amdsbs - ok
    21:24:30.0777 1152 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    21:24:30.0840 1152 amdxata - ok
    21:24:30.0855 1152 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    21:24:30.0902 1152 AppID - ok
    21:24:30.0918 1152 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    21:24:30.0918 1152 AppIDSvc - ok
    21:24:30.0933 1152 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    21:24:30.0965 1152 Appinfo - ok
    21:24:31.0058 1152 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:24:31.0105 1152 Apple Mobile Device - ok
    21:24:31.0152 1152 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
    21:24:31.0152 1152 arc - ok
    21:24:31.0167 1152 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
    21:24:31.0183 1152 arcsas - ok
    21:24:31.0261 1152 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:24:31.0308 1152 aspnet_state - ok
    21:24:31.0323 1152 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    21:24:31.0339 1152 AsyncMac - ok
    21:24:31.0339 1152 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    21:24:31.0339 1152 atapi - ok
    21:24:31.0370 1152 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    21:24:31.0448 1152 AtiHdmiService - ok
    21:24:31.0838 1152 [ ADF81052D94BCD3FF7DB2FE59E3ED6F4 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    21:24:31.0901 1152 atikmdag - ok
    21:24:31.0947 1152 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\drivers\AtiPcie.sys
    21:24:32.0010 1152 AtiPcie - ok
    21:24:32.0072 1152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    21:24:32.0135 1152 AudioEndpointBuilder - ok
    21:24:32.0150 1152 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    21:24:32.0150 1152 AudioSrv - ok
    21:24:32.0197 1152 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    21:24:32.0244 1152 AxInstSV - ok
    21:24:32.0275 1152 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    21:24:32.0291 1152 b06bdrv - ok
    21:24:32.0353 1152 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    21:24:32.0369 1152 b57nd60a - ok
    21:24:32.0415 1152 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    21:24:32.0415 1152 BDESVC - ok
    21:24:32.0462 1152 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    21:24:32.0462 1152 Beep - ok
    21:24:32.0509 1152 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    21:24:32.0540 1152 BFE - ok
    21:24:32.0618 1152 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    21:24:32.0696 1152 BITS - ok
    21:24:32.0727 1152 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    21:24:32.0743 1152 blbdrive - ok
    21:24:32.0930 1152 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    21:24:33.0008 1152 Bonjour Service - ok
    21:24:33.0039 1152 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    21:24:33.0071 1152 bowser - ok
    21:24:33.0102 1152 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    21:24:33.0102 1152 BrFiltLo - ok
    21:24:33.0133 1152 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    21:24:33.0149 1152 BrFiltUp - ok
    21:24:33.0180 1152 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    21:24:33.0180 1152 BridgeMP - ok
    21:24:33.0227 1152 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    21:24:33.0289 1152 Browser - ok
    21:24:33.0320 1152 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    21:24:33.0336 1152 Brserid - ok
    21:24:33.0367 1152 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    21:24:33.0367 1152 BrSerWdm - ok
    21:24:33.0398 1152 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    21:24:33.0398 1152 BrUsbMdm - ok
    21:24:33.0414 1152 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    21:24:33.0429 1152 BrUsbSer - ok
    21:24:33.0445 1152 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    21:24:33.0445 1152 BTHMODEM - ok
    21:24:33.0476 1152 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    21:24:33.0476 1152 bthserv - ok
    21:24:33.0539 1152 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    21:24:33.0539 1152 cdfs - ok
    21:24:33.0570 1152 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    21:24:33.0617 1152 cdrom - ok
    21:24:33.0663 1152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    21:24:33.0710 1152 CertPropSvc - ok
    21:24:33.0741 1152 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\Windows\system32\drivers\cfwids.sys
    21:24:33.0773 1152 cfwids - ok
    21:24:33.0788 1152 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
    21:24:33.0788 1152 circlass - ok
    21:24:33.0819 1152 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    21:24:33.0819 1152 CLFS - ok
    21:24:33.0882 1152 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:24:33.0882 1152 clr_optimization_v2.0.50727_32 - ok
    21:24:34.0007 1152 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:24:34.0022 1152 clr_optimization_v2.0.50727_64 - ok
    21:24:34.0069 1152 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:24:34.0147 1152 clr_optimization_v4.0.30319_32 - ok
    21:24:34.0163 1152 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:24:34.0209 1152 clr_optimization_v4.0.30319_64 - ok
    21:24:34.0256 1152 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    21:24:34.0272 1152 CmBatt - ok
    21:24:34.0303 1152 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    21:24:34.0303 1152 cmdide - ok
    21:24:34.0350 1152 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    21:24:34.0381 1152 CNG - ok
    21:24:34.0397 1152 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    21:24:34.0412 1152 Compbatt - ok
    21:24:34.0428 1152 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    21:24:34.0506 1152 CompositeBus - ok
    21:24:34.0521 1152 COMSysApp - ok
    21:24:34.0553 1152 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    21:24:34.0553 1152 crcdisk - ok
    21:24:34.0615 1152 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    21:24:34.0662 1152 CryptSvc - ok
    21:24:34.0709 1152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    21:24:34.0724 1152 DcomLaunch - ok
    21:24:34.0755 1152 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    21:24:34.0771 1152 defragsvc - ok
    21:24:34.0865 1152 [ 3A42B00C88E3E68080DAB6B27BB35B6E ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    21:24:34.0927 1152 DellDigitalDelivery - ok
    21:24:34.0943 1152 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    21:24:34.0989 1152 DfsC - ok
    21:24:35.0021 1152 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    21:24:35.0052 1152 Dhcp - ok
    21:24:35.0083 1152 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    21:24:35.0083 1152 discache - ok
    21:24:35.0114 1152 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
    21:24:35.0130 1152 Disk - ok
    21:24:35.0145 1152 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    21:24:35.0208 1152 Dnscache - ok
    21:24:35.0239 1152 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    21:24:35.0270 1152 dot3svc - ok
    21:24:35.0301 1152 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    21:24:35.0333 1152 DPS - ok
    21:24:35.0364 1152 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    21:24:35.0379 1152 drmkaud - ok
    21:24:35.0426 1152 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    21:24:35.0473 1152 DXGKrnl - ok
    21:24:35.0520 1152 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    21:24:35.0520 1152 EapHost - ok
