kerux Posted August 15, 2012 ID:585365 Share Posted August 15, 2012 Acer laptop running Windows 7 cannot install any updates through Windows update. Microsoft fixit failed, but I did determine that BITS service is not running and any attempt to start it prompts an "error 1068". Looking for suggestions to fix this....any help appreciated. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 15, 2012 Root Admin ID:585425 Share Posted August 15, 2012 Have you recently cleaned up from a rootkit infection?Please run the following scanner and send back the logs.Download DDS from one of the locations below and save to your Desktopdds.scrdds.com Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsOnce downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administratorClick the Run button if prompted with an Open File - Security Warning dialog box.A black DOS console should open and run for a moment. When done, DDS will open two (2) logs:DDS.txtAttach.txtSave both reports to your desktopPlease include the following logs in your next reply: DDS.txt and Attach.txtYou can ignore the note about zipping the Attach.txt file in most cases. Link to post Share on other sites More sharing options...
kerux Posted August 15, 2012 Author ID:585520 Share Posted August 15, 2012 I am not aware of any recent infections...various scans (ASC5, Glary, etc.) have not shown anything. DDS logs below:.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by Teri at 8:45:12 on 2012-08-15AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Program Files\HitmanPro\hmpsched.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exeC:\Program Files\LSI SoftModem\agr64svc.exeC:\Program Files\Acer\Acer ePower Management\ePowerSvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Acer\Registration\GregHSRW.exeC:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exeC:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exeC:\Windows\SysWOW64\PSIService.exeC:\Program Files\Acer\Acer Updater\UpdaterService.exeC:\Windows\system32\taskeng.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\IObit\Game Booster\gbtray.exeC:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\PLFSetI.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Acer\Acer ePower Management\ePowerTray.exeC:\Program Files (x86)\Microsoft Office\Office\OSA.EXEC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exeC:\Program Files\Apoint2K\ApMsgFwd.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Launch Manager\LManager.exeC:\Program Files\Apoint2K\Apntex.exeC:\Windows\system32\conhost.exeC:\Program Files\Apoint2K\HidFind.exeC:\Program Files\Acer\Acer ePower Management\ePowerEvent.exeC:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exeC:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\SysWOW64\ctfmon.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\servicing\TrustedInstaller.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7540&r=27360310j206l04c8z1j5t4461a462mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8mStart Page = hxxp://www.yahoo.com/?ilc=8uURLSearchHooks: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dlluURLSearchHooks: H - No FilemWinlogon: Userinit=userinit.exeBHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLLBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dllTB: eGames Toolbar: {4e7bd74f-2b8d-469e-85b2-bc27fe9aae2e} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLLTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllTB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileuRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStartmRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exemRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostartmRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -kmRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguimRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exeStartupFolder: C:\Users\Teri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccipStartupFolder: C:\Users\Teri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\FINDFAST.EXEStartupFolder: C:\Users\Teri\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OFFICE~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA.EXEmPolicies-explorer: NoActiveDesktop = 1 (0x1)mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLLDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabTCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{BC5CC470-2726-47C8-9240-F4449CF53871} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE} : DhcpNameServer = 192.168.1.1TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 98.159.192.3 98.159.192.2TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE}\3756162737F533136353 : DhcpNameServer = 98.159.192.3 98.159.192.2TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE}\3756162737F533136353D27657563747 : DhcpNameServer = 98.159.192.3 98.159.192.2TCP: Interfaces\{E4502EE6-0A19-4A7A-A904-6A145E1144DE}\8686F6E6F62737 : DhcpNameServer = 12.127.17.71 4.2.2.1Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllBHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No FileBHO-X64: 0x1 - No FileBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLLBHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO-X64: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dllBHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB-X64: RuneScape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - C:\Program Files (x86)\Runescape\tbRun1.dllTB-X64: eGames Toolbar: {4E7BD74F-2B8D-469E-85B2-BC27FE9AAE2E} - C:\PROGRA~2\EGAMES~1\EGAMES~1.DLLTB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dllTB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FilemRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun-x64: [PlayMovie] "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exemRun-x64: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostartmRun-x64: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -kmRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /noguimRun-x64: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe.============= SERVICES / DRIVERS ===============.R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-5-14 913752]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-3-27 44768]R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-1-26 844320]R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-8-28 1150496]R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-8-14 108392]R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-3-27 821592]R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-9-24 62720]R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-10-28 240160]R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-8-14 21384]R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2012-8-14 33224]R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2012-8-14 21904]R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-5 135664]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-14 250056]S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-5 135664]S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-9-11 305448]S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-28 225280]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-6-18 14544]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2012-08-15 13:26:18 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC1A01C5-E308-4780-8F5E-9FD437881E66}\offreg.dll2012-08-15 04:49:58 -------- d-----w- C:\Program Files\HitmanPro2012-08-15 04:45:27 -------- d-----w- C:\ProgramData\HitmanPro2012-07-16 23:59:59 -------- d-----w- C:\Users\Teri\AppData\Roaming\SpeedyPC Software2012-07-16 23:59:59 -------- d-----w- C:\Users\Teri\AppData\Roaming\DriverCure2012-07-16 23:59:33 -------- d-----w- C:\Program Files (x86)\Common Files\SpeedyPC Software2012-07-16 23:59:31 -------- d-----w- C:\ProgramData\SpeedyPC Software.==================== Find3M ====================.2012-08-15 04:56:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-15 04:56:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-07-31 05:34:19 952 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe.