kerux

Windows update error 80246008 - no bits service

56 posts in this topic

Acer laptop running Windows 7 cannot install any updates through Windows update. Microsoft fixit failed, but I did determine that BITS service is not running and any attempt to start it prompts an "error 1068". Looking for suggestions to fix this....any help appreciated.

Share this post


Link to post
Share on other sites

Have you recently cleaned up from a rootkit infection?

Please run the following scanner and send back the logs.

Download DDS from one of the locations below and save to your Desktop

dds.scr

dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.


    When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt

  • Save both reports to your desktop
  • Please include the following logs in your next reply: DDS.txt and Attach.txt
    You can ignore the note about zipping the Attach.txt file in most cases.

Share this post


Link to post
Share on other sites

I am not aware of any recent infections...various scans (ASC5, Glary, etc.) have not shown anything. DDS logs below:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Teri at 8:45:12 on 2012-08-15

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\HitmanPro\hmpsched.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\SysWOW64\PSIService.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\IObit\Game Booster\gbtray.exe

C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\PLFSetI.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe

C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7540&r=27360310j206l04c8z1j5t4461a462

mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8

mStart Page = hxxp://www.yahoo.com/?ilc=8

uURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dll

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dll

TB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

StartupFolder: C:\Users\Teri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

StartupFolder: C:\Users\Teri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXE

StartupFolder: C:\Users\Teri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{BC5CC470-2726-47C8-9240-F4449CF53871} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 98.159.192.3 98.159.192.2

TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE}\3756162737F533136353 : DhcpNameServer = 98.159.192.3 98.159.192.2

TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE}\3756162737F533136353D27657563747 : DhcpNameServer = 98.159.192.3 98.159.192.2

TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE}\8686F6E6F62737 : DhcpNameServer = 12.127.17.71 4.2.2.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dll

TB-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLL

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart

mRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k

mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-5-14 913752]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-27 44768]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-1-26 844320]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]

R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-8-14 108392]

R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-3-27 821592]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-24 62720]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-28 240160]

R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-8-14 21384]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-8-14 33224]

R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-8-14 21904]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-5 135664]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-14 250056]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-5 135664]

S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-28 225280]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-6-18 14544]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-15 13:26:18 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC1A01C5-E308-4780-8F5E-9FD437881E66}\offreg.dll

2012-08-15 04:49:58 -------- d-----w- C:\Program Files\HitmanPro

2012-08-15 04:45:27 -------- d-----w- C:\ProgramData\HitmanPro

2012-07-16 23:59:59 -------- d-----w- C:\Users\Teri\AppData\Roaming\SpeedyPC Software

2012-07-16 23:59:59 -------- d-----w- C:\Users\Teri\AppData\Roaming\DriverCure

2012-07-16 23:59:33 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software

2012-07-16 23:59:31 -------- d-----w- C:\ProgramData\SpeedyPC Software

.

==================== Find3M ====================

.

2012-08-15 04:56:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 04:56:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-31 05:34:19 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

.

============= FINISH: 8:45:48.84 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/5/2010 5:49:52 AM

System Uptime: 8/15/2012 8:15:31 AM (0 hours ago)

.

Motherboard: Acer | | JV71TR

Processor: AMD Athlon II Dual-Core M300 | Socket S1G3 | 2000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 286 GiB total, 199.57 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office Suite Service Pack 2 (SP2)

7-Zip 4.65

Acer Arcade Deluxe

Acer Assist

Acer Backup Manager

Acer Crystal Eye Webcam

Acer ePower Management

Acer eRecovery Management

Acer Games

Acer GridVista

Acer Registration

Acer ScreenSaver

Acer Updater

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.3.4 MUI

Adobe Shockwave Player 11.6

Advanced SystemCare 5

AMD USB Filter Driver

avast! Free Antivirus

Backup Manager Basic

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

Corel Photo Album 7

D3DX10

eGames Toolbar

eSobi v2

Game Booster 3

Glary Utilities 2.48.0.1568

Google Chrome

Google Update Helper

Identity Card

IObit Malware Fighter

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Kriss X

Launch Manager

Mesh Runtime

Messenger Companion

Microsoft Office 97, Standard Edition

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Publisher 98

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyWinLocker

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

PMB

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RuneScape

Runescape Toolbar

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2466156)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft Office Excel 2007 (KB2464583)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Smart Defrag 2

swMSM

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update Installer for WildTangent Games App

Ventrilo Client

Welcome Center

WildTangent Games App (Acer Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

8/8/2012 8:30:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NTI IScheduleSvc service to connect.

8/8/2012 8:30:43 PM, Error: Service Control Manager [7000] - The NTI IScheduleSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/8/2012 2:50:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IMF Service service to connect.

8/8/2012 2:50:16 PM, Error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/15/2012 8:36:13 AM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The operation completed successfully.

8/15/2012 8:36:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

8/15/2012 8:15:55 AM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The operation completed successfully.

8/15/2012 8:15:44 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

8/15/2012 8:15:44 AM, Error: atikmdag [43029] - Display is not active

8/15/2012 8:15:41 AM, Error: volmgr [46] - Crash dump initialization failed!

8/14/2012 9:34:27 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The service has not been started.

8/14/2012 9:01:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/14/2012 9:01:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/14/2012 9:01:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/14/2012 9:01:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/14/2012 9:00:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6

8/12/2012 6:57:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

8/10/2012 6:20:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Acer ePower Service service to connect.

8/10/2012 6:20:03 PM, Error: Service Control Manager [7000] - The Acer ePower Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Followed the page instructions. Installed EventSystemWin7.reg (COM+ shuts down & BITS error 1068) and BITSWin7.reg (same problems). COM+ Event System tries to start but evidently shuts down because nothing is using it?

Share this post


Link to post
Share on other sites

I've asked one of the Moderators if they have time to check in on this and assist you further. As soon as they have time they should stop by and take a look to see if they can help you.

Thanks

Share this post


Link to post
Share on other sites

Hi kerux,

Ron's asked me to review your situation.

My thinking is that the Remote procedure call service is not on, and as a result both COM event & BITS won't work. All making windows update non-functional.

Please Download and SAVE this reg-file to your Desktop

http://download.bleepingcomputer.com/win-services/7/RpcSs.reg

go to Start, type in

REGEDIT and press Enter-key

from main menu, select File

then select IMPORT

navigate the dialog (click on DESKTOP icon on left to select it)

type in

rpcss.reg

in the Filename text-box and click Open button.

Once the merge is complete, you will see a confirmation message.

Click OK when done.

Close/exit Regedit.

Now, Logoff and Restart Windows fresh.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

IF this is a notebook, plug it into normal electric-power or UPS-system.

Next, press Windows-key, type in windows update and click it when it shows.

When you'got Windows Update screen, press the Check for Updates on upper-left side.

Review what is offered. Only take items that are shown as Critical or Importnant. (skip, for now, any optional or Recommended items).

Have lots and lots of patience as updates are processed, and be sure to allow Restart when prompted.

IF there's a update failure, we will need the new "exception /fail-code".

Share this post


Link to post
Share on other sites

Hi Maurice, thanks for your help. I could not get past the first step. When I try to open rpcss.reg within regedit I get a registry error:

"Cannot import C:\users\teri\desktop\rpcss.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes"

Share this post


Link to post
Share on other sites

Logoff and restart system fresh.

Review carefully my list and try one more time. The name of the file to Import is the same as the one you save from the download.

Just try one time.