    21:24:35.0972 1152 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
    21:24:36.0003 1152 ebdrv - ok
    21:24:36.0019 1152 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    21:24:36.0097 1152 EFS - ok
    21:24:36.0206 1152 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    21:24:36.0269 1152 ehRecvr - ok
    21:24:36.0284 1152 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    21:24:36.0300 1152 ehSched - ok
    21:24:36.0378 1152 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    21:24:36.0393 1152 elxstor - ok
    21:24:36.0456 1152 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    21:24:36.0456 1152 ErrDev - ok
    21:24:36.0565 1152 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    21:24:36.0565 1152 EventSystem - ok
    21:24:36.0643 1152 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    21:24:36.0659 1152 exfat - ok
    21:24:36.0721 1152 Fabs - ok
    21:24:36.0737 1152 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    21:24:36.0752 1152 fastfat - ok
    21:24:36.0783 1152 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    21:24:36.0846 1152 Fax - ok
    21:24:36.0861 1152 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
    21:24:36.0861 1152 fdc - ok
    21:24:36.0908 1152 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    21:24:36.0924 1152 fdPHost - ok
    21:24:36.0939 1152 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    21:24:36.0939 1152 FDResPub - ok
    21:24:36.0971 1152 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    21:24:36.0971 1152 FileInfo - ok
    21:24:37.0002 1152 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    21:24:37.0002 1152 Filetrace - ok
    21:24:37.0111 1152 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
    21:24:37.0205 1152 FirebirdServerMAGIXInstance - ok
    21:24:37.0205 1152 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    21:24:37.0220 1152 flpydisk - ok
    21:24:37.0251 1152 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    21:24:37.0283 1152 FltMgr - ok
    21:24:37.0439 1152 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    21:24:37.0501 1152 FontCache - ok
    21:24:37.0610 1152 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:24:37.0688 1152 FontCache3.0.0.0 - ok
    21:24:37.0704 1152 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    21:24:37.0704 1152 FsDepends - ok
    21:24:37.0735 1152 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    21:24:37.0797 1152 Fs_Rec - ok
    21:24:37.0813 1152 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    21:24:37.0860 1152 fvevol - ok
    21:24:37.0875 1152 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    21:24:37.0891 1152 gagp30kx - ok
    21:24:38.0063 1152 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    21:24:38.0125 1152 GamesAppService - ok
    21:24:38.0172 1152 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    21:24:38.0219 1152 GEARAspiWDM - ok
    21:24:38.0250 1152 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    21:24:38.0265 1152 gpsvc - ok
    21:24:38.0406 1152 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:24:38.0421 1152 gupdate - ok
    21:24:38.0468 1152 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:24:38.0468 1152 gupdatem - ok
    21:24:38.0484 1152 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    21:24:38.0484 1152 hcw85cir - ok
    21:24:38.0515 1152 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    21:24:38.0515 1152 HDAudBus - ok
    21:24:38.0546 1152 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    21:24:38.0546 1152 HidBatt - ok
    21:24:38.0562 1152 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    21:24:38.0562 1152 HidBth - ok
    21:24:38.0593 1152 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    21:24:38.0593 1152 HidIr - ok
    21:24:38.0624 1152 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
    21:24:38.0624 1152 hidserv - ok
    21:24:38.0655 1152 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    21:24:38.0702 1152 HidUsb - ok
    21:24:38.0780 1152 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
    21:24:38.0843 1152 HipShieldK - ok
    21:24:38.0874 1152 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    21:24:38.0921 1152 hkmsvc - ok
    21:24:38.0936 1152 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    21:24:38.0983 1152 HomeGroupListener - ok
    21:24:39.0045 1152 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    21:24:39.0092 1152 HomeGroupProvider - ok
    21:24:39.0123 1152 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    21:24:39.0186 1152 HpSAMD - ok
    21:24:39.0217 1152 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    21:24:39.0264 1152 HTTP - ok
    21:24:39.0311 1152 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    21:24:39.0373 1152 hwpolicy - ok
    21:24:39.0404 1152 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    21:24:39.0404 1152 i8042prt - ok
    21:24:39.0482 1152 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    21:24:39.0545 1152 iaStorV - ok
    21:24:39.0685 1152 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:24:39.0747 1152 idsvc - ok
    21:24:39.0763 1152 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    21:24:39.0779 1152 iirsp - ok
    21:24:39.0872 1152 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    21:24:39.0935 1152 IKEEXT - ok
    21:24:40.0028 1152 [ 9526F32B8A76F8DC25A1587400E30084 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    21:24:40.0075 1152 IntcAzAudAddService - ok
    21:24:40.0131 1152 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    21:24:40.0131 1152 intelide - ok
    21:24:40.0211 1152 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    21:24:40.0231 1152 intelppm - ok
    21:24:40.0251 1152 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    21:24:40.0261 1152 IPBusEnum - ok
    21:24:40.0281 1152 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    21:24:40.0321 1152 IpFilterDriver - ok
    21:24:40.0341 1152 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    21:24:40.0391 1152 IPMIDRV - ok
    21:24:40.0411 1152 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    21:24:40.0411 1152 IPNAT - ok
    21:24:40.0561 1152 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    21:24:40.0621 1152 iPod Service - ok
    21:24:40.0641 1152 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    21:24:40.0641 1152 IRENUM - ok
    21:24:40.0671 1152 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    21:24:40.0671 1152 isapnp - ok
    21:24:40.0711 1152 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    21:24:40.0771 1152 iScsiPrt - ok
    21:24:40.0801 1152 [ D85F3F18E44F7447B5F1BA5C85BAEB7C ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
    21:24:40.0841 1152 k57nd60a - ok
    21:24:40.0871 1152 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    21:24:40.0881 1152 kbdclass - ok
    21:24:40.0901 1152 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    21:24:40.0951 1152 kbdhid - ok
    21:24:40.0961 1152 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    21:24:40.0961 1152 KeyIso - ok
    21:24:40.0981 1152 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    21:24:41.0021 1152 KSecDD - ok
    21:24:41.0051 1152 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    21:24:41.0101 1152 KSecPkg - ok
    21:24:41.0101 1152 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    21:24:41.0111 1152 ksthunk - ok
    21:24:41.0171 1152 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    21:24:41.0191 1152 KtmRm - ok