============= FINISH: 8:45:48.84 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 3/5/2010 5:49:52 AMSystem Uptime: 8/15/2012 8:15:31 AM (0 hours ago).Motherboard: Acer | | JV71TR Processor: AMD Athlon II Dual-Core M300 | Socket S1G3 | 2000/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 286 GiB total, 199.57 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)2007 Microsoft Office Suite Service Pack 2 (SP2)7-Zip 4.65Acer Arcade DeluxeAcer AssistAcer Backup ManagerAcer Crystal Eye WebcamAcer ePower ManagementAcer eRecovery ManagementAcer GamesAcer GridVistaAcer RegistrationAcer ScreenSaverAcer UpdaterAcrobat.comAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.3.4 MUIAdobe Shockwave Player 11.6Advanced SystemCare 5AMD USB Filter Driveravast! Free AntivirusBackup Manager BasicCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCompatibility Pack for the 2007 Office systemCorel Photo Album 7D3DX10eGames ToolbareSobi v2Game Booster 3Glary Utilities 2.48.0.1568Google ChromeGoogle Update HelperIdentity CardIObit Malware FighterJava Auto UpdaterJava 6 Update 31Junk Mail filter updateKriss XLaunch ManagerMesh RuntimeMessenger CompanionMicrosoft Office 97, Standard EditionMicrosoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2007Microsoft Publisher 98Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MyWinLockerNTI Backup Now 5NTI Backup Now StandardNTI Media Maker 8PMBRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRuneScapeRunescape ToolbarSecurity Update for 2007 Microsoft Office System (KB2288621)Security Update for 2007 Microsoft Office System (KB2288931)Security Update for 2007 Microsoft Office System (KB2345043)Security Update for 2007 Microsoft Office System (KB2466156)Security Update for 2007 Microsoft Office System (KB2509488)Security Update for 2007 Microsoft Office System (KB969559)Security Update for 2007 Microsoft Office System (KB976321)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft Office Excel 2007 (KB2464583)Security Update for Microsoft Office InfoPath 2007 (KB979441)Security Update for Microsoft Office PowerPoint 2007 (KB2535818)Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)Security Update for Microsoft Office system 2007 (972581)Security Update for Microsoft Office system 2007 (KB974234)Security Update for Microsoft Office Visio Viewer 2007 (KB973709)Security Update for Microsoft Office Word 2007 (KB2344993)Smart Defrag 2swMSMUpdate for 2007 Microsoft Office System (KB2284654)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 (KB980729)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update Installer for WildTangent Games AppVentrilo ClientWelcome CenterWildTangent Games App (Acer Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWorld of Warcraft.==== Event Viewer Messages From Past Week ========.8/8/2012 8:30:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NTI IScheduleSvc service to connect.8/8/2012 8:30:43 PM, Error: Service Control Manager [7000] - The NTI IScheduleSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8/8/2012 2:50:16 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IMF Service service to connect.8/8/2012 2:50:16 PM, Error: Service Control Manager [7000] - The IMF Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8/15/2012 8:36:13 AM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The operation completed successfully.8/15/2012 8:36:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}8/15/2012 8:15:55 AM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The operation completed successfully.8/15/2012 8:15:44 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter8/15/2012 8:15:44 AM, Error: atikmdag [43029] - Display is not active8/15/2012 8:15:41 AM, Error: volmgr [46] - Crash dump initialization failed!8/14/2012 9:34:27 PM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the COM+ Event System service which failed to start because of the following error: The service has not been started.8/14/2012 9:01:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}8/14/2012 9:01:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}8/14/2012 9:01:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}8/14/2012 9:01:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}8/14/2012 9:00:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv68/12/2012 6:57:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.8/10/2012 6:20:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Acer ePower Service service to connect.8/10/2012 6:20:03 PM, Error: Service Control Manager [7000] - The Acer ePower Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 15, 2012 Root Admin ID:585552 Share Posted August 15, 2012 Please see if the following link helps to correct the issue.http://www.sevenforu...dows-7-fix.html Link to post Share on other sites More sharing options...
kerux Posted August 15, 2012 Author ID:585641 Share Posted August 15, 2012 Followed the page instructions. Installed EventSystemWin7.reg (COM+ shuts down & BITS error 1068) and BITSWin7.reg (same problems). COM+ Event System tries to start but evidently shuts down because nothing is using it? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 15, 2012 Root Admin ID:585699 Share Posted August 15, 2012 I've asked one of the Moderators if they have time to check in on this and assist you further. As soon as they have time they should stop by and take a look to see if they can help you.Thanks Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 15, 2012 ID:585730 Share Posted August 15, 2012 Hi kerux,Ron's asked me to review your situation.My thinking is that the Remote procedure call service is not on, and as a result both COM event & BITS won't work. All making windows update non-functional.Please Download and SAVE this reg-file to your Desktophttp://download.bleepingcomputer.com/win-services/7/RpcSs.reggo to Start, type inREGEDIT and press Enter-keyfrom main menu, select Filethen select IMPORTnavigate the dialog (click on DESKTOP icon on left to select it)type in rpcss.reg in the Filename text-box and click Open button.Once the merge is complete, you will see a confirmation message.Click OK when done.Close/exit Regedit.Now, Logoff and Restart Windows fresh.Download >> Farbar's Service Scanner utility << and Save to your Desktop.If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.If using XP, double-click to start.Answer Yes to ok when prompted.If your firewall then puts out a prompt, again, allow it to run.Once FSS is on-screen, be sure the following items are checkmarked:Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderClick on "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Copy & Paste contents of FSS.txt into your reply. IF this is a notebook, plug it into normal electric-power or UPS-system.Next, press Windows-key, type in windows update and click it when it shows.When you'got Windows Update screen, press the Check for Updates on upper-left side.Review what is offered. Only take items that are shown as Critical or Importnant. (skip, for now, any optional or Recommended items).Have lots and lots of patience as updates are processed, and be sure to allow Restart when prompted.IF there's a update failure, we will need the new "exception /fail-code". Link to post Share on other sites More sharing options...
kerux Posted August 16, 2012 Author ID:586151 Share Posted August 16, 2012 Hi Maurice, thanks for your help. I could not get past the first step. When I try to open rpcss.reg within regedit I get a registry error:"Cannot import C:\users\teri\desktop\rpcss.reg: Not all data was successfully written to the registry. Some keys are open by the system or other processes" Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 16, 2012 ID:586252 Share Posted August 16, 2012 Logoff and restart system fresh.Review carefully my list and try one more time. The name of the file to Import is the same as the one you save from the download.Just try one time. Link to post Share on other sites More sharing options...
kerux Posted August 17, 2012 Author ID:586337 Share Posted August 17, 2012 Logged off and did a clean boot.....(regedit/file/import/rpcss.reg/open)....same error message. Booted in safe mode....same error message. Regedit will not allow the file to be opened. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 17, 2012 ID:586348 Share Posted August 17, 2012 OK. Close Regedit. Go to where the reg file is saved.Right click on it and select Merge.IF it gives a hiccup, let's forget it.Next, in any event, do this:Close and exit any open work documents or program windows you opened.1. Open Internet Explorer (only!) to http://support.microsoft.com/kb/923737 [ignore any DOES NOT APPLY warnings as well as the APPLIES TO section] & run the Fix It.Note=> For optimal results, check the Delete personal settings option.2a. Open Internet Explorer (only!) to http://support.microsoft.com/kb/910336 [ignore the title & Symptoms].2b. Dismiss/close the "automated troubleshooter" pop-up! - then...2c. Ignoring any "Not recommended" or similar warnings, run Fix It 50202 in DEFAULT mode (if on a later run you still have the same failure, then repeat the above & select the Agressive mode).3. Reboot & then run a manual check for updates at Windows Update, etc., etc...When you reach Windows Update, do a Custom scan for updates. Take (accept) the ones marked Critical or Important.If there are Silverlight or Net Framework updates, un-select them and leave them for a later pass.Decline any that are marked as "optional".Have infinite patience while it scans and does it's work.When it prompts you to Restart Windows, please do that. Allow it to restart.If you are still having a failure, and you just had done a default-mode Fix-IT, go back to 2a/2c and now this time do the default mode AND the agressive mode (both) and retry one more time Windows Update Link to post Share on other sites More sharing options...