Share this post


Link to post
Share on other sites

Logged off and did a clean boot.....(regedit/file/import/rpcss.reg/open)....same error message. Booted in safe mode....same error message. Regedit will not allow the file to be opened.

Share this post


Link to post
Share on other sites

OK. Close Regedit. Go to where the reg file is saved.

Right click on it and select Merge.

IF it gives a hiccup, let's forget it.

Next, in any event, do this:

Close and exit any open work documents or program windows you opened.

1. Open Internet Explorer (only!) to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warnings as well as the APPLIES TO section] & run the Fix It.

Note=> For optimal results, check the Delete personal settings option.

2a. Open Internet Explorer (only!) to http://support.microsoft.com/kb/910336 [ignore the title & Symptoms].

2b. Dismiss/close the "automated troubleshooter" pop-up! - then...

2c. Ignoring any "Not recommended" or similar warnings, run Fix It 50202 in DEFAULT mode (if on a later run you still have the same failure, then repeat the above & select the Agressive mode).

3. Reboot & then run a manual check for updates at Windows Update, etc., etc...

When you reach Windows Update, do a Custom scan for updates. Take (accept) the ones marked Critical or Important.

If there are Silverlight or Net Framework updates, un-select them and leave them for a later pass.

Decline any that are marked as "optional".

Have infinite patience while it scans and does it's work.

When it prompts you to Restart Windows, please do that. Allow it to restart.

If you are still having a failure, and you just had done a default-mode Fix-IT, go back to 2a/2c and now this time do the default mode AND the agressive mode (both) and retry one more time Windows Update

Share this post


Link to post
Share on other sites

Tried to merge rpcss.reg and got the same error message. Ran the first fixit in IE. Then, Fixit 50202 stalled 2/3rds of the way thru on default AND later on aggressive. Both times it said BITS failed to start.

Share this post


Link to post
Share on other sites

Hello kerux,

Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

From Start button, select RUN (or Win-key +R) and in the run-text-box type in MSCONFIG and press OK or Enter.

On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

Then using the scroll-bar scroll down the list

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

Then report back here with details.

If any of the services are not shown, just let me know which.

NEXT:

See these references on the System Update Readiness Tool and run the SUR

Have plenty of patience while it runs.

http://windows.micro...-Readiness-Tool

Share this post


Link to post
Share on other sites

All services were present and checked already. Downloading SUR now.

Share this post


Link to post
Share on other sites

Please retry Windows Update and advise me of result. IF there's a hiccup, I will need the exception-fail code.

Share this post


Link to post
Share on other sites

Hello kerux,

Please run this batch-fix to set some Windows services. Before starting it, make sure to save & close any open documents. This process will do a system restart at the end.

Run a fix

This will be a batch-fix .

  • Press the Windows-key on keyboard.
  • In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    sc config dcomlaunch start= auto
    sc config rpceptmapper start= auto
    sc config rpcss start= auto
    sc config eventsystem start= auto
    sc config bits start= delayed-auto
    sc config eventlog start= auto
    sc config winmgmt start= auto
    sc config sdrsvc start= manual
    sc config vss start= auto
    shutdown -r -t 1
    del %0


  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  • Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows 7.

Please retry Windows Update and advise me of result. IF there's a hiccup, I will need the exception-fail code.

Share this post


Link to post
Share on other sites

Ran Fix.bat....tried update (failed)...error code 80246008

Share this post


Link to post
Share on other sites

I am moving your thread into the Malware-removal forum. The continued failure in Windows update and with this repeated fail-code makes it highly likely we are dealing with malware.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

IF you have a previous copy of aswMBR, delete it.

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • IF you have a previous copy of TDSSKILLER, then delete it.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. :excl:

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Share this post


Link to post
Share on other sites

Did first 3 steps....aswMBR did not enable fix button:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-20 12:55:43

-----------------------------

12:55:43.533 OS Version: Windows x64 6.1.7601 Service Pack 1

12:55:43.533 Number of processors: 2 586 0x602

12:55:43.533 ComputerName: TERI-PC UserName: Teri

12:55:44.506 Initialize success

12:56:58.887 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057

12:56:58.887 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 11

12:56:58.903 Disk 0 MBR read successfully

12:56:58.919 Disk 0 MBR scan

12:56:58.919 Disk 0 Windows VISTA default MBR code

12:56:58.919 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 2048

12:56:58.934 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 24578048

12:56:58.950 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293143 MB offset 24782848

12:56:58.965 Disk 0 scanning C:\Windows\system32\drivers

12:57:04.925 Service scanning

12:57:19.612 Modules scanning

12:57:19.612 Scan finished successfully

12:57:33.918 Disk 0 MBR has been saved successfully to "C:\Users\Teri\Desktop\MBR.dat"

12:57:33.918 The log file has been saved successfully to "C:\Users\Teri\Desktop\aswMBR.txt"

Step 4 - tdsskiller found no threats

12:59:18.0360 5364 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03

12:59:18.0875 5364 ============================================================

12:59:18.0875 5364 Current date / time: 2012/08/20 12:59:18.0875

12:59:18.0875 5364 SystemInfo:

12:59:18.0875 5364

12:59:18.0875 5364 OS Version: 6.1.7601 ServicePack: 1.0

12:59:18.0875 5364 Product type: Workstation

12:59:18.0875 5364 ComputerName: TERI-PC

12:59:18.0875 5364 UserName: Teri

12:59:18.0875 5364 Windows directory: C:\Windows

12:59:18.0875 5364 System windows directory: C:\Windows

12:59:18.0875 5364 Running under WOW64

12:59:18.0875 5364 Processor architecture: Intel x64

12:59:18.0875 5364 Number of processors: 2

12:59:18.0875 5364 Page size: 0x1000

12:59:18.0875 5364 Boot type: Normal boot

12:59:18.0875 5364 ============================================================

12:59:19.0998 5364 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:59:19.0998 5364 ============================================================

12:59:19.0998 5364 \Device\Harddisk0\DR0:

12:59:19.0998 5364 MBR partitions:

12:59:19.0998 5364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000

12:59:19.0998 5364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB0

12:59:19.0998 5364 ============================================================

12:59:20.0029 5364 C: <-> \Device\Harddisk0\DR0\Partition2

12:59:20.0029 5364 ============================================================

12:59:20.0029 5364 Initialize success

12:59:20.0029 5364 ============================================================

12:59:27.0580 3464 ============================================================

12:59:27.0580 3464 Scan started

12:59:27.0580 3464 Mode: Manual;

12:59:27.0580 3464 ============================================================

12:59:28.0079 3464 ================ Scan system memory ========================

12:59:28.0079 3464 System memory - ok

12:59:28.0079 3464 ================ Scan services =============================

12:59:28.0235 3464 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:59:28.0235 3464 1394ohci - ok

12:59:28.0313 3464 ACDaemon - ok

12:59:28.0344 3464 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

12:59:28.0344 3464 ACPI - ok

12:59:28.0391 3464 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

12:59:28.0391 3464 AcpiPmi - ok

12:59:28.0531 3464 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:59:28.0531 3464 AdobeFlashPlayerUpdateSvc - ok

12:59:28.0594 3464 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

12:59:28.0594 3464 adp94xx - ok

12:59:28.0625 3464 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

12:59:28.0625 3464 adpahci - ok

12:59:28.0641 3464 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

12:59:28.0641 3464 adpu320 - ok

12:59:28.0797 3464 [ B11C71B29FA69E4586F9B65560E6604D ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