    21:24:41.0261 1152 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
    21:24:41.0301 1152 LanmanServer - ok
    21:24:41.0341 1152 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    21:24:41.0371 1152 LanmanWorkstation - ok
    21:24:41.0391 1152 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    21:24:41.0401 1152 lltdio - ok
    21:24:41.0461 1152 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    21:24:41.0471 1152 lltdsvc - ok
    21:24:41.0491 1152 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    21:24:41.0501 1152 lmhosts - ok
    21:24:41.0521 1152 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    21:24:41.0531 1152 LSI_FC - ok
    21:24:41.0551 1152 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    21:24:41.0561 1152 LSI_SAS - ok
    21:24:41.0581 1152 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    21:24:41.0581 1152 LSI_SAS2 - ok
    21:24:41.0601 1152 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    21:24:41.0601 1152 LSI_SCSI - ok
    21:24:41.0641 1152 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    21:24:41.0641 1152 luafv - ok
    21:24:41.0711 1152 [ BE8C524313DB75FA26FB2B0C0AAFF88E ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    21:24:41.0771 1152 McAfee SiteAdvisor Service - ok
    21:24:41.0921 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    21:24:41.0981 1152 McMPFSvc - ok
    21:24:41.0981 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    21:24:41.0981 1152 mcmscsvc - ok
    21:24:41.0991 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    21:24:41.0991 1152 McNaiAnn - ok
    21:24:42.0001 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    21:24:42.0001 1152 McNASvc - ok
    21:24:42.0111 1152 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
    21:24:42.0121 1152 McODS - ok
    21:24:42.0141 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    21:24:42.0141 1152 McProxy - ok
    21:24:42.0187 1152 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    21:24:42.0250 1152 McShield - ok
    21:24:42.0281 1152 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    21:24:42.0343 1152 Mcx2Svc - ok
    21:24:42.0359 1152 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
    21:24:42.0359 1152 megasas - ok
    21:24:42.0453 1152 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    21:24:42.0468 1152 MegaSR - ok
    21:24:42.0531 1152 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
    21:24:42.0577 1152 mfeapfk - ok
    21:24:42.0609 1152 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    21:24:42.0655 1152 mfeavfk - ok
    21:24:42.0671 1152 mfeavfk01 - ok
    21:24:42.0687 1152 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    21:24:42.0733 1152 mfefire - ok
    21:24:42.0749 1152 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
    21:24:42.0796 1152 mfefirek - ok
    21:24:42.0843 1152 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    21:24:42.0936 1152 mfehidk - ok
    21:24:42.0952 1152 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    21:24:42.0999 1152 mferkdet - ok
    21:24:43.0045 1152 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Windows\system32\mfevtps.exe
    21:24:43.0092 1152 mfevtp - ok
    21:24:43.0108 1152 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
    21:24:43.0155 1152 mfewfpk - ok
    21:24:43.0186 1152 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    21:24:43.0186 1152 MMCSS - ok
    21:24:43.0201 1152 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    21:24:43.0217 1152 Modem - ok
    21:24:43.0248 1152 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    21:24:43.0248 1152 monitor - ok
    21:24:43.0264 1152 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    21:24:43.0279 1152 mouclass - ok
    21:24:43.0295 1152 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    21:24:43.0311 1152 mouhid - ok
    21:24:43.0342 1152 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    21:24:43.0389 1152 mountmgr - ok
    21:24:43.0404 1152 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    21:24:43.0451 1152 mpio - ok
    21:24:43.0482 1152 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    21:24:43.0498 1152 mpsdrv - ok
    21:24:43.0591 1152 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    21:24:43.0654 1152 MpsSvc - ok
    21:24:43.0670 1152 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    21:24:43.0732 1152 MRxDAV - ok
    21:24:43.0779 1152 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    21:24:43.0841 1152 mrxsmb - ok
    21:24:43.0872 1152 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    21:24:43.0919 1152 mrxsmb10 - ok
    21:24:43.0935 1152 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    21:24:43.0966 1152 mrxsmb20 - ok
    21:24:43.0997 1152 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    21:24:44.0075 1152 msahci - ok
    21:24:44.0122 1152 [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    21:24:44.0184 1152 MSCamSvc - ok
    21:24:44.0216 1152 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    21:24:44.0262 1152 msdsm - ok
    21:24:44.0294 1152 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    21:24:44.0309 1152 MSDTC - ok
    21:24:44.0340 1152 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    21:24:44.0356 1152 Msfs - ok
    21:24:44.0387 1152 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    21:24:44.0403 1152 mshidkmdf - ok
    21:24:44.0418 1152 [ 55218F924E55FD2786ED40EDF4ED79C3 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys
    21:24:44.0481 1152 MSHUSBVideo - ok
    21:24:44.0496 1152 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    21:24:44.0496 1152 msisadrv - ok
    21:24:44.0543 1152 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    21:24:44.0559 1152 MSiSCSI - ok
    21:24:44.0559 1152 msiserver - ok
    21:24:44.0606 1152 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    21:24:44.0606 1152 MSK80Service - ok
    21:24:44.0637 1152 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    21:24:44.0652 1152 MSKSSRV - ok
    21:24:44.0684 1152 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    21:24:44.0684 1152 MSPCLOCK - ok
    21:24:44.0699 1152 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    21:24:44.0699 1152 MSPQM - ok
    21:24:44.0730 1152 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    21:24:44.0777 1152 MsRPC - ok
    21:24:44.0793 1152 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    21:24:44.0793 1152 mssmbios - ok
    21:24:44.0808 1152 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    21:24:44.0808 1152 MSTEE - ok
    21:24:44.0824 1152 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    21:24:44.0840 1152 MTConfig - ok
    21:24:44.0840 1152 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    21:24:44.0840 1152 Mup - ok
    21:24:44.0871 1152 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    21:24:44.0902 1152 napagent - ok
    21:24:44.0949 1152 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    21:24:44.0964 1152 NativeWifiP - ok
    21:24:45.0074 1152 [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
    21:24:45.0167 1152 NAUpdate - ok
    21:24:45.0214 1152 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    21:24:45.0230 1152 NDIS - ok
    21:24:45.0261 1152 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    21:24:45.0261 1152 NdisCap - ok
    21:24:45.0292 1152 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi
  6. Dawn Barrientos