kerux Posted August 17, 2012 Author ID:586375 Share Posted August 17, 2012 Tried to merge rpcss.reg and got the same error message. Ran the first fixit in IE. Then, Fixit 50202 stalled 2/3rds of the way thru on default AND later on aggressive. Both times it said BITS failed to start. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 17, 2012 ID:586514 Share Posted August 17, 2012 Hello kerux,Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!From Start button, select RUN (or Win-key +R) and in the run-text-box type in MSCONFIG and press OK or Enter.On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIGYou should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)IF it does not, then you click on Normal startup.Click on Services tab. To get it's display of services.Keep a written list of any changes from my list of services below. That way you and I have a reference document.Look at the bottom line Hide all Microsoft servicesIF and only IF its is checkmarked, then un-check it.the list of servies may be shown in non-alphabetical order, so ....Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.You can toggle as needed to get the desired order.IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !Then using the scroll-bar scroll down the listLook for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.When done, press the Apply button, and the OK button.You're likely to be prompted to Restart Windows, do so.If not prompted, you do a Logoff and Restart of Windows.Then report back here with details.If any of the services are not shown, just let me know which.NEXT:See these references on the System Update Readiness Tool and run the SURHave plenty of patience while it runs.http://windows.micro...-Readiness-Tool Link to post Share on other sites More sharing options...
kerux Posted August 17, 2012 Author ID:586637 Share Posted August 17, 2012 All services were present and checked already. Downloading SUR now. Link to post Share on other sites More sharing options...
kerux Posted August 17, 2012 Author ID:586666 Share Posted August 17, 2012 SUR downloaded and run. Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 17, 2012 ID:586683 Share Posted August 17, 2012 Please retry Windows Update and advise me of result. IF there's a hiccup, I will need the exception-fail code. Link to post Share on other sites More sharing options...
kerux Posted August 18, 2012 Author ID:586847 Share Posted August 18, 2012 Tried update....failed...error code 80246008 Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 18, 2012 ID:586883 Share Posted August 18, 2012 Hello kerux,Please run this batch-fix to set some Windows services. Before starting it, make sure to save & close any open documents. This process will do a system restart at the end.Run a fixThis will be a batch-fix .Press the Windows-key on keyboard.In the box, type notepad and press Enter.Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.@Echo offsc config dcomlaunch start= autosc config rpceptmapper start= autosc config rpcss start= autosc config eventsystem start= autosc config bits start= delayed-autosc config eventlog start= autosc config winmgmt start= autosc config sdrsvc start= manualsc config vss start= autoshutdown -r -t 1del %0Select File -> Save AS.Press the Desktop button on the left side of the save dialog.In the box, type in Fix.bat.Press .Close Notepad.Right click Fix.bat on your desktop, and choose .Press Yes if prompted by User Account Control.This procedure will do its tasks and then it will Restart Windows 7.Please retry Windows Update and advise me of result. IF there's a hiccup, I will need the exception-fail code. Link to post Share on other sites More sharing options...
kerux Posted August 18, 2012 Author ID:586988 Share Posted August 18, 2012 Ran Fix.bat....tried update (failed)...error code 80246008 Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 19, 2012 ID:587313 Share Posted August 19, 2012 I am moving your thread into the Malware-removal forum. The continued failure in Windows update and with this repeated fail-code makes it highly likely we are dealing with malware.Step 11. Go >> Here << and download ERUNT(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked6. Press OK7. Press YES to create the folder.Step 2To show all files:Go to your DesktopDouble-Click the Computer icon.From the menu options, Select Tools, then Folder Options.Next click the View tab.Locate and uncheck Hide file extensions for known file types.Locate and uncheck Hide protected operating system files (Recommended).Locate and click Show hidden files and folders and drives.Click Apply > OK.Step 3Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallIF you have a previous copy of aswMBR, delete it.Download aswMBR.exe ( 511KB ) to your desktop.On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.On Windows XP, double click the exe to start.change the a-v scan to None.uncheck trace disk IO callsClick the "Scan" button to start scanOn completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next replyStep 4Please read carefully and follow these steps.IF you have a previous copy of TDSSKILLER, then delete it.Download TDSSKiller and save it to your Desktop.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIt may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 5Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or>> from here <<Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on Scan button at upper right of screen.Wait until the Status box shows "Scan Finished"Click on Report and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKillerDo NOT click any FIX buttons !Step 6RE-Enable your antivirus program. Then copy/paste the following into your post (in order):the contents of aswMBR report;the contents of TDSSKILLER log;the contents of RKReport log;Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Link to post Share on other sites More sharing options...
kerux Posted August 20, 2012 Author ID:587749 Share Posted August 20, 2012 Did first 3 steps....aswMBR did not enable fix button:aswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-08-20 12:55:43-----------------------------12:55:43.533 OS Version: Windows x64 6.1.7601 Service Pack 112:55:43.533 Number of processors: 2 586 0x60212:55:43.533 ComputerName: TERI-PC UserName: Teri12:55:44.506 Initialize success12:56:58.887 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005712:56:58.887 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 1112:56:58.903 Disk 0 MBR read successfully12:56:58.919 Disk 0 MBR scan12:56:58.919 Disk 0 Windows VISTA default MBR code12:56:58.919 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12000 MB offset 204812:56:58.934 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2457804812:56:58.950 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 293143 MB offset 2478284812:56:58.965 Disk 0 scanning C:\Windows\system32\drivers12:57:04.925 Service scanning12:57:19.612 Modules scanning12:57:19.612 Scan finished successfully12:57:33.918 Disk 0 MBR has been saved successfully to "C:\Users\Teri\Desktop\MBR.dat"12:57:33.918 The log file has been saved successfully to "C:\Users\Teri\Desktop\aswMBR.txt"Step 4 - tdsskiller found no threats12:59:18.0360 5364 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:0312:59:18.0875 5364 ============================================================12:59:18.0875 5364 Current date / time: 2012/08/20 12:59:18.087512:59:18.0875 5364 SystemInfo:12:59:18.0875 5364 12:59:18.0875 5364 OS Version: 6.1.7601 ServicePack: 1.012:59:18.0875 5364 Product type: Workstation12:59:18.0875 5364 ComputerName: TERI-PC12:59:18.0875 5364 UserName: Teri12:59:18.0875 5364 Windows directory: C:\Windows12:59:18.0875 5364 System windows directory: C:\Windows12:59:18.0875 5364 Running under WOW6412:59:18.0875 5364 Processor architecture: Intel