12:59:28.0797 3464 AdvancedSystemCareService5 - ok

12:59:28.0843 3464 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:59:28.0843 3464 AeLookupSvc - ok

12:59:28.0929 3464 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys

12:59:28.0930 3464 Afc - ok

12:59:28.0980 3464 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys

12:59:28.0986 3464 AFD - ok

12:59:29.0062 3464 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe

12:59:29.0063 3464 AgereModemAudio - ok

12:59:29.0101 3464 [ 2173E070647AC68C16B8214FE5C05EC3 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

12:59:29.0110 3464 AgereSoftModem - ok

12:59:29.0166 3464 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

12:59:29.0167 3464 agp440 - ok

12:59:29.0193 3464 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

12:59:29.0194 3464 ALG - ok

12:59:29.0229 3464 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

12:59:29.0230 3464 aliide - ok

12:59:29.0245 3464 [ F238BE4FA4E55EB67F17281FADF69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

12:59:29.0247 3464 AMD External Events Utility - ok

12:59:29.0281 3464 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

12:59:29.0281 3464 amdide - ok

12:59:29.0322 3464 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

12:59:29.0323 3464 AmdK8 - ok

12:59:29.0347 3464 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

12:59:29.0348 3464 AmdPPM - ok

12:59:29.0377 3464 [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys

12:59:29.0377 3464 amdsata - ok

12:59:29.0400 3464 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

12:59:29.0402 3464 amdsbs - ok

12:59:29.0423 3464 [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys

12:59:29.0424 3464 amdxata - ok

12:59:29.0521 3464 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

12:59:29.0522 3464 AntiVirSchedulerService - ok

12:59:29.0550 3464 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

12:59:29.0551 3464 AntiVirService - ok

12:59:29.0606 3464 [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys

12:59:29.0608 3464 ApfiltrService - ok

12:59:29.0647 3464 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

12:59:29.0648 3464 AppID - ok

12:59:29.0671 3464 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

12:59:29.0671 3464 AppIDSvc - ok

12:59:29.0710 3464 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

12:59:29.0711 3464 Appinfo - ok

12:59:29.0762 3464 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

12:59:29.0763 3464 arc - ok

12:59:29.0770 3464 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

12:59:29.0771 3464 arcsas - ok

12:59:29.0790 3464 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:59:29.0791 3464 AsyncMac - ok

12:59:29.0830 3464 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

12:59:29.0831 3464 atapi - ok

12:59:29.0914 3464 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys

12:59:29.0925 3464 athr - ok

12:59:29.0967 3464 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

12:59:29.0968 3464 AtiHdmiService - ok

12:59:30.0237 3464 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

12:59:30.0386 3464 atikmdag - ok

12:59:30.0511 3464 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

12:59:30.0512 3464 AtiPcie - ok

12:59:30.0570 3464 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:59:30.0589 3464 AudioEndpointBuilder - ok

12:59:30.0609 3464 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

12:59:30.0615 3464 AudioSrv - ok

12:59:30.0661 3464 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys

12:59:30.0663 3464 avgntflt - ok

12:59:30.0672 3464 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys

12:59:30.0673 3464 avipbb - ok

12:59:30.0692 3464 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys

12:59:30.0692 3464 avkmgr - ok

12:59:30.0730 3464 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

12:59:30.0731 3464 AxInstSV - ok

12:59:30.0786 3464 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

12:59:30.0792 3464 b06bdrv - ok

12:59:30.0824 3464 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

12:59:30.0828 3464 b57nd60a - ok

12:59:30.0880 3464 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys

12:59:30.0915 3464 BCM43XX - ok

12:59:30.0949 3464 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

12:59:30.0950 3464 BDESVC - ok

12:59:30.0963 3464 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

12:59:30.0964 3464 Beep - ok

12:59:31.0030 3464 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

12:59:31.0049 3464 BFE - ok

12:59:31.0078 3464 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

12:59:31.0099 3464 BITS - ok

12:59:31.0119 3464 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

12:59:31.0119 3464 blbdrive - ok

12:59:31.0157 3464 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:59:31.0159 3464 bowser - ok

12:59:31.0187 3464 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

12:59:31.0188 3464 BrFiltLo - ok

12:59:31.0193 3464 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

12:59:31.0194 3464 BrFiltUp - ok

12:59:31.0232 3464 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll

12:59:31.0234 3464 Browser - ok

12:59:31.0255 3464 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

12:59:31.0259 3464 Brserid - ok

12:59:31.0266 3464 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

12:59:31.0266 3464 BrSerWdm - ok

12:59:31.0273 3464 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

12:59:31.0274 3464 BrUsbMdm - ok

12:59:31.0281 3464 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

12:59:31.0282 3464 BrUsbSer - ok

12:59:31.0288 3464 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

12:59:31.0289 3464 BTHMODEM - ok

12:59:31.0325 3464 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

12:59:31.0326 3464 bthserv - ok

12:59:31.0345 3464 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:59:31.0347 3464 cdfs - ok

12:59:31.0392 3464 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

12:59:31.0394 3464 cdrom - ok

12:59:31.0418 3464 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

12:59:31.0420 3464 CertPropSvc - ok

12:59:31.0436 3464 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

12:59:31.0437 3464 circlass - ok

12:59:31.0457 3464 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

12:59:31.0462 3464 CLFS - ok

12:59:31.0541 3464 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:59:31.0553 3464 clr_optimization_v2.0.50727_32 - ok

12:59:31.0583 3464 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:59:31.0584 3464 clr_optimization_v2.0.50727_64 - ok

12:59:31.0658 3464 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:59:31.0659 3464 clr_optimization_v4.0.30319_32 - ok

12:59:31.0689 3464 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:59:31.0691 3464 clr_optimization_v4.0.30319_64 - ok

12:59:31.0708 3464 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:59:31.0709 3464 CmBatt - ok

12:59:31.0740 3464 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:59:31.0740 3464 cmdide - ok

12:59:31.0783 3464 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys

12:59:31.0790 3464 CNG - ok

12:59:31.0808 3464 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:59:31.0809 3464 Compbatt - ok

12:59:31.0857 3464 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

12:59:31.0857 3464 CompositeBus - ok

12:59:31.0867 3464 COMSysApp - ok

12:59:31.0880 3464 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

12:59:31.0880 3464 crcdisk - ok

12:59:31.0923 3464 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:59:31.0925 3464 CryptSvc - ok

12:59:31.0974 3464 [ DB0459AFD124CE5CCB649E33F95D715F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

12:59:31.0974 3464 dc3d - ok

12:59:32.0022 3464 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

12:59:32.0042 3464 DcomLaunch - ok

12:59:32.0084 3464 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

12:59:32.0087 3464 defragsvc - ok

12:59:32.0125 3464 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:59:32.0126 3464 DfsC - ok

12:59:32.0171 3464 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

12:59:32.0175 3464 Dhcp - ok

12:59:32.0210 3464 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

12:59:32.0211 3464 discache - ok

12:59:32.0234 3464 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

12:59:32.0236 3464 Disk - ok

12:59:32.0267 3464 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys

12:59:32.0268 3464 DKbFltr - ok

12:59:32.0311 3464 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:59:32.0313 3464 Dnscache - ok

12:59:32.0350 3464 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

12:59:32.0353 3464 dot3svc - ok

12:59:32.0391 3464 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

12:59:32.0393 3464 DPS - ok

12:59:32.0424 3464 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:59:32.0424 3464 drmkaud - ok