    Dawn Barrientos Newcomer, in training Topic Starter

    C:\Windows\system32\DRIVERS\ndistapi.sys
    21:24:45.0292 1152 NdisTapi - ok
    21:24:45.0308 1152 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    21:24:45.0354 1152 Ndisuio - ok
    21:24:45.0370 1152 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    21:24:45.0417 1152 NdisWan - ok
    21:24:45.0432 1152 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    21:24:45.0479 1152 NDProxy - ok
    21:24:45.0495 1152 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    21:24:45.0495 1152 NetBIOS - ok
    21:24:45.0510 1152 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    21:24:45.0557 1152 NetBT - ok
    21:24:45.0573 1152 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    21:24:45.0573 1152 Netlogon - ok
    21:24:45.0635 1152 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    21:24:45.0635 1152 Netman - ok
    21:24:45.0698 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:24:45.0760 1152 NetMsmqActivator - ok
    21:24:45.0760 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:24:45.0760 1152 NetPipeActivator - ok
    21:24:45.0800 1152 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    21:24:45.0800 1152 netprofm - ok
    21:24:45.0850 1152 [ EED1FBDE98CF5F6D5C0C5B27AB1F68EC ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys
    21:24:45.0900 1152 netr28ux - ok
    21:24:45.0910 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:24:45.0910 1152 NetTcpActivator - ok
    21:24:45.0910 1152 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:24:45.0910 1152 NetTcpPortSharing - ok
    21:24:45.0940 1152 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    21:24:45.0940 1152 nfrd960 - ok
    21:24:45.0980 1152 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    21:24:46.0020 1152 NlaSvc - ok
    21:24:46.0280 1152 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    21:24:46.0340 1152 NOBU - ok
    21:24:46.0390 1152 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    21:24:46.0390 1152 Npfs - ok
    21:24:46.0420 1152 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    21:24:46.0430 1152 nsi - ok
    21:24:46.0450 1152 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    21:24:46.0460 1152 nsiproxy - ok
    21:24:46.0530 1152 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    21:24:46.0590 1152 Ntfs - ok
    21:24:46.0610 1152 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    21:24:46.0610 1152 Null - ok
    21:24:46.0650 1152 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    21:24:46.0690 1152 nvraid - ok
    21:24:46.0720 1152 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    21:24:46.0770 1152 nvstor - ok
    21:24:46.0780 1152 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    21:24:46.0790 1152 nv_agp - ok
    21:24:46.0950 1152 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    21:24:47.0020 1152 odserv - ok
    21:24:47.0030 1152 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    21:24:47.0040 1152 ohci1394 - ok
    21:24:47.0110 1152 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:24:47.0170 1152 ose - ok
    21:24:47.0250 1152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    21:24:47.0250 1152 p2pimsvc - ok
    21:24:47.0270 1152 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    21:24:47.0280 1152 p2psvc - ok
    21:24:47.0290 1152 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
    21:24:47.0300 1152 Parport - ok
    21:24:47.0330 1152 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    21:24:47.0380 1152 partmgr - ok
    21:24:47.0470 1152 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    21:24:47.0480 1152 PcaSvc - ok
    21:24:47.0590 1152 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
    21:24:47.0670 1152 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
    21:24:47.0700 1152 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    21:24:47.0760 1152 pci - ok
    21:24:47.0790 1152 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    21:24:47.0790 1152 pciide - ok
    21:24:47.0870 1152 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    21:24:47.0880 1152 pcmcia - ok
    21:24:47.0910 1152 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    21:24:47.0920 1152 pcw - ok
    21:24:48.0040 1152 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    21:24:48.0070 1152 PEAUTH - ok
    21:24:48.0520 1152 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    21:24:48.0520 1152 PerfHost - ok
    21:24:48.0700 1152 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    21:24:48.0750 1152 pla - ok
    21:24:48.0820 1152 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    21:24:48.0860 1152 PlugPlay - ok
    21:24:48.0880 1152 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    21:24:48.0880 1152 PNRPAutoReg - ok
    21:24:48.0970 1152 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    21:24:48.0970 1152 PNRPsvc - ok
    21:24:49.0030 1152 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    21:24:49.0070 1152 PolicyAgent - ok
    21:24:49.0080 1152 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    21:24:49.0080 1152 Power - ok
    21:24:49.0130 1152 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    21:24:49.0200 1152 PptpMiniport - ok
    21:24:49.0220 1152 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
    21:24:49.0220 1152 Processor - ok
    21:24:49.0260 1152 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    21:24:49.0310 1152 ProfSvc - ok
    21:24:49.0320 1152 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    21:24:49.0320 1152 ProtectedStorage - ok
    21:24:49.0340 1152 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    21:24:49.0340 1152 Psched - ok
    21:24:49.0391 1152 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    21:24:49.0469 1152 PxHlpa64 - ok
    21:24:49.0750 1152 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    21:24:49.0781 1152 ql2300 - ok
    21:24:49.0797 1152 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    21:24:49.0812 1152 ql40xx - ok
    21:24:49.0844 1152 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    21:24:49.0859 1152 QWAVE - ok
    21:24:49.0875 1152 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    21:24:49.0890 1152 QWAVEdrv - ok
    21:24:49.0906 1152 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    21:24:49.0906 1152 RasAcd - ok
    21:24:49.0984 1152 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    21:24:49.0984 1152 RasAgileVpn - ok
    21:24:50.0015 1152 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    21:24:50.0046 1152 RasAuto - ok
    21:24:50.0062 1152 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    21:24:50.0124 1152 Rasl2tp - ok
    21:24:50.0140 1152 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    21:24:50.0171 1152 RasMan - ok
    21:24:50.0187 1152 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    21:24:50.0187 1152 RasPppoe - ok
    21:24:50.0234 1152 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    21:24:50.0249 1152 RasSstp - ok
    21:24:50.0265 1152 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    21:24:50.0312 1152 rdbss - ok
    21:24:50.0327 1152 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    21:24:50.0343 1152 rdpbus - ok
    21:24:50.0358 1152 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    21:24:50.0358 1152 RDPCDD - ok
    21:24:50.0358 1152 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    21:24:50.0374 1152 RDPENCDD - ok
    21:24:50.0390 1152 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    21:24:50.0390 1152 RDPREFMP - ok
    21:24:50.0405 1152 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    21:24:50.0452 1152 RDPWD - ok
    21:24:50.0483 1152 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    21:24:50.0577 1152 rdyboost - ok
    21:24:50.0592 1152 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    21:24:50.0592 1152 RemoteAccess - ok
    21:24:50.0639 1152 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    21:24:50.0655 1152 RemoteRegistry - ok
    21:24:50.0904 1152 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    21:24:50.0982 1152 RoxMediaDB12OEM - ok
    21:24:51.0014 1152 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    21:24:51.0060 1152 RoxWatch12 - ok