x6412:59:18.0875 5364 Number of processors: 212:59:18.0875 5364 Page size: 0x100012:59:18.0875 5364 Boot type: Normal boot12:59:18.0875 5364 ============================================================12:59:19.0998 5364 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004012:59:19.0998 5364 ============================================================12:59:19.0998 5364 \Device\Harddisk0\DR0:12:59:19.0998 5364 MBR partitions:12:59:19.0998 5364 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x3200012:59:19.0998 5364 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x23C8BAB012:59:19.0998 5364 ============================================================12:59:20.0029 5364 C: <-> \Device\Harddisk0\DR0\Partition212:59:20.0029 5364 ============================================================12:59:20.0029 5364 Initialize success12:59:20.0029 5364 ============================================================12:59:27.0580 3464 ============================================================12:59:27.0580 3464 Scan started12:59:27.0580 3464 Mode: Manual; 12:59:27.0580 3464 ============================================================12:59:28.0079 3464 ================ Scan system memory ========================12:59:28.0079 3464 System memory - ok12:59:28.0079 3464 ================ Scan services =============================12:59:28.0235 3464 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys12:59:28.0235 3464 1394ohci - ok12:59:28.0313 3464 ACDaemon - ok12:59:28.0344 3464 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys12:59:28.0344 3464 ACPI - ok12:59:28.0391 3464 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys12:59:28.0391 3464 AcpiPmi - ok12:59:28.0531 3464 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe12:59:28.0531 3464 AdobeFlashPlayerUpdateSvc - ok12:59:28.0594 3464 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys12:59:28.0594 3464 adp94xx - ok12:59:28.0625 3464 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys12:59:28.0625 3464 adpahci - ok12:59:28.0641 3464 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys12:59:28.0641 3464 adpu320 - ok12:59:28.0797 3464 [ B11C71B29FA69E4586F9B65560E6604D ] AdvancedSystemCareService5 C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe12:59:28.0797 3464 AdvancedSystemCareService5 - ok12:59:28.0843 3464 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll12:59:28.0843 3464 AeLookupSvc - ok12:59:28.0929 3464 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\Windows\syswow64\drivers\Afc.sys12:59:28.0930 3464 Afc - ok12:59:28.0980 3464 [ D31DC7A16DEA4A9BAF179F3D6FBDB38C ] AFD C:\Windows\system32\drivers\afd.sys12:59:28.0986 3464 AFD - ok12:59:29.0062 3464 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe12:59:29.0063 3464 AgereModemAudio - ok12:59:29.0101 3464 [ 2173E070647AC68C16B8214FE5C05EC3 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys12:59:29.0110 3464 AgereSoftModem - ok12:59:29.0166 3464 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys12:59:29.0167 3464 agp440 - ok12:59:29.0193 3464 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe12:59:29.0194 3464 ALG - ok12:59:29.0229 3464 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys12:59:29.0230 3464 aliide - ok12:59:29.0245 3464 [ F238BE4FA4E55EB67F17281FADF69851 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe12:59:29.0247 3464 AMD External Events Utility - ok12:59:29.0281 3464 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys12:59:29.0281 3464 amdide - ok12:59:29.0322 3464 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys12:59:29.0323 3464 AmdK8 - ok12:59:29.0347 3464 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys12:59:29.0348 3464 AmdPPM - ok12:59:29.0377 3464 [ 12A5062C06E03FF70DB47800F91C7A13 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys12:59:29.0377 3464 amdsata - ok12:59:29.0400 3464 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys12:59:29.0402 3464 amdsbs - ok12:59:29.0423 3464 [ 8A7F289B45CEACAC761E14D5FAC59EB9 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys12:59:29.0424 3464 amdxata - ok12:59:29.0521 3464 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe12:59:29.0522 3464 AntiVirSchedulerService - ok12:59:29.0550 3464 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe12:59:29.0551 3464 AntiVirService - ok12:59:29.0606 3464 [ 9815014F3E30357168DA272088C6F12F ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys12:59:29.0608 3464 ApfiltrService - ok12:59:29.0647 3464 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys12:59:29.0648 3464 AppID - ok12:59:29.0671 3464 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll12:59:29.0671 3464 AppIDSvc - ok12:59:29.0710 3464 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll12:59:29.0711 3464 Appinfo - ok12:59:29.0762 3464 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys12:59:29.0763 3464 arc - ok12:59:29.0770 3464 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys12:59:29.0771 3464 arcsas - ok12:59:29.0790 3464 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys12:59:29.0791 3464 AsyncMac - ok12:59:29.0830 3464 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys12:59:29.0831 3464 atapi - ok12:59:29.0914 3464 [ 0ACC06FCF46F64ED4F11E57EE461C1F4 ] athr C:\Windows\system32\DRIVERS\athrx.sys12:59:29.0925 3464 athr - ok12:59:29.0967 3464 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys12:59:29.0968 3464 AtiHdmiService - ok12:59:30.0237 3464 [ 2DB9047AAC9D981F59CE06D04D70C4D8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys12:59:30.0386 3464 atikmdag - ok12:59:30.0511 3464 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys12:59:30.0512 3464 AtiPcie - ok12:59:30.0570 3464 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll12:59:30.0589 3464 AudioEndpointBuilder - ok12:59:30.0609 3464 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll12:59:30.0615 3464 AudioSrv - ok12:59:30.0661 3464 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys12:59:30.0663 3464 avgntflt - ok12:59:30.0672 3464 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys12:59:30.0673 3464 avipbb - ok12:59:30.0692 3464 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys12:59:30.0692 3464 avkmgr - ok12:59:30.0730 3464 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll12:59:30.0731 3464 AxInstSV - ok12:59:30.0786 3464 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys12:59:30.0792 3464 b06bdrv - ok12:59:30.0824 3464 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys12:59:30.0828 3464 b57nd60a - ok12:59:30.0880 3464 [ 9E84A931DBEE0292E38ED672F6293A99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys12:59:30.0915 3464 BCM43XX - ok12:59:30.0949 3464 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll12:59:30.0950 3464 BDESVC - ok12:59:30.0963 3464 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys12:59:30.0964 3464 Beep - ok12:59:31.0030 3464 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll12:59:31.0049 3464 BFE - ok12:59:31.0078 3464 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll12:59:31.0099 3464 BITS - ok12:59:31.0119 3464 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys12:59:31.0119 3464 blbdrive - ok12:59:31.0157 3464 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys12:59:31.0159 3464 bowser - ok12:59:31.0187 3464 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys12:59:31.0188 3464 BrFiltLo - ok12:59:31.0193 3464 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys12:59:31.0194 3464 BrFiltUp - ok12:59:31.0232 3464 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll12:59:31.0234 3464 Browser - ok12:59:31.0255 3464 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys12:59:31.0259 3464 Brserid - ok12:59:31.0266 3464 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys12:59:31.0266 3464 BrSerWdm - ok12:59:31.0273 3464 