12:59:32.0476 3464 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:59:32.0483 3464 DXGKrnl - ok

12:59:32.0519 3464 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

12:59:32.0521 3464 EapHost - ok

12:59:32.0601 3464 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

12:59:32.0683 3464 ebdrv - ok

12:59:32.0713 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe

12:59:32.0714 3464 EFS - ok

12:59:32.0783 3464 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

12:59:32.0800 3464 ehRecvr - ok

12:59:32.0825 3464 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

12:59:32.0826 3464 ehSched - ok

12:59:32.0870 3464 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

12:59:32.0876 3464 elxstor - ok

12:59:32.0987 3464 [ FB67AA8AC61B9365ADD546139A21BED6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

12:59:32.0993 3464 ePowerSvc - ok

12:59:33.0016 3464 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

12:59:33.0017 3464 ErrDev - ok

12:59:33.0061 3464 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

12:59:33.0067 3464 EventSystem - ok

12:59:33.0088 3464 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

12:59:33.0090 3464 exfat - ok

12:59:33.0109 3464 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:59:33.0112 3464 fastfat - ok

12:59:33.0155 3464 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

12:59:33.0175 3464 Fax - ok

12:59:33.0187 3464 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

12:59:33.0188 3464 fdc - ok

12:59:33.0211 3464 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

12:59:33.0212 3464 fdPHost - ok

12:59:33.0224 3464 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

12:59:33.0225 3464 FDResPub - ok

12:59:33.0246 3464 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:59:33.0247 3464 FileInfo - ok

12:59:33.0409 3464 [ 060CC45CECAE2FEAFF9C8C52D8FAFAA8 ] FileMonitor C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys

12:59:33.0410 3464 FileMonitor - ok

12:59:33.0422 3464 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:59:33.0423 3464 Filetrace - ok

12:59:33.0442 3464 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

12:59:33.0443 3464 flpydisk - ok

12:59:33.0484 3464 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:59:33.0488 3464 FltMgr - ok

12:59:33.0546 3464 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

12:59:33.0577 3464 FontCache - ok

12:59:33.0637 3464 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:59:33.0637 3464 FontCache3.0.0.0 - ok

12:59:33.0644 3464 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

12:59:33.0644 3464 FsDepends - ok

12:59:33.0693 3464 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys

12:59:33.0694 3464 fssfltr - ok

12:59:33.0805 3464 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

12:59:33.0815 3464 fsssvc - ok

12:59:33.0821 3464 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:59:33.0822 3464 Fs_Rec - ok

12:59:33.0862 3464 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

12:59:33.0865 3464 fvevol - ok

12:59:33.0887 3464 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

12:59:33.0888 3464 gagp30kx - ok

12:59:33.0983 3464 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

12:59:33.0985 3464 GamesAppService - ok

12:59:34.0036 3464 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

12:59:34.0054 3464 gpsvc - ok

12:59:34.0150 3464 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

12:59:34.0158 3464 Greg_Service - ok

12:59:34.0221 3464 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:59:34.0223 3464 gupdate - ok

12:59:34.0253 3464 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:59:34.0254 3464 gupdatem - ok

12:59:34.0278 3464 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

12:59:34.0278 3464 hcw85cir - ok

12:59:34.0313 3464 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

12:59:34.0318 3464 HdAudAddService - ok

12:59:34.0343 3464 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

12:59:34.0344 3464 HDAudBus - ok

12:59:34.0360 3464 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

12:59:34.0361 3464 HidBatt - ok

12:59:34.0368 3464 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

12:59:34.0370 3464 HidBth - ok

12:59:34.0376 3464 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

12:59:34.0377 3464 HidIr - ok

12:59:34.0408 3464 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

12:59:34.0410 3464 hidserv - ok

12:59:34.0458 3464 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

12:59:34.0459 3464 HidUsb - ok

12:59:34.0498 3464 [ 0926C3B5CBF64C88F432FF449B211807 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe

12:59:34.0500 3464 HitmanProScheduler - ok

12:59:34.0539 3464 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:59:34.0541 3464 hkmsvc - ok

12:59:34.0574 3464 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

12:59:34.0578 3464 HomeGroupListener - ok

12:59:34.0608 3464 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:59:34.0611 3464 HomeGroupProvider - ok

12:59:34.0656 3464 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

12:59:34.0657 3464 HpSAMD - ok

12:59:34.0711 3464 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:59:34.0729 3464 HTTP - ok

12:59:34.0786 3464 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

12:59:34.0787 3464 hwpolicy - ok

12:59:34.0839 3464 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

12:59:34.0840 3464 i8042prt - ok

12:59:34.0868 3464 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

12:59:34.0874 3464 iaStorV - ok

12:59:34.0918 3464 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:59:34.0937 3464 idsvc - ok

12:59:35.0086 3464 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

12:59:35.0226 3464 igfx - ok

12:59:35.0234 3464 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

12:59:35.0235 3464 iirsp - ok

12:59:35.0280 3464 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

12:59:35.0303 3464 IKEEXT - ok

12:59:35.0363 3464 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

12:59:35.0368 3464 IMFservice - ok

12:59:35.0446 3464 [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

12:59:35.0459 3464 IntcAzAudAddService - ok

12:59:35.0495 3464 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

12:59:35.0495 3464 intelide - ok

12:59:35.0547 3464 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:59:35.0548 3464 intelppm - ok

12:59:35.0585 3464 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:59:35.0587 3464 IPBusEnum - ok

12:59:35.0637 3464 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:59:35.0638 3464 IpFilterDriver - ok

12:59:35.0672 3464 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

12:59:35.0680 3464 iphlpsvc - ok

12:59:35.0713 3464 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

12:59:35.0714 3464 IPMIDRV - ok

12:59:35.0721 3464 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

12:59:35.0722 3464 IPNAT - ok

12:59:35.0749 3464 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:59:35.0750 3464 IRENUM - ok

12:59:35.0762 3464 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:59:35.0762 3464 isapnp - ok

12:59:35.0793 3464 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

12:59:35.0797 3464 iScsiPrt - ok

12:59:35.0853 3464 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys

12:59:35.0856 3464 k57nd60a - ok

12:59:35.0873 3464 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

12:59:35.0874 3464 kbdclass - ok

12:59:35.0912 3464 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

12:59:35.0913 3464 kbdhid - ok

12:59:35.0926 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe

12:59:35.0927 3464 KeyIso - ok

12:59:35.0964 3464 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:59:35.0966 3464 KSecDD - ok

12:59:36.0001 3464 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

12:59:36.0003 3464 KSecPkg - ok

12:59:36.0028 3464 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

12:59:36.0029 3464 ksthunk - ok

12:59:36.0069 3464 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

12:59:36.0074 3464 KtmRm - ok

12:59:36.0086 3464 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys

12:59:36.0087 3464 L1E - ok

12:59:36.0129 3464 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

12:59:36.0133 3464 LanmanServer - ok

12:59:36.0166 3464 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:59:36.0169 3464 LanmanWorkstation - ok

12:59:36.0194 3464 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:59:36.0195 3464 lltdio - ok

12:59:36.0227 3464 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:59:36.0231 3464 lltdsvc - ok