    21:24:51.0123 1152 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    21:24:51.0138 1152 RpcEptMapper - ok
    21:24:51.0170 1152 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    21:24:51.0185 1152 RpcLocator - ok
    21:24:51.0294 1152 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    21:24:51.0294 1152 RpcSs - ok
    21:24:51.0357 1152 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    21:24:51.0357 1152 rspndr - ok
    21:24:51.0372 1152 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    21:24:51.0372 1152 SamSs - ok
    21:24:51.0388 1152 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    21:24:51.0435 1152 sbp2port - ok
    21:24:51.0450 1152 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    21:24:51.0450 1152 SCardSvr - ok
    21:24:51.0466 1152 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    21:24:51.0513 1152 scfilter - ok
    21:24:51.0638 1152 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    21:24:51.0684 1152 Schedule - ok
    21:24:51.0762 1152 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    21:24:51.0762 1152 SCPolicySvc - ok
    21:24:51.0794 1152 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    21:24:51.0856 1152 SDRSVC - ok
    21:24:51.0856 1152 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    21:24:51.0872 1152 secdrv - ok
    21:24:51.0872 1152 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    21:24:51.0903 1152 seclogon - ok
    21:24:51.0918 1152 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    21:24:51.0918 1152 SENS - ok
    21:24:51.0950 1152 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    21:24:51.0950 1152 SensrSvc - ok
    21:24:51.0965 1152 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
    21:24:51.0965 1152 Serenum - ok
    21:24:52.0012 1152 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
    21:24:52.0028 1152 Serial - ok
    21:24:52.0043 1152 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    21:24:52.0043 1152 sermouse - ok
    21:24:52.0074 1152 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    21:24:52.0106 1152 SessionEnv - ok
    21:24:52.0121 1152 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    21:24:52.0137 1152 sffdisk - ok
    21:24:52.0168 1152 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    21:24:52.0168 1152 sffp_mmc - ok
    21:24:52.0184 1152 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    21:24:52.0215 1152 sffp_sd - ok
    21:24:52.0230 1152 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    21:24:52.0246 1152 sfloppy - ok
    21:24:52.0324 1152 [ 1968E6EBBEECF61D5F7D8603467E2AD0 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    21:24:52.0386 1152 SftService - ok
    21:24:52.0402 1152 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    21:24:52.0433 1152 ShellHWDetection - ok
    21:24:52.0464 1152 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    21:24:52.0464 1152 SiSRaid2 - ok
    21:24:52.0480 1152 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    21:24:52.0480 1152 SiSRaid4 - ok
    21:24:52.0589 1152 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    21:24:57.0222 1152 SkypeUpdate - ok
    21:24:57.0254 1152 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    21:24:57.0254 1152 Smb - ok
    21:24:57.0300 1152 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    21:24:57.0316 1152 SNMPTRAP - ok
    21:24:57.0394 1152 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    21:24:57.0410 1152 spldr - ok
    21:24:57.0441 1152 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    21:24:57.0519 1152 Spooler - ok
    21:24:57.0628 1152 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    21:24:57.0690 1152 sppsvc - ok
    21:24:57.0706 1152 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    21:24:57.0706 1152 sppuinotify - ok
    21:24:57.0784 1152 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    21:24:57.0846 1152 srv - ok
    21:24:57.0878 1152 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    21:24:57.0924 1152 srv2 - ok
    21:24:57.0940 1152 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    21:24:57.0987 1152 srvnet - ok
    21:24:58.0018 1152 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    21:24:58.0034 1152 SSDPSRV - ok
    21:24:58.0065 1152 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    21:24:58.0065 1152 SstpSvc - ok
    21:24:58.0127 1152 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
    21:24:58.0127 1152 stexstor - ok
    21:24:58.0190 1152 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    21:24:58.0252 1152 stisvc - ok
    21:24:58.0330 1152 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    21:24:58.0408 1152 stllssvr - ok
    21:24:58.0424 1152 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    21:24:58.0424 1152 swenum - ok
    21:24:58.0455 1152 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    21:24:58.0455 1152 swprv - ok
    21:24:58.0486 1152 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    21:24:58.0533 1152 SysMain - ok
    21:24:58.0580 1152 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    21:24:58.0611 1152 TabletInputService - ok
    21:24:58.0611 1152 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    21:24:58.0658 1152 TapiSrv - ok
    21:24:58.0658 1152 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    21:24:58.0673 1152 TBS - ok
    21:24:58.0798 1152 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    21:24:58.0860 1152 Tcpip - ok
    21:24:58.0923 1152 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    21:24:58.0923 1152 TCPIP6 - ok
    21:24:58.0938 1152 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    21:24:58.0985 1152 tcpipreg - ok
    21:24:59.0048 1152 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    21:24:59.0048 1152 TDPIPE - ok
    21:24:59.0110 1152 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    21:24:59.0188 1152 TDTCP - ok
    21:24:59.0204 1152 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    21:24:59.0266 1152 tdx - ok
    21:24:59.0297 1152 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    21:24:59.0360 1152 TermDD - ok
    21:24:59.0453 1152 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    21:24:59.0500 1152 TermService - ok
    21:24:59.0516 1152 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    21:24:59.0516 1152 Themes - ok
    21:24:59.0547 1152 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    21:24:59.0547 1152 THREADORDER - ok
    21:24:59.0562 1152 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    21:24:59.0578 1152 TrkWks - ok
    21:24:59.0672 1152 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    21:24:59.0734 1152 TrustedInstaller - ok
    21:24:59.0781 1152 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    21:24:59.0859 1152 tssecsrv - ok
    21:24:59.0874 1152 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    21:24:59.0921 1152 TsUsbFlt - ok
    21:24:59.0952 1152 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    21:24:59.0999 1152 TsUsbGD - ok
    21:25:00.0015 1152 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    21:25:00.0077 1152 tunnel - ok
    21:25:00.0108 1152 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    21:25:00.0108 1152 uagp35 - ok
    21:25:00.0155 1152 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    21:25:00.0218 1152 udfs - ok
    21:25:00.0249 1152 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    21:25:00.0264 1152 UI0Detect - ok
    21:25:00.0296 1152 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    21:25:00.0296 1152 uliagpkx - ok
    21:25:00.0342 1152 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    21:25:00.0405 1152 umbus - ok
    21:25:00.0483 1152 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
    21:25:00.0483 1152 UmPass - ok
    21:25:00.0530 1152 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    21:25:00.0545 1152 upnphost - ok
    21:25:00.0561 1152 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    21:25:00.0608 1152 USBAAPL64 - ok
    21:25:00.0639 1152 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    21:25:00.0686 1152 usbaudio - ok
    21:25:00.0732 1152 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    21:25:00.0779 1152 usbccgp - ok
    21:25:00.0810 1152 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    21:25:00.0810 1152 usbcir - ok