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys12:59:31.0274 3464 BrUsbMdm - ok12:59:31.0281 3464 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys12:59:31.0282 3464 BrUsbSer - ok12:59:31.0288 3464 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys12:59:31.0289 3464 BTHMODEM - ok12:59:31.0325 3464 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll12:59:31.0326 3464 bthserv - ok12:59:31.0345 3464 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys12:59:31.0347 3464 cdfs - ok12:59:31.0392 3464 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys12:59:31.0394 3464 cdrom - ok12:59:31.0418 3464 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll12:59:31.0420 3464 CertPropSvc - ok12:59:31.0436 3464 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys12:59:31.0437 3464 circlass - ok12:59:31.0457 3464 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys12:59:31.0462 3464 CLFS - ok12:59:31.0541 3464 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe12:59:31.0553 3464 clr_optimization_v2.0.50727_32 - ok12:59:31.0583 3464 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe12:59:31.0584 3464 clr_optimization_v2.0.50727_64 - ok12:59:31.0658 3464 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe12:59:31.0659 3464 clr_optimization_v4.0.30319_32 - ok12:59:31.0689 3464 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe12:59:31.0691 3464 clr_optimization_v4.0.30319_64 - ok12:59:31.0708 3464 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys12:59:31.0709 3464 CmBatt - ok12:59:31.0740 3464 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys12:59:31.0740 3464 cmdide - ok12:59:31.0783 3464 [ D5FEA92400F12412B3922087C09DA6A5 ] CNG C:\Windows\system32\Drivers\cng.sys12:59:31.0790 3464 CNG - ok12:59:31.0808 3464 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys12:59:31.0809 3464 Compbatt - ok12:59:31.0857 3464 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys12:59:31.0857 3464 CompositeBus - ok12:59:31.0867 3464 COMSysApp - ok12:59:31.0880 3464 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys12:59:31.0880 3464 crcdisk - ok12:59:31.0923 3464 [ 15597883FBE9B056F276ADA3AD87D9AF ] CryptSvc C:\Windows\system32\cryptsvc.dll12:59:31.0925 3464 CryptSvc - ok12:59:31.0974 3464 [ DB0459AFD124CE5CCB649E33F95D715F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys12:59:31.0974 3464 dc3d - ok12:59:32.0022 3464 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll12:59:32.0042 3464 DcomLaunch - ok12:59:32.0084 3464 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll12:59:32.0087 3464 defragsvc - ok12:59:32.0125 3464 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys12:59:32.0126 3464 DfsC - ok12:59:32.0171 3464 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll12:59:32.0175 3464 Dhcp - ok12:59:32.0210 3464 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys12:59:32.0211 3464 discache - ok12:59:32.0234 3464 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys12:59:32.0236 3464 Disk - ok12:59:32.0267 3464 [ D5BCB77BE83CF99F508943945D46343D ] DKbFltr C:\Windows\syswow64\Drivers\DKbFltr.sys12:59:32.0268 3464 DKbFltr - ok12:59:32.0311 3464 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll12:59:32.0313 3464 Dnscache - ok12:59:32.0350 3464 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll12:59:32.0353 3464 dot3svc - ok12:59:32.0391 3464 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll12:59:32.0393 3464 DPS - ok12:59:32.0424 3464 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys12:59:32.0424 3464 drmkaud - ok12:59:32.0476 3464 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys12:59:32.0483 3464 DXGKrnl - ok12:59:32.0519 3464 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll12:59:32.0521 3464 EapHost - ok12:59:32.0601 3464 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys12:59:32.0683 3464 ebdrv - ok12:59:32.0713 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] EFS C:\Windows\System32\lsass.exe12:59:32.0714 3464 EFS - ok12:59:32.0783 3464 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe12:59:32.0800 3464 ehRecvr - ok12:59:32.0825 3464 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe12:59:32.0826 3464 ehSched - ok12:59:32.0870 3464 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys12:59:32.0876 3464 elxstor - ok12:59:32.0987 3464 [ FB67AA8AC61B9365ADD546139A21BED6 ] ePowerSvc C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe12:59:32.0993 3464 ePowerSvc - ok12:59:33.0016 3464 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys12:59:33.0017 3464 ErrDev - ok12:59:33.0061 3464 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll12:59:33.0067 3464 EventSystem - ok12:59:33.0088 3464 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys12:59:33.0090 3464 exfat - ok12:59:33.0109 3464 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys12:59:33.0112 3464 fastfat - ok12:59:33.0155 3464 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe12:59:33.0175 3464 Fax - ok12:59:33.0187 3464 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys12:59:33.0188 3464 fdc - ok12:59:33.0211 3464 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll12:59:33.0212 3464 fdPHost - ok12:59:33.0224 3464 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll12:59:33.0225 3464 FDResPub - ok12:59:33.0246 3464 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys12:59:33.0247 3464 FileInfo - ok12:59:33.0409 3464 [ 060CC45CECAE2FEAFF9C8C52D8FAFAA8 ] FileMonitor C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys12:59:33.0410 3464 FileMonitor - ok12:59:33.0422 3464 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys12:59:33.0423 3464 Filetrace - ok12:59:33.0442 3464 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys12:59:33.0443 3464 flpydisk - ok12:59:33.0484 3464 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys12:59:33.0488 3464 FltMgr - ok12:59:33.0546 3464 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll12:59:33.0577 3464 FontCache - ok12:59:33.0637 3464 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe12:59:33.0637 3464 FontCache3.0.0.0 - ok12:59:33.0644 3464 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys12:59:33.0644 3464 FsDepends - ok12:59:33.0693 3464 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys12:59:33.0694 3464 fssfltr - ok12:59:33.0805 3464 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe12:59:33.0815 3464 fsssvc - ok12:59:33.0821 3464 [ E95EF8547DE20CF0603557C0CF7A9462 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys12:59:33.0822 3464 Fs_Rec - ok12:59:33.0862 3464 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys12:59:33.0865 3464 fvevol - ok12:59:33.0887 3464 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys12:59:33.0888 3464 gagp30kx - ok12:59:33.0983 3464 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe12:59:33.0985 3464 GamesAppService - ok12:59:34.0036 3464 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll12:59:34.0054 3464 gpsvc - ok12:59:34.0150 3464 [ 816FD5A6F3C2F3D600900096632FC60E ] Greg_Service C:\Program Files (x86)\Acer\Registration\GregHSRW.exe12:59:34.0158 3464 Greg_Service - ok12:59:34.0221 3464 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe12:59:34.0223 3464 gupdate - ok12:59:34.0253 3464 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe12:59:34.0254 3464 gupdatem - ok12:59:34.0278 3464 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys12:59:34.0278 3464 hcw85cir - ok12:59:34.0313 3464 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys12:59:34.0318 3464 HdAudAddService - ok12:59:34.0343 3464 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys12:59:34.0344 3464 HDAudBus - ok12:59:34.0360 3464 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys12:59:34.0361 3464 HidBatt - ok12:59:34.0368 3464 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys12:59:34.0370 3464 HidBth - ok12:59:34.0376 