12:59:36.0248 3464 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

12:59:36.0251 3464 lmhosts - ok

12:59:36.0281 3464 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

12:59:36.0283 3464 LSI_FC - ok

12:59:36.0295 3464 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

12:59:36.0296 3464 LSI_SAS - ok

12:59:36.0302 3464 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

12:59:36.0303 3464 LSI_SAS2 - ok

12:59:36.0309 3464 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

12:59:36.0311 3464 LSI_SCSI - ok

12:59:36.0322 3464 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

12:59:36.0323 3464 luafv - ok

12:59:36.0365 3464 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

12:59:36.0367 3464 Mcx2Svc - ok

12:59:36.0383 3464 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

12:59:36.0383 3464 megasas - ok

12:59:36.0393 3464 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

12:59:36.0397 3464 MegaSR - ok

12:59:36.0430 3464 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

12:59:36.0432 3464 MMCSS - ok

12:59:36.0438 3464 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

12:59:36.0439 3464 Modem - ok

12:59:36.0451 3464 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:59:36.0452 3464 monitor - ok

12:59:36.0481 3464 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

12:59:36.0482 3464 mouclass - ok

12:59:36.0491 3464 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

12:59:36.0492 3464 mouhid - ok

12:59:36.0529 3464 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

12:59:36.0530 3464 mountmgr - ok

12:59:36.0548 3464 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

12:59:36.0550 3464 mpio - ok

12:59:36.0556 3464 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

12:59:36.0557 3464 mpsdrv - ok

12:59:36.0606 3464 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

12:59:36.0625 3464 MpsSvc - ok

12:59:36.0652 3464 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

12:59:36.0654 3464 MRxDAV - ok

12:59:36.0686 3464 [ C2B4651001A867FF3F8865863B592991 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

12:59:36.0688 3464 mrxsmb - ok

12:59:36.0726 3464 [ 7E79946AFC5F799AB62982282BE5AC13 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:59:36.0730 3464 mrxsmb10 - ok

12:59:36.0777 3464 [ 5FB954100CEA2BFEC6446FBBECAA3F79 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:59:36.0779 3464 mrxsmb20 - ok

12:59:36.0814 3464 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

12:59:36.0815 3464 msahci - ok

12:59:36.0846 3464 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

12:59:36.0848 3464 msdsm - ok

12:59:36.0873 3464 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

12:59:36.0875 3464 MSDTC - ok

12:59:36.0903 3464 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

12:59:36.0904 3464 Msfs - ok

12:59:36.0926 3464 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

12:59:36.0927 3464 mshidkmdf - ok

12:59:36.0968 3464 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

12:59:36.0968 3464 msisadrv - ok

12:59:37.0000 3464 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

12:59:37.0002 3464 MSiSCSI - ok

12:59:37.0007 3464 msiserver - ok

12:59:37.0032 3464 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

12:59:37.0033 3464 MSKSSRV - ok

12:59:37.0038 3464 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

12:59:37.0039 3464 MSPCLOCK - ok

12:59:37.0044 3464 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

12:59:37.0045 3464 MSPQM - ok

12:59:37.0092 3464 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

12:59:37.0098 3464 MsRPC - ok

12:59:37.0139 3464 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

12:59:37.0140 3464 mssmbios - ok

12:59:37.0156 3464 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

12:59:37.0157 3464 MSTEE - ok

12:59:37.0162 3464 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

12:59:37.0163 3464 MTConfig - ok

12:59:37.0181 3464 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

12:59:37.0182 3464 Mup - ok

12:59:37.0217 3464 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys

12:59:37.0218 3464 mwlPSDFilter - ok

12:59:37.0231 3464 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys

12:59:37.0232 3464 mwlPSDNServ - ok

12:59:37.0250 3464 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys

12:59:37.0251 3464 mwlPSDVDisk - ok

12:59:37.0311 3464 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe

12:59:37.0314 3464 MWLService - ok

12:59:37.0355 3464 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

12:59:37.0362 3464 napagent - ok

12:59:37.0410 3464 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

12:59:37.0415 3464 NativeWifiP - ok

12:59:37.0460 3464 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

12:59:37.0490 3464 NDIS - ok

12:59:37.0509 3464 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

12:59:37.0509 3464 NdisCap - ok

12:59:37.0537 3464 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

12:59:37.0537 3464 NdisTapi - ok

12:59:37.0580 3464 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

12:59:37.0581 3464 Ndisuio - ok

12:59:37.0623 3464 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

12:59:37.0625 3464 NdisWan - ok

12:59:37.0663 3464 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

12:59:37.0664 3464 NDProxy - ok

12:59:37.0670 3464 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

12:59:37.0671 3464 NetBIOS - ok

12:59:37.0713 3464 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

12:59:37.0715 3464 NetBT - ok

12:59:37.0738 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe

12:59:37.0740 3464 Netlogon - ok

12:59:37.0769 3464 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

12:59:37.0774 3464 Netman - ok

12:59:37.0787 3464 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

12:59:37.0792 3464 netprofm - ok

12:59:37.0822 3464 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:59:37.0823 3464 NetTcpPortSharing - ok

12:59:37.0838 3464 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

12:59:37.0839 3464 nfrd960 - ok

12:59:37.0895 3464 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

12:59:37.0899 3464 NlaSvc - ok

12:59:37.0916 3464 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

12:59:37.0917 3464 Npfs - ok

12:59:37.0926 3464 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

12:59:37.0928 3464 nsi - ok

12:59:37.0935 3464 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

12:59:37.0935 3464 nsiproxy - ok

12:59:38.0007 3464 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

12:59:38.0053 3464 Ntfs - ok

12:59:38.0124 3464 [ 14E66F603FB187713AEB02AD3B0390CF ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

12:59:38.0125 3464 NTI IScheduleSvc - ok

12:59:38.0152 3464 [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

12:59:38.0153 3464 NTIBackupSvc - ok

12:59:38.0180 3464 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys

12:59:38.0181 3464 NTIDrvr - ok

12:59:38.0200 3464 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

12:59:38.0202 3464 NTISchedulerSvc - ok

12:59:38.0262 3464 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

12:59:38.0263 3464 NuidFltr - ok

12:59:38.0295 3464 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

12:59:38.0296 3464 Null - ok

12:59:38.0322 3464 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

12:59:38.0324 3464 nvraid - ok

12:59:38.0361 3464 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

12:59:38.0363 3464 nvstor - ok

12:59:38.0391 3464 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

12:59:38.0392 3464 nv_agp - ok

12:59:38.0472 3464 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:59:38.0477 3464 odserv - ok

12:59:38.0514 3464 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

12:59:38.0515 3464 ohci1394 - ok

12:59:38.0579 3464 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:59:38.0580 3464 ose - ok