    21:25:00.0888 1152 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    21:25:00.0966 1152 usbehci - ok
    21:25:01.0029 1152 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    21:25:01.0107 1152 usbhub - ok
    21:25:01.0122 1152 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    21:25:01.0169 1152 usbohci - ok
    21:25:01.0185 1152 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
    21:25:01.0185 1152 usbprint - ok
    21:25:01.0247 1152 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    21:25:01.0294 1152 USBSTOR - ok
    21:25:01.0325 1152 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    21:25:01.0388 1152 usbuhci - ok
    21:25:01.0403 1152 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    21:25:01.0450 1152 usbvideo - ok
    21:25:01.0497 1152 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    21:25:01.0512 1152 UxSms - ok
    21:25:01.0528 1152 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    21:25:01.0528 1152 VaultSvc - ok
    21:25:01.0559 1152 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    21:25:01.0559 1152 vdrvroot - ok
    21:25:01.0590 1152 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    21:25:01.0653 1152 vds - ok
    21:25:01.0715 1152 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    21:25:01.0715 1152 vga - ok
    21:25:01.0746 1152 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    21:25:01.0746 1152 VgaSave - ok
    21:25:01.0809 1152 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    21:25:01.0887 1152 vhdmp - ok
    21:25:01.0902 1152 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    21:25:01.0902 1152 viaide - ok
    21:25:01.0934 1152 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    21:25:01.0980 1152 volmgr - ok
    21:25:01.0996 1152 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    21:25:02.0074 1152 volmgrx - ok
    21:25:02.0090 1152 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    21:25:02.0168 1152 volsnap - ok
    21:25:02.0183 1152 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    21:25:02.0199 1152 vsmraid - ok
    21:25:02.0370 1152 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    21:25:02.0417 1152 VSS - ok
    21:25:02.0480 1152 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    21:25:02.0495 1152 vwifibus - ok
    21:25:02.0526 1152 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    21:25:02.0542 1152 vwififlt - ok
    21:25:02.0589 1152 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    21:25:02.0604 1152 vwifimp - ok
    21:25:02.0667 1152 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    21:25:02.0667 1152 W32Time - ok
    21:25:02.0682 1152 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    21:25:02.0698 1152 WacomPen - ok
    21:25:02.0729 1152 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    21:25:02.0792 1152 WANARP - ok
    21:25:02.0792 1152 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    21:25:02.0792 1152 Wanarpv6 - ok
    21:25:02.0901 1152 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    21:25:02.0948 1152 WatAdminSvc - ok
    21:25:03.0104 1152 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    21:25:03.0166 1152 wbengine - ok
    21:25:03.0166 1152 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    21:25:03.0182 1152 WbioSrvc - ok
    21:25:03.0197 1152 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    21:25:03.0197 1152 wcncsvc - ok
    21:25:03.0228 1152 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    21:25:03.0228 1152 WcsPlugInService - ok
    21:25:03.0260 1152 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
    21:25:03.0275 1152 Wd - ok
    21:25:03.0338 1152 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    21:25:03.0338 1152 Wdf01000 - ok
    21:25:03.0369 1152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    21:25:03.0369 1152 WdiServiceHost - ok
    21:25:03.0384 1152 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    21:25:03.0400 1152 WdiSystemHost - ok
    21:25:03.0416 1152 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    21:25:03.0447 1152 WebClient - ok
    21:25:03.0462 1152 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    21:25:03.0462 1152 Wecsvc - ok
    21:25:03.0478 1152 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    21:25:03.0494 1152 wercplsupport - ok
    21:25:03.0494 1152 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    21:25:03.0509 1152 WerSvc - ok
    21:25:03.0540 1152 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    21:25:03.0540 1152 WfpLwf - ok
    21:25:03.0587 1152 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    21:25:03.0665 1152 WimFltr - ok
    21:25:03.0681 1152 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    21:25:03.0681 1152 WIMMount - ok
    21:25:03.0681 1152 WinHttpAutoProxySvc - ok
    21:25:03.0790 1152 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    21:25:03.0806 1152 Winmgmt - ok
    21:25:03.0962 1152 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    21:25:03.0993 1152 WinRM - ok
    21:25:04.0040 1152 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    21:25:04.0133 1152 WinUsb - ok
    21:25:04.0196 1152 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    21:25:04.0227 1152 Wlansvc - ok
    21:25:04.0289 1152 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    21:25:04.0352 1152 wlcrasvc - ok
    21:25:04.0476 1152 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:25:04.0523 1152 wlidsvc - ok
    21:25:04.0539 1152 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    21:25:04.0539 1152 WmiAcpi - ok
    21:25:04.0586 1152 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    21:25:04.0586 1152 wmiApSrv - ok
    21:25:04.0601 1152 WMPNetworkSvc - ok
    21:25:04.0617 1152 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    21:25:04.0632 1152 WPCSvc - ok
    21:25:04.0632 1152 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    21:25:04.0679 1152 WPDBusEnum - ok
    21:25:04.0710 1152 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    21:25:04.0710 1152 ws2ifsl - ok
    21:25:04.0757 1152 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
    21:25:04.0773 1152 WSDPrintDevice - ok
    21:25:04.0788 1152 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
    21:25:04.0788 1152 WSDScan - ok
    21:25:04.0788 1152 WSearch - ok
    21:25:04.0866 1152 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    21:25:04.0913 1152 wuauserv - ok
    21:25:04.0944 1152 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    21:25:05.0007 1152 WudfPf - ok
    21:25:05.0038 1152 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    21:25:05.0069 1152 wudfsvc - ok
    21:25:05.0085 1152 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    21:25:05.0085 1152 WwanSvc - ok
    21:25:05.0116 1152 ================ Scan global ===============================
    21:25:05.0147 1152 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    21:25:05.0194 1152 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    21:25:05.0210 1152 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    21:25:05.0225 1152 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    21:25:05.0288 1152 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    21:25:05.0288 1152 [Global] - ok
    21:25:05.0288 1152 ================ Scan MBR ==================================
    21:25:05.0303 1152 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    21:25:06.0536 1152 \Device\Harddisk0\DR0 - ok
    21:25:06.0536 1152 ================ Scan VBR ==================================
    21:25:06.0536 1152 [ 2429A2C78D5A970BF85C2BA002CF9C81 ] \Device\Harddisk0\DR0\Partition1
    21:25:06.0536 1152 \Device\Harddisk0\DR0\Partition1 - ok
    21:25:06.0582 1152 [ 36F7F8E07FE5F3BC5FB91C5619DD77C6 ] \Device\Harddisk0\DR0\Partition2
    21:25:06.0582 1152 \Device\Harddisk0\DR0\Partition2 - ok
    21:25:06.0582 1152 ============================================================
    21:25:06.0582 1152 Scan finished
    21:25:06.0582 1152 ============================================================
    21:25:06.0598 5592 Detected object count: 0
    21:25:06.0598 5592 Actual detected object count: 0
  7. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Re-run MBAM one more time and post new log.