3464 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys12:59:34.0377 3464 HidIr - ok12:59:34.0408 3464 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll12:59:34.0410 3464 hidserv - ok12:59:34.0458 3464 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys12:59:34.0459 3464 HidUsb - ok12:59:34.0498 3464 [ 0926C3B5CBF64C88F432FF449B211807 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe12:59:34.0500 3464 HitmanProScheduler - ok12:59:34.0539 3464 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll12:59:34.0541 3464 hkmsvc - ok12:59:34.0574 3464 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll12:59:34.0578 3464 HomeGroupListener - ok12:59:34.0608 3464 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll12:59:34.0611 3464 HomeGroupProvider - ok12:59:34.0656 3464 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys12:59:34.0657 3464 HpSAMD - ok12:59:34.0711 3464 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys12:59:34.0729 3464 HTTP - ok12:59:34.0786 3464 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys12:59:34.0787 3464 hwpolicy - ok12:59:34.0839 3464 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys12:59:34.0840 3464 i8042prt - ok12:59:34.0868 3464 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys12:59:34.0874 3464 iaStorV - ok12:59:34.0918 3464 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe12:59:34.0937 3464 idsvc - ok12:59:35.0086 3464 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys12:59:35.0226 3464 igfx - ok12:59:35.0234 3464 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys12:59:35.0235 3464 iirsp - ok12:59:35.0280 3464 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll12:59:35.0303 3464 IKEEXT - ok12:59:35.0363 3464 [ 8AE99EBE30E8338907361018D9030835 ] IMFservice C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe12:59:35.0368 3464 IMFservice - ok12:59:35.0446 3464 [ 9AA6A93852E36FE76C3F7FC2904F3B01 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys12:59:35.0459 3464 IntcAzAudAddService - ok12:59:35.0495 3464 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys12:59:35.0495 3464 intelide - ok12:59:35.0547 3464 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys12:59:35.0548 3464 intelppm - ok12:59:35.0585 3464 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll12:59:35.0587 3464 IPBusEnum - ok12:59:35.0637 3464 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys12:59:35.0638 3464 IpFilterDriver - ok12:59:35.0672 3464 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll12:59:35.0680 3464 iphlpsvc - ok12:59:35.0713 3464 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys12:59:35.0714 3464 IPMIDRV - ok12:59:35.0721 3464 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys12:59:35.0722 3464 IPNAT - ok12:59:35.0749 3464 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys12:59:35.0750 3464 IRENUM - ok12:59:35.0762 3464 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys12:59:35.0762 3464 isapnp - ok12:59:35.0793 3464 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys12:59:35.0797 3464 iScsiPrt - ok12:59:35.0853 3464 [ 249EE2D26CB1530F3BEDE0AC8B9E3099 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys12:59:35.0856 3464 k57nd60a - ok12:59:35.0873 3464 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys12:59:35.0874 3464 kbdclass - ok12:59:35.0912 3464 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys12:59:35.0913 3464 kbdhid - ok12:59:35.0926 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] KeyIso C:\Windows\system32\lsass.exe12:59:35.0927 3464 KeyIso - ok12:59:35.0964 3464 [ CCD53B5BD33CE0C889E830D839C8B66E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys12:59:35.0966 3464 KSecDD - ok12:59:36.0001 3464 [ 9FF918A261752C12639E8AD4208D2C2F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys12:59:36.0003 3464 KSecPkg - ok12:59:36.0028 3464 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys12:59:36.0029 3464 ksthunk - ok12:59:36.0069 3464 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll12:59:36.0074 3464 KtmRm - ok12:59:36.0086 3464 [ 2AC603C3188C704CFCE353659AA7AD71 ] L1E C:\Windows\system32\DRIVERS\L1E62x64.sys12:59:36.0087 3464 L1E - ok12:59:36.0129 3464 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll12:59:36.0133 3464 LanmanServer - ok12:59:36.0166 3464 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll12:59:36.0169 3464 LanmanWorkstation - ok12:59:36.0194 3464 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys12:59:36.0195 3464 lltdio - ok12:59:36.0227 3464 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll12:59:36.0231 3464 lltdsvc - ok12:59:36.0248 3464 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll12:59:36.0251 3464 lmhosts - ok12:59:36.0281 3464 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys12:59:36.0283 3464 LSI_FC - ok12:59:36.0295 3464 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys12:59:36.0296 3464 LSI_SAS - ok12:59:36.0302 3464 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys12:59:36.0303 3464 LSI_SAS2 - ok12:59:36.0309 3464 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys12:59:36.0311 3464 LSI_SCSI - ok12:59:36.0322 3464 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys12:59:36.0323 3464 luafv - ok12:59:36.0365 3464 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll12:59:36.0367 3464 Mcx2Svc - ok12:59:36.0383 3464 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys12:59:36.0383 3464 megasas - ok12:59:36.0393 3464 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys12:59:36.0397 3464 MegaSR - ok12:59:36.0430 3464 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll12:59:36.0432 3464 MMCSS - ok12:59:36.0438 3464 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys12:59:36.0439 3464 Modem - ok12:59:36.0451 3464 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys12:59:36.0452 3464 monitor - ok12:59:36.0481 3464 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys12:59:36.0482 3464 mouclass - ok12:59:36.0491 3464 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys12:59:36.0492 3464 mouhid - ok12:59:36.0529 3464 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys12:59:36.0530 3464 mountmgr - ok12:59:36.0548 3464 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys12:59:36.0550 3464 mpio - ok12:59:36.0556 3464 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys12:59:36.0557 3464 mpsdrv - ok12:59:36.0606 3464 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll12:59:36.0625 3464 MpsSvc - ok12:59:36.0652 3464 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys12:59:36.0654 3464 MRxDAV - ok12:59:36.0686 3464 [ C2B4651001A867FF3F8865863B592991 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys12:59:36.0688 3464 mrxsmb - ok12:59:36.0726 3464 [ 7E79946AFC5F799AB62982282BE5AC13 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys12:59:36.0730 3464 mrxsmb10 - ok12:59:36.0777 3464 [ 5FB954100CEA2BFEC6446FBBECAA3F79 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys12:59:36.0779 3464 mrxsmb20 - ok12:59:36.0814 3464 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys12:59:36.0815 3464 msahci - ok12:59:36.0846 3464 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys12:59:36.0848 3464 msdsm - ok12:59:36.0873 3464 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe12:59:36.0875 3464 MSDTC - ok12:59:36.0903 3464 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys12:59:36.0904 3464 Msfs - ok12:59:36.0926 3464 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys12:59:36.0927 3464 mshidkmdf - ok12:59:36.0968 3464 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys12:59:36.0968 3464 msisadrv - ok12:59:37.0000 3464 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll12:59:37.0002 3464 MSiSCSI - ok12:59:37.0007 3464 msiserver - ok12:59:37.0032 3464 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys12:59:37.0033 