12:59:38.0622 3464 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

12:59:38.0627 3464 p2pimsvc - ok

12:59:38.0644 3464 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

12:59:38.0651 3464 p2psvc - ok

12:59:38.0673 3464 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

12:59:38.0674 3464 Parport - ok

12:59:38.0703 3464 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys

12:59:38.0704 3464 partmgr - ok

12:59:38.0722 3464 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

12:59:38.0725 3464 PcaSvc - ok

12:59:38.0758 3464 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

12:59:38.0760 3464 pci - ok

12:59:38.0774 3464 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

12:59:38.0774 3464 pciide - ok

12:59:38.0790 3464 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

12:59:38.0792 3464 pcmcia - ok

12:59:38.0810 3464 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

12:59:38.0811 3464 pcw - ok

12:59:38.0826 3464 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

12:59:38.0845 3464 PEAUTH - ok

12:59:38.0956 3464 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

12:59:38.0957 3464 PerfHost - ok

12:59:39.0034 3464 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

12:59:39.0068 3464 pla - ok

12:59:39.0112 3464 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll

12:59:39.0119 3464 PlugPlay - ok

12:59:39.0236 3464 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

12:59:39.0239 3464 PMBDeviceInfoProvider - ok

12:59:39.0251 3464 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

12:59:39.0253 3464 PNRPAutoReg - ok

12:59:39.0278 3464 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

12:59:39.0281 3464 PNRPsvc - ok

12:59:39.0324 3464 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

12:59:39.0331 3464 PolicyAgent - ok

12:59:39.0354 3464 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

12:59:39.0358 3464 Power - ok

12:59:39.0402 3464 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

12:59:39.0403 3464 PptpMiniport - ok

12:59:39.0430 3464 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

12:59:39.0431 3464 Processor - ok

12:59:39.0475 3464 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

12:59:39.0478 3464 ProfSvc - ok

12:59:39.0495 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe

12:59:39.0496 3464 ProtectedStorage - ok

12:59:39.0566 3464 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe

12:59:39.0569 3464 ProtexisLicensing - ok

12:59:39.0615 3464 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

12:59:39.0616 3464 Psched - ok

12:59:39.0661 3464 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

12:59:39.0696 3464 ql2300 - ok

12:59:39.0708 3464 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

12:59:39.0709 3464 ql40xx - ok

12:59:39.0736 3464 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

12:59:39.0740 3464 QWAVE - ok

12:59:39.0754 3464 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

12:59:39.0755 3464 QWAVEdrv - ok

12:59:39.0761 3464 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

12:59:39.0762 3464 RasAcd - ok

12:59:39.0787 3464 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

12:59:39.0788 3464 RasAgileVpn - ok

12:59:39.0805 3464 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

12:59:39.0807 3464 RasAuto - ok

12:59:39.0841 3464 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

12:59:39.0843 3464 Rasl2tp - ok

12:59:39.0877 3464 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

12:59:39.0882 3464 RasMan - ok

12:59:39.0889 3464 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

12:59:39.0890 3464 RasPppoe - ok

12:59:39.0901 3464 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

12:59:39.0903 3464 RasSstp - ok

12:59:39.0941 3464 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

12:59:39.0945 3464 rdbss - ok

12:59:39.0958 3464 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

12:59:39.0958 3464 rdpbus - ok

12:59:39.0973 3464 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

12:59:39.0973 3464 RDPCDD - ok

12:59:39.0993 3464 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

12:59:39.0993 3464 RDPENCDD - ok

12:59:40.0007 3464 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

12:59:40.0007 3464 RDPREFMP - ok

12:59:40.0049 3464 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

12:59:40.0052 3464 RDPWD - ok

12:59:40.0085 3464 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

12:59:40.0088 3464 rdyboost - ok

12:59:40.0214 3464 [ 5F9AC3243C206EC95F32E4348AE67C13 ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys

12:59:40.0214 3464 RegFilter - ok

12:59:40.0244 3464 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

12:59:40.0246 3464 RemoteAccess - ok

12:59:40.0274 3464 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

12:59:40.0277 3464 RemoteRegistry - ok

12:59:40.0292 3464 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

12:59:40.0294 3464 RpcEptMapper - ok

12:59:40.0324 3464 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

12:59:40.0325 3464 RpcLocator - ok

12:59:40.0372 3464 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

12:59:40.0377 3464 RpcSs - ok

12:59:40.0403 3464 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

12:59:40.0404 3464 rspndr - ok

12:59:40.0475 3464 [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys

12:59:40.0477 3464 RSUSBSTOR - ok

12:59:40.0495 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe

12:59:40.0497 3464 SamSs - ok

12:59:40.0527 3464 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

12:59:40.0528 3464 sbp2port - ok

12:59:40.0568 3464 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

12:59:40.0571 3464 SCardSvr - ok

12:59:40.0597 3464 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

12:59:40.0598 3464 scfilter - ok

12:59:40.0648 3464 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

12:59:40.0680 3464 Schedule - ok

12:59:40.0713 3464 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

12:59:40.0714 3464 SCPolicySvc - ok

12:59:40.0750 3464 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

12:59:40.0754 3464 SDRSVC - ok

12:59:40.0792 3464 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

12:59:40.0793 3464 secdrv - ok

12:59:40.0821 3464 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

12:59:40.0823 3464 seclogon - ok

12:59:40.0860 3464 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

12:59:40.0862 3464 SENS - ok

12:59:40.0875 3464 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

12:59:40.0877 3464 SensrSvc - ok

12:59:40.0893 3464 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

12:59:40.0894 3464 Serenum - ok

12:59:40.0911 3464 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

12:59:40.0912 3464 Serial - ok

12:59:40.0951 3464 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

12:59:40.0952 3464 sermouse - ok

12:59:41.0013 3464 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

12:59:41.0016 3464 SessionEnv - ok

12:59:41.0047 3464 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

12:59:41.0048 3464 sffdisk - ok

12:59:41.0065 3464 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

12:59:41.0065 3464 sffp_mmc - ok

12:59:41.0079 3464 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

12:59:41.0079 3464 sffp_sd - ok

12:59:41.0085 3464 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

12:59:41.0086 3464 sfloppy - ok

12:59:41.0131 3464 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

12:59:41.0136 3464 SharedAccess - ok

12:59:41.0173 3464 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:59:41.0177 3464 ShellHWDetection - ok

12:59:41.0189 3464 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

12:59:41.0191 3464 SiSRaid2 - ok

12:59:41.0214 3464 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

12:59:41.0216 3464 SiSRaid4 - ok

12:59:41.0296 3464 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys

12:59:41.0297 3464 SmartDefragDriver - ok

12:59:41.0312 3464 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

12:59:41.0314 3464 Smb - ok

12:59:41.0354 3464 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

12:59:41.0356 3464 SNMPTRAP - ok

12:59:41.0370 3464 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

12:59:41.0371 3464 spldr - ok

12:59:41.0422 3464 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

12:59:41.0428 3464 Spooler - ok

12:59:41.0530 3464 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

12:59:41.0613 3464 sppsvc - ok

12:59:41.0637 3464 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

12:59:41.0639 3464 sppuinotify - ok

12:59:41.0687 3464 [ 65BBF4920148C2EE279055DA7228FC7B ] srv C:\Windows\system32\DRIVERS\srv.sys

12:59:41.0693 3464 srv - ok

12:59:41.0709 3464 [ DA939F762A1CCC2D77428621DDBD40A7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

12:59:41.0715 3464 srv2 - ok

12:59:41.0763 3464 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

12:59:41.0767 3464 SrvHsfHDA - ok

12:59:41.0816 3464 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

12:59:41.0851 3464 SrvHsfV92 - ok

12:59:41.0883 3464 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

12:59:41.0902 3464 SrvHsfWinac - ok

12:59:41.0932 3464 [ 3F847C9DC87299516F7DC82FB6572865 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

12:59:41.0934 3464 srvnet - ok

12:59:41.0977 3464 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

12:59:41.0980 3464 SSDPSRV - ok

12:59:41.0986 3464 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

12:59:41.0989 3464 SstpSvc - ok

12:59:42.0013 3464 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

12:59:42.0013 3464 stexstor - ok

12:59:42.0061 3464 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

12:59:42.0080 3464 stisvc - ok

12:59:42.0113 3464 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

12:59:42.0113 3464 swenum - ok

12:59:42.0139 3464 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

12:59:42.0157 3464 swprv - ok

12:59:42.0225 3464 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

12:59:42.0265 3464 SysMain - ok

12:59:42.0309 3464 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:59:42.0312 3464 TabletInputService - ok