    Next...

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  8. Dawn Barrientos

    Dawn Barrientos Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware 1.65.0.1400

    www.malwarebytes.org



    Database version: v2012.10.17.08



    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Dawn Barrientos :: FAMILYROOM2 [administrator]



    10/22/2012 11:27:35 PM

    mbam-log-2012-10-22 (23-27-35).txt



    Scan type: Quick scan

    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

    Scan options disabled: P2P

    Objects scanned: 204255

    Time elapsed: 4 minute(s), 45 second(s)



    Memory Processes Detected: 0

    (No malicious items detected)



    Memory Modules Detected: 0

    (No malicious items detected)



    Registry Keys Detected: 1

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> No action taken.



    Registry Values Detected: 0

    (No malicious items detected)



    Registry Data Items Detected: 0

    (No malicious items detected)



    Folders Detected: 0

    (No malicious items detected)



    Files Detected: 0

    (No malicious items detected)



    (end)

    RogueKiller V8.1.1 [10/01/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website: http://tigzy.geekstogo.com/roguekiller.php

    Blog: http://tigzyrk.blogspot.com



    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Dawn Barrientos [Admin rights]

    Mode : Scan -- Date : 10/22/2012 23:40:31



    ¤¤¤ Bad processes : 4 ¤¤¤

    [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]



    ¤¤¤ Registry Entries : 12 ¤¤¤

    [RUN][SUSP PATH] HKCU\[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> FOUND

    [RUN][SUSP PATH] HKUS\S-1-5-21-788865697-3205942769-3514527554-1001[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> FOUND

    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND

    [TASK][ROGUE ST] 4785 : wscript.exe C:\Users\DAWNBA~1\AppData\Local\Temp\launchie.vbs //B -> FOUND

    [TASK][SUSP PATH] winupd : C:\Users\DAWNBA~1\AppData\Local\Temp:winupd.exe -> FOUND

    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> FOUND



    ¤¤¤ Particular Files / Folders: ¤¤¤

    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\U --> FOUND

    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\L --> FOUND



    ¤¤¤ Driver : [NOT LOADED] ¤¤¤



    ¤¤¤ Infection : ZeroAccess ¤¤¤



    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts







    ¤¤¤ MBR Check: ¤¤¤



    +++++ PhysicalDrive0: ST31000524AS ATA Device +++++

    --- User ---

    [MBR] 38188122449a5d7ccb4f014e9760dbd8

    [BSP] 0d5557623343827e718ad65654a1033c : Windows Vista MBR Code

    Partition table:

    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 938662 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!