3464 MSKSSRV - ok12:59:37.0038 3464 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys12:59:37.0039 3464 MSPCLOCK - ok12:59:37.0044 3464 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys12:59:37.0045 3464 MSPQM - ok12:59:37.0092 3464 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys12:59:37.0098 3464 MsRPC - ok12:59:37.0139 3464 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys12:59:37.0140 3464 mssmbios - ok12:59:37.0156 3464 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys12:59:37.0157 3464 MSTEE - ok12:59:37.0162 3464 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys12:59:37.0163 3464 MTConfig - ok12:59:37.0181 3464 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys12:59:37.0182 3464 Mup - ok12:59:37.0217 3464 [ 6FFECC25B39DC7652A0CEC0ADA9DB589 ] mwlPSDFilter C:\Windows\system32\DRIVERS\mwlPSDFilter.sys12:59:37.0218 3464 mwlPSDFilter - ok12:59:37.0231 3464 [ 0BEFE32CA56D6EE89D58175725596A85 ] mwlPSDNServ C:\Windows\system32\DRIVERS\mwlPSDNServ.sys12:59:37.0232 3464 mwlPSDNServ - ok12:59:37.0250 3464 [ D43BC633B8660463E446E28E14A51262 ] mwlPSDVDisk C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys12:59:37.0251 3464 mwlPSDVDisk - ok12:59:37.0311 3464 [ 2F139207F618EC2933830227EEFFDDB4 ] MWLService C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe12:59:37.0314 3464 MWLService - ok12:59:37.0355 3464 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll12:59:37.0362 3464 napagent - ok12:59:37.0410 3464 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys12:59:37.0415 3464 NativeWifiP - ok12:59:37.0460 3464 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys12:59:37.0490 3464 NDIS - ok12:59:37.0509 3464 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys12:59:37.0509 3464 NdisCap - ok12:59:37.0537 3464 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys12:59:37.0537 3464 NdisTapi - ok12:59:37.0580 3464 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys12:59:37.0581 3464 Ndisuio - ok12:59:37.0623 3464 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys12:59:37.0625 3464 NdisWan - ok12:59:37.0663 3464 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys12:59:37.0664 3464 NDProxy - ok12:59:37.0670 3464 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys12:59:37.0671 3464 NetBIOS - ok12:59:37.0713 3464 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys12:59:37.0715 3464 NetBT - ok12:59:37.0738 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] Netlogon C:\Windows\system32\lsass.exe12:59:37.0740 3464 Netlogon - ok12:59:37.0769 3464 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll12:59:37.0774 3464 Netman - ok12:59:37.0787 3464 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll12:59:37.0792 3464 netprofm - ok12:59:37.0822 3464 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe12:59:37.0823 3464 NetTcpPortSharing - ok12:59:37.0838 3464 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys12:59:37.0839 3464 nfrd960 - ok12:59:37.0895 3464 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll12:59:37.0899 3464 NlaSvc - ok12:59:37.0916 3464 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys12:59:37.0917 3464 Npfs - ok12:59:37.0926 3464 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll12:59:37.0928 3464 nsi - ok12:59:37.0935 3464 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys12:59:37.0935 3464 nsiproxy - ok12:59:38.0007 3464 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys12:59:38.0053 3464 Ntfs - ok12:59:38.0124 3464 [ 14E66F603FB187713AEB02AD3B0390CF ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe12:59:38.0125 3464 NTI IScheduleSvc - ok12:59:38.0152 3464 [ FD324CCE1D4D5BB5AF65F8E55B462C7E ] NTIBackupSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe12:59:38.0153 3464 NTIBackupSvc - ok12:59:38.0180 3464 [ 64DDD0DEE976302F4BD93E5EFCC2F013 ] NTIDrvr C:\Windows\system32\drivers\NTIDrvr.sys12:59:38.0181 3464 NTIDrvr - ok12:59:38.0200 3464 [ 3F6268A2EC33CD38CF75C880AF8DED42 ] NTISchedulerSvc C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe12:59:38.0202 3464 NTISchedulerSvc - ok12:59:38.0262 3464 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys12:59:38.0263 3464 NuidFltr - ok12:59:38.0295 3464 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys12:59:38.0296 3464 Null - ok12:59:38.0322 3464 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys12:59:38.0324 3464 nvraid - ok12:59:38.0361 3464 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys12:59:38.0363 3464 nvstor - ok12:59:38.0391 3464 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys12:59:38.0392 3464 nv_agp - ok12:59:38.0472 3464 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE12:59:38.0477 3464 odserv - ok12:59:38.0514 3464 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys12:59:38.0515 3464 ohci1394 - ok12:59:38.0579 3464 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE12:59:38.0580 3464 ose - ok12:59:38.0622 3464 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll12:59:38.0627 3464 p2pimsvc - ok12:59:38.0644 3464 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll12:59:38.0651 3464 p2psvc - ok12:59:38.0673 3464 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys12:59:38.0674 3464 Parport - ok12:59:38.0703 3464 [ 871EADAC56B0A4C6512BBE32753CCF79 ] partmgr C:\Windows\system32\drivers\partmgr.sys12:59:38.0704 3464 partmgr - ok12:59:38.0722 3464 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll12:59:38.0725 3464 PcaSvc - ok12:59:38.0758 3464 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys12:59:38.0760 3464 pci - ok12:59:38.0774 3464 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys12:59:38.0774 3464 pciide - ok12:59:38.0790 3464 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys12:59:38.0792 3464 pcmcia - ok12:59:38.0810 3464 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys12:59:38.0811 3464 pcw - ok12:59:38.0826 3464 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys12:59:38.0845 3464 PEAUTH - ok12:59:38.0956 3464 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe12:59:38.0957 3464 PerfHost - ok12:59:39.0034 3464 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll12:59:39.0068 3464 pla - ok12:59:39.0112 3464 [ B806E50427511BCF4AD8E8239C3E25FA ] PlugPlay C:\Windows\system32\umpnpmgr.dll12:59:39.0119 3464 PlugPlay - ok12:59:39.0236 3464 [ 627FA58ADC043704F9D14CA44340956F ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe12:59:39.0239 3464 PMBDeviceInfoProvider - ok12:59:39.0251 3464 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll12:59:39.0253 3464 PNRPAutoReg - ok12:59:39.0278 3464 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll12:59:39.0281 3464 PNRPsvc - ok12:59:39.0324 3464 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll12:59:39.0331 3464 PolicyAgent - ok12:59:39.0354 3464 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll12:59:39.0358 3464 Power - ok12:59:39.0402 3464 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys12:59:39.0403 3464 PptpMiniport - ok12:59:39.0430 3464 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys12:59:39.0431 3464 Processor - ok12:59:39.0475 3464 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll12:59:39.0478 3464 ProfSvc - ok12:59:39.0495 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] ProtectedStorage C:\Windows\system32\lsass.exe12:59:39.0496 3464 ProtectedStorage - ok12:59:39.0566 3464 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe12:59:39.0569 3464 ProtexisLicensing - ok12:59:39.0615 3464 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys12:59:39.0616 3464 Psched - ok12:59:39.0661 3464 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys12:59:39.0696 3464 ql2300 - ok12:59:39.0708 3464 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys12:59:39.0709 3464 ql40xx - ok12:59:39.0736 3464 