12:59:42.0351 3464 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

12:59:42.0356 3464 TapiSrv - ok

12:59:42.0362 3464 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

12:59:42.0364 3464 TBS - ok

12:59:42.0445 3464 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys

12:59:42.0491 3464 Tcpip - ok

12:59:42.0560 3464 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

12:59:42.0573 3464 TCPIP6 - ok

12:59:42.0602 3464 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

12:59:42.0603 3464 tcpipreg - ok

12:59:42.0632 3464 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

12:59:42.0632 3464 TDPIPE - ok

12:59:42.0637 3464 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

12:59:42.0639 3464 TDTCP - ok

12:59:42.0665 3464 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

12:59:42.0666 3464 tdx - ok

12:59:42.0695 3464 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

12:59:42.0696 3464 TermDD - ok

12:59:42.0739 3464 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

12:59:42.0759 3464 TermService - ok

12:59:42.0796 3464 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

12:59:42.0798 3464 Themes - ok

12:59:42.0834 3464 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

12:59:42.0836 3464 THREADORDER - ok

12:59:42.0853 3464 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

12:59:42.0856 3464 TrkWks - ok

12:59:42.0918 3464 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:59:42.0920 3464 TrustedInstaller - ok

12:59:42.0951 3464 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

12:59:42.0952 3464 tssecsrv - ok

12:59:42.0996 3464 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

12:59:42.0997 3464 TsUsbFlt - ok

12:59:43.0046 3464 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

12:59:43.0048 3464 tunnel - ok

12:59:43.0077 3464 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

12:59:43.0078 3464 uagp35 - ok

12:59:43.0117 3464 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys

12:59:43.0117 3464 UBHelper - ok

12:59:43.0151 3464 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

12:59:43.0155 3464 udfs - ok

12:59:43.0189 3464 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

12:59:43.0192 3464 UI0Detect - ok

12:59:43.0207 3464 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

12:59:43.0208 3464 uliagpkx - ok

12:59:43.0238 3464 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

12:59:43.0239 3464 umbus - ok

12:59:43.0257 3464 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

12:59:43.0257 3464 UmPass - ok

12:59:43.0315 3464 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe

12:59:43.0317 3464 Updater Service - ok

12:59:43.0334 3464 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

12:59:43.0340 3464 upnphost - ok

12:59:43.0393 3464 [ 241080F1B28E68F0D00F8F1066A3780D ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys

12:59:43.0394 3464 UrlFilter - ok

12:59:43.0436 3464 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

12:59:43.0437 3464 usbaudio - ok

12:59:43.0463 3464 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

12:59:43.0464 3464 usbccgp - ok

12:59:43.0488 3464 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

12:59:43.0489 3464 usbcir - ok

12:59:43.0509 3464 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

12:59:43.0510 3464 usbehci - ok

12:59:43.0543 3464 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

12:59:43.0544 3464 usbfilter - ok

12:59:43.0585 3464 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

12:59:43.0589 3464 usbhub - ok

12:59:43.0594 3464 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

12:59:43.0595 3464 usbohci - ok

12:59:43.0621 3464 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

12:59:43.0622 3464 usbprint - ok

12:59:43.0643 3464 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:59:43.0645 3464 USBSTOR - ok

12:59:43.0651 3464 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

12:59:43.0652 3464 usbuhci - ok

12:59:43.0713 3464 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

12:59:43.0715 3464 usbvideo - ok

12:59:43.0734 3464 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

12:59:43.0736 3464 UxSms - ok

12:59:43.0753 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe

12:59:43.0754 3464 VaultSvc - ok

12:59:43.0773 3464 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

12:59:43.0774 3464 vdrvroot - ok

12:59:43.0815 3464 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

12:59:43.0834 3464 vds - ok

12:59:43.0856 3464 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

12:59:43.0857 3464 vga - ok

12:59:43.0880 3464 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

12:59:43.0881 3464 VgaSave - ok

12:59:43.0903 3464 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:59:43.0906 3464 vhdmp - ok

12:59:43.0937 3464 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

12:59:43.0938 3464 viaide - ok

12:59:43.0972 3464 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:59:43.0974 3464 volmgr - ok

12:59:44.0015 3464 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:59:44.0020 3464 volmgrx - ok

12:59:44.0043 3464 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:59:44.0047 3464 volsnap - ok

12:59:44.0071 3464 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

12:59:44.0073 3464 vsmraid - ok

12:59:44.0134 3464 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

12:59:44.0161 3464 VSS - ok

12:59:44.0171 3464 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

12:59:44.0172 3464 vwifibus - ok

12:59:44.0178 3464 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

12:59:44.0179 3464 vwififlt - ok

12:59:44.0209 3464 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

12:59:44.0215 3464 W32Time - ok

12:59:44.0223 3464 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

12:59:44.0224 3464 WacomPen - ok

12:59:44.0262 3464 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

12:59:44.0263 3464 WANARP - ok

12:59:44.0269 3464 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:59:44.0270 3464 Wanarpv6 - ok

12:59:44.0336 3464 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

12:59:44.0370 3464 WatAdminSvc - ok

12:59:44.0432 3464 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

12:59:44.0467 3464 wbengine - ok

12:59:44.0508 3464 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

12:59:44.0512 3464 WbioSrvc - ok

12:59:44.0556 3464 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:59:44.0562 3464 wcncsvc - ok

12:59:44.0574 3464 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:59:44.0577 3464 WcsPlugInService - ok

12:59:44.0600 3464 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

12:59:44.0601 3464 Wd - ok

12:59:44.0631 3464 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:59:44.0649 3464 Wdf01000 - ok

12:59:44.0655 3464 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:59:44.0658 3464 WdiServiceHost - ok

12:59:44.0663 3464 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:59:44.0667 3464 WdiSystemHost - ok

12:59:44.0705 3464 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

12:59:44.0709 3464 WebClient - ok

12:59:44.0731 3464 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:59:44.0738 3464 Wecsvc - ok

12:59:44.0744 3464 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:59:44.0747 3464 wercplsupport - ok

12:59:44.0774 3464 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

12:59:44.0777 3464 WerSvc - ok

12:59:44.0782 3464 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

12:59:44.0783 3464 WfpLwf - ok

12:59:44.0801 3464 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

12:59:44.0802 3464 WIMMount - ok

12:59:44.0810 3464 WinDefend - ok

12:59:44.0818 3464 WinHttpAutoProxySvc - ok

12:59:44.0872 3464 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:59:44.0876 3464 Winmgmt - ok

12:59:44.0942 3464 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys

12:59:44.0943 3464 WinRing0_1_2_0 - ok

12:59:45.0019 3464 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

12:59:45.0065 3464 WinRM - ok

12:59:45.0129 3464 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

12:59:45.0150 3464 Wlansvc - ok

12:59:45.0194 3464 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:59:45.0195 3464 wlcrasvc - ok

12:59:45.0310 3464 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:59:45.0325 3464 wlidsvc - ok

12:59:45.0373 3464 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

12:59:45.0373 3464 WmiAcpi - ok

12:59:45.0401 3464 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:59:45.0403 3464 wmiApSrv - ok