    +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    +++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    Finished : << RKreport[1].txt >>

    RKreport[1].txt

    RogueKiller V8.1.1 [10/01/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website: http://tigzy.geekstogo.com/roguekiller.php

    Blog: http://tigzyrk.blogspot.com



    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Dawn Barrientos [Admin rights]

    Mode : Scan -- Date : 10/22/2012 23:42:45



    ¤¤¤ Bad processes : 4 ¤¤¤

    [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]



    ¤¤¤ Registry Entries : 12 ¤¤¤

    [RUN][SUSP PATH] HKCU\[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> FOUND

    [RUN][SUSP PATH] HKUS\S-1-5-21-788865697-3205942769-3514527554-1001[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> FOUND

    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND

    [TASK][ROGUE ST] 4785 : wscript.exe C:\Users\DAWNBA~1\AppData\Local\Temp\launchie.vbs //B -> FOUND

    [TASK][SUSP PATH] winupd : C:\Users\DAWNBA~1\AppData\Local\Temp:winupd.exe -> FOUND

    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    [FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> FOUND



    ¤¤¤ Particular Files / Folders: ¤¤¤

    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\U --> FOUND

    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\L --> FOUND



    ¤¤¤ Driver : [NOT LOADED] ¤¤¤



    ¤¤¤ Infection : ZeroAccess ¤¤¤



    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts







    ¤¤¤ MBR Check: ¤¤¤



    +++++ PhysicalDrive0: ST31000524AS ATA Device +++++

    --- User ---

    [MBR] 38188122449a5d7ccb4f014e9760dbd8

    [BSP] 0d5557623343827e718ad65654a1033c : Windows Vista MBR Code

    Partition table:

    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 938662 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!



    +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    +++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    Finished : << RKreport[2].txt >>

    RKreport[1].txt ; RKreport[2].txt
  9. Dawn Barrientos

    Dawn Barrientos Newcomer, in training Topic Starter

    RogueKiller V8.1.1 [10/01/2012] by Tigzy

    mail: tigzyRK<at>gmail<dot>com

    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

    Website: http://tigzy.geekstogo.com/roguekiller.php

    Blog: http://tigzyrk.blogspot.com



    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Dawn Barrientos [Admin rights]

    Mode : Remove -- Date : 10/22/2012 23:44:32



    ¤¤¤ Bad processes : 7 ¤¤¤

    [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]

    [RESIDUE] iexplore.exe -- C:\Program Files (x86)\Internet Explorer\iexplore.exe -> KILLED [TermProc]



    ¤¤¤ Registry Entries : 9 ¤¤¤

    [RUN][SUSP PATH] HKCU\[...]\Run : APN (rundll32.exe "C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll",fltInfoW) -> DELETED

    [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED

    [TASK][ROGUE ST] 4785 : wscript.exe C:\Users\DAWNBA~1\AppData\Local\Temp\launchie.vbs //B -> DELETED

    [TASK][SUSP PATH] winupd : C:\Users\DAWNBA~1\AppData\Local\Temp:winupd.exe -> DELETED

    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED

    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED

    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    [FILEASSO] HKLM\[...]\command : (C:\Program Files (x86)\Internet Explorer\iexplore.exe) -> REPLACED ("C:\Program Files (x86)\Internet Explorer\iexplore.exe")



    ¤¤¤ Particular Files / Folders: ¤¤¤

    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\U --> REMOVED

    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-788865697-3205942769-3514527554-1001\$7ca8975b26d4caab17fbc64d6538852e\L --> REMOVED



    ¤¤¤ Driver : [NOT LOADED] ¤¤¤



    ¤¤¤ Infection : ZeroAccess ¤¤¤



    ¤¤¤ HOSTS File: ¤¤¤

    --> C:\Windows\system32\drivers\etc\hosts







    ¤¤¤ MBR Check: ¤¤¤



    +++++ PhysicalDrive0: ST31000524AS ATA Device +++++

    --- User ---

    [MBR] 38188122449a5d7ccb4f014e9760dbd8

    [BSP] 0d5557623343827e718ad65654a1033c : Windows Vista MBR Code

    Partition table:

    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 Mo

    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 938662 Mo

    User = LL1 ... OK!

    User = LL2 ... OK!



    +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    +++++ PhysicalDrive3: Generic- SM/xD Picture USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++

    Error reading User MBR!

    User = LL1 ... OK!

    Error reading LL2 MBR!



    Finished : << RKreport[3].txt >>

    RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt



    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

    Run date: 2012-10-22 23:50:54

    -----------------------------

    23:50:54.116 OS Version: Windows x64 6.1.7601 Service Pack 1

    23:50:54.116 Number of processors: 4 586 0x503

    23:50:54.116 ComputerName: FAMILYROOM2 UserName:

    23:50:59.109 Initialize success

    23:51:45.866 AVAST engine defs: 12102201

    23:51:57.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

    23:51:57.358 Disk 0 Vendor: ST31000524AS JC47 Size: 953869MB BusType: 11

    23:51:57.374 Disk 0 MBR read successfully

    23:51:57.389 Disk 0 MBR scan

    23:51:57.389 Disk 0 Windows VISTA default MBR code

    23:51:57.405 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63

    23:51:57.405 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15166 MB offset 81920

    23:51:57.436 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938662 MB offset 31141888

    23:51:57.592 Disk 0 scanning C:\Windows\system32\drivers

    23:52:09.214 Service scanning

    23:52:28.683 Modules scanning

    23:52:28.699 Disk 0 trace - called modules:

    23:52:28.714 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

    23:52:28.730 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005fc7060]

    23:52:28.730 3 CLASSPNP.SYS[fffff8800197b43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8005ef4680]

    23:52:30.290 AVAST engine scan C:\Windows

    23:52:32.521 AVAST engine scan C:\Windows\system32

    23:57:07.045 AVAST engine scan C:\Windows\system32\drivers

    23:57:20.913 AVAST engine scan C:\Users\Dawn Barrientos

    23:57:21.693 File: C:\Users\Dawn Barrientos\AppData\Local\Apple\APN\rsdbkta.dll **INFECTED** Win32:Trojan-gen

    23:58:36.182 Disk 0 MBR has been saved successfully to "C:\Users\Dawn Barrientos\Desktop\MBR.dat"

    23:58:36.182 The log file has been saved successfully to "C:\Users\Dawn Barrientos\Desktop\aswMBR.txt"



  10. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    I apologize.
    It looks like email notification missed me.

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    =================================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  11. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    Still with me?
     
  12. Broni

    Broni Malware Annihilator Posts: 46,321   +252

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.