12:59:45.0422 3464 WMPNetworkSvc - ok

12:59:45.0453 3464 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:59:45.0455 3464 WPCSvc - ok

12:59:45.0492 3464 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:59:45.0495 3464 WPDBusEnum - ok

12:59:45.0518 3464 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:59:45.0519 3464 ws2ifsl - ok

12:59:45.0530 3464 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

12:59:45.0532 3464 wscsvc - ok

12:59:45.0538 3464 WSearch - ok

12:59:45.0627 3464 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

12:59:45.0646 3464 wuauserv - ok

12:59:45.0681 3464 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

12:59:45.0682 3464 WudfPf - ok

12:59:45.0719 3464 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

12:59:45.0722 3464 WUDFRd - ok

12:59:45.0757 3464 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:59:45.0759 3464 wudfsvc - ok

12:59:45.0783 3464 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

12:59:45.0788 3464 WwanSvc - ok

12:59:45.0804 3464 ================ Scan global ===============================

12:59:45.0836 3464 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

12:59:45.0876 3464 [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\Windows\system32\winsrv.dll

12:59:45.0898 3464 [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\Windows\system32\winsrv.dll

12:59:45.0924 3464 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

12:59:45.0957 3464 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

12:59:45.0961 3464 [Global] - ok

12:59:45.0962 3464 ================ Scan MBR ==================================

12:59:45.0983 3464 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

12:59:46.0262 3464 \Device\Harddisk0\DR0 - ok

12:59:46.0262 3464 ================ Scan VBR ==================================

12:59:46.0266 3464 [ 111DC8E5BEE9A91143FB53A3D290A49A ] \Device\Harddisk0\DR0\Partition1

12:59:46.0268 3464 \Device\Harddisk0\DR0\Partition1 - ok

12:59:46.0277 3464 [ 412687FF380F52D00646A79899D8F512 ] \Device\Harddisk0\DR0\Partition2

12:59:46.0279 3464 \Device\Harddisk0\DR0\Partition2 - ok

12:59:46.0280 3464 ============================================================

12:59:46.0280 3464 Scan finished

12:59:46.0280 3464 ============================================================

12:59:46.0295 6284 Detected object count: 0

12:59:46.0295 6284 Actual detected object count: 0

Will begin step 5 as soon as I return...

Share this post


Link to post
Share on other sites

Step 5 - RK report

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Teri [Admin rights]

Mode: Scan -- Date: 08/20/2012 15:39:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD32 00BEVT-22ZCT0 SATA Disk Device +++++

--- User ---

[MBR] d9ac55de354fad5db940a719a3eccd7a

[bSP] 2855c458b75a9fca2ad56bbb73a07141 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

ID: 23   Posted (edited)

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Kerux only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :!:

Reply & Copy/Paste the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Ran ComboFix...tried Windows Update...code 80246008

ComboFix 12-08-20.02 - Teri 08/21/2012 7:33:45.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2708 [GMT -5:00]

Running from: C:\Users\Teri\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Install.exe

Infected copy of C:\Windows\SysWow64\userinit.exe was found and disinfected

Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))

2012-08-21 13:11:56 . 2012-08-21 13:11:56 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-08-20 17:46:10 . 2012-08-20 17:46:28 -------- d-----w- C:\Program Files (x86)\ERUNT

2012-08-17 19:35:01 . 2012-08-17 19:35:01 -------- d-----w- C:\Windows\CheckSur

2012-08-17 02:16:51 . 2012-08-17 02:16:51 -------- d-----w- C:\Users\Teri\AppData\Roaming\Avira

2012-08-17 02:10:56 . 2012-07-18 23:05:10 98848 ----a-w- C:\Windows\system32\drivers\avgntflt.sys

2012-08-17 02:10:56 . 2012-07-18 23:05:10 27760 ----a-w- C:\Windows\system32\drivers\avkmgr.sys

2012-08-17 02:10:56 . 2012-07-18 23:05:10 132832 ----a-w- C:\Windows\system32\drivers\avipbb.sys

2012-08-17 02:10:55 . 2012-08-17 02:10:55 -------- d-----w- C:\ProgramData\Avira

2012-08-17 02:10:55 . 2012-08-17 02:10:55 -------- d-----w- C:\Program Files (x86)\Avira

2012-08-17 00:27:50 . 2012-08-17 00:36:24 -------- d-----w- C:\Users\Teri\AppData\Roaming\WinPatrol

2012-08-17 00:27:37 . 2012-08-17 00:27:37 -------- d-----w- C:\ProgramData\InstallMate

2012-08-17 00:27:37 . 2012-08-17 00:27:37 -------- d-----w- C:\Program Files (x86)\BillP Studios

2012-08-16 18:10:40 . 2012-08-16 18:10:40 -------- d-----w- C:\Program Files (x86)\Belarc

2012-08-15 18:14:17 . 2012-08-15 18:14:17 181064 ----a-w- C:\Windows\PSEXESVC.EXE

2012-08-15 18:10:11 . 2012-08-15 18:08:43 381816 ----a-w- C:\Windows\system32\PsExec.exe

2012-08-15 04:49:58 . 2012-08-15 04:49:58 -------- d-----w- C:\Program Files\HitmanPro

2012-08-15 04:45:27 . 2012-08-15 04:55:35 -------- d-----w- C:\ProgramData\HitmanPro

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-15 04:56:29 . 2012-06-14 17:07:50 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 04:56:29 . 2012-06-14 17:07:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-02 22:19:46 . 2012-07-13 01:47:42 38424 ----a-w- C:\Windows\system32\wups.dll

2012-06-02 22:19:43 . 2012-07-13 01:47:52 2428952 ----a-w- C:\Windows\system32\wuaueng.dll

2012-06-02 22:19:42 . 2012-07-13 01:47:53 57880 ----a-w- C:\Windows\system32\wuauclt.exe

2012-06-02 22:19:42 . 2012-07-13 01:47:53 44056 ----a-w- C:\Windows\system32\wups2.dll

2012-06-02 22:19:23 . 2012-07-13 01:47:42 701976 ----a-w- C:\Windows\system32\wuapi.dll

2012-06-02 22:15:31 . 2012-07-13 01:47:53 2622464 ----a-w- C:\Windows\system32\wucltux.dll

2012-06-02 22:15:08 . 2012-07-13 01:47:42 99840 ----a-w- C:\Windows\system32\wudriver.dll

2012-06-02 20:19:42 . 2012-07-13 01:47:33 186752 ----a-w- C:\Windows\system32\wuwebv.dll

2012-06-02 20:15:12 . 2012-07-13 01:47:33 36864 ----a-w- C:\Windows\system32\wuapp.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "C:\Program Files (x86)\Runescape\tbRun1.dll" [2011-01-28 00:14:15 3911776]

[HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-11 05:41:42 120104 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 5"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 23:39:50 574296]

Share this post


Link to post
Share on other sites

Your copy of the Combofix.txt is short (truncated/incomplete).

Please retry. Open NOTEPAD. Edit >> Select ALL >> COPY {CTRL+ A then CTRL+C }

then in reply box Paste

I need an entire (verbatim) copy).

You have Advanced SystemCare 5. Did you buy it? If not, uninstall it. In any event, Iobit does not have a good reputation.

And irregardless, using any registry cleaner/tweaker is ill-advised and often does more harm than good.

You do not need registry cleaners, at all.

In addition to above, you already have the FSS tool. I need for you to do a new run, and then Copy/Paste the FSS.txt into a separate reply.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.