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll12:59:39.0740 3464 QWAVE - ok12:59:39.0754 3464 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys12:59:39.0755 3464 QWAVEdrv - ok12:59:39.0761 3464 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys12:59:39.0762 3464 RasAcd - ok12:59:39.0787 3464 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys12:59:39.0788 3464 RasAgileVpn - ok12:59:39.0805 3464 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll12:59:39.0807 3464 RasAuto - ok12:59:39.0841 3464 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys12:59:39.0843 3464 Rasl2tp - ok12:59:39.0877 3464 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll12:59:39.0882 3464 RasMan - ok12:59:39.0889 3464 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys12:59:39.0890 3464 RasPppoe - ok12:59:39.0901 3464 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys12:59:39.0903 3464 RasSstp - ok12:59:39.0941 3464 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys12:59:39.0945 3464 rdbss - ok12:59:39.0958 3464 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys12:59:39.0958 3464 rdpbus - ok12:59:39.0973 3464 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys12:59:39.0973 3464 RDPCDD - ok12:59:39.0993 3464 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys12:59:39.0993 3464 RDPENCDD - ok12:59:40.0007 3464 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys12:59:40.0007 3464 RDPREFMP - ok12:59:40.0049 3464 [ 15B66C206B5CB095BAB980553F38ED23 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys12:59:40.0052 3464 RDPWD - ok12:59:40.0085 3464 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys12:59:40.0088 3464 rdyboost - ok12:59:40.0214 3464 [ 5F9AC3243C206EC95F32E4348AE67C13 ] RegFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys12:59:40.0214 3464 RegFilter - ok12:59:40.0244 3464 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll12:59:40.0246 3464 RemoteAccess - ok12:59:40.0274 3464 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll12:59:40.0277 3464 RemoteRegistry - ok12:59:40.0292 3464 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll12:59:40.0294 3464 RpcEptMapper - ok12:59:40.0324 3464 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe12:59:40.0325 3464 RpcLocator - ok12:59:40.0372 3464 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll12:59:40.0377 3464 RpcSs - ok12:59:40.0403 3464 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys12:59:40.0404 3464 rspndr - ok12:59:40.0475 3464 [ DB30AA4DAA0D492FA5D7717D8181FFA1 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys12:59:40.0477 3464 RSUSBSTOR - ok12:59:40.0495 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] SamSs C:\Windows\system32\lsass.exe12:59:40.0497 3464 SamSs - ok12:59:40.0527 3464 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys12:59:40.0528 3464 sbp2port - ok12:59:40.0568 3464 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll12:59:40.0571 3464 SCardSvr - ok12:59:40.0597 3464 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys12:59:40.0598 3464 scfilter - ok12:59:40.0648 3464 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll12:59:40.0680 3464 Schedule - ok12:59:40.0713 3464 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll12:59:40.0714 3464 SCPolicySvc - ok12:59:40.0750 3464 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll12:59:40.0754 3464 SDRSVC - ok12:59:40.0792 3464 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys12:59:40.0793 3464 secdrv - ok12:59:40.0821 3464 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll12:59:40.0823 3464 seclogon - ok12:59:40.0860 3464 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll12:59:40.0862 3464 SENS - ok12:59:40.0875 3464 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll12:59:40.0877 3464 SensrSvc - ok12:59:40.0893 3464 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys12:59:40.0894 3464 Serenum - ok12:59:40.0911 3464 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys12:59:40.0912 3464 Serial - ok12:59:40.0951 3464 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys12:59:40.0952 3464 sermouse - ok12:59:41.0013 3464 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll12:59:41.0016 3464 SessionEnv - ok12:59:41.0047 3464 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys12:59:41.0048 3464 sffdisk - ok12:59:41.0065 3464 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys12:59:41.0065 3464 sffp_mmc - ok12:59:41.0079 3464 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys12:59:41.0079 3464 sffp_sd - ok12:59:41.0085 3464 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys12:59:41.0086 3464 sfloppy - ok12:59:41.0131 3464 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll12:59:41.0136 3464 SharedAccess - ok12:59:41.0173 3464 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll12:59:41.0177 3464 ShellHWDetection - ok12:59:41.0189 3464 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys12:59:41.0191 3464 SiSRaid2 - ok12:59:41.0214 3464 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys12:59:41.0216 3464 SiSRaid4 - ok12:59:41.0296 3464 [ DD0443BC6CC78A19FD399817F8C51401 ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys12:59:41.0297 3464 SmartDefragDriver - ok12:59:41.0312 3464 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys12:59:41.0314 3464 Smb - ok12:59:41.0354 3464 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe12:59:41.0356 3464 SNMPTRAP - ok12:59:41.0370 3464 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys12:59:41.0371 3464 spldr - ok12:59:41.0422 3464 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe12:59:41.0428 3464 Spooler - ok12:59:41.0530 3464 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe12:59:41.0613 3464 sppsvc - ok12:59:41.0637 3464 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll12:59:41.0639 3464 sppuinotify - ok12:59:41.0687 3464 [ 65BBF4920148C2EE279055DA7228FC7B ] srv C:\Windows\system32\DRIVERS\srv.sys12:59:41.0693 3464 srv - ok12:59:41.0709 3464 [ DA939F762A1CCC2D77428621DDBD40A7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys12:59:41.0715 3464 srv2 - ok12:59:41.0763 3464 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS12:59:41.0767 3464 SrvHsfHDA - ok12:59:41.0816 3464 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS12:59:41.0851 3464 SrvHsfV92 - ok12:59:41.0883 3464 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS12:59:41.0902 3464 SrvHsfWinac - ok12:59:41.0932 3464 [ 3F847C9DC87299516F7DC82FB6572865 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys12:59:41.0934 3464 srvnet - ok12:59:41.0977 3464 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll12:59:41.0980 3464 SSDPSRV - ok12:59:41.0986 3464 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll12:59:41.0989 3464 SstpSvc - ok12:59:42.0013 3464 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys12:59:42.0013 3464 stexstor - ok12:59:42.0061 3464 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll12:59:42.0080 3464 stisvc - ok12:59:42.0113 3464 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys12:59:42.0113 3464 swenum - ok12:59:42.0139 3464 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll12:59:42.0157 3464 swprv - ok12:59:42.0225 3464 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll12:59:42.0265 3464 SysMain - ok12:59:42.0309 3464 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll12:59:42.0312 3464 TabletInputService - ok12:59:42.0351 3464 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll12:59:42.0356 3464 TapiSrv - ok12:59:42.0362 3464 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll12:59:42.0364 3464 TBS - ok12:59:42.0445 3464 [ 509383E505C973ED7534A06B3D19688D ] Tcpip C:\Windows\system32\drivers\tcpip.sys12:59:42.0491 3464 Tcpip - ok12:59:42.0560 3464 [ 509383E505C973ED7534A06B3D19688D ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys12:59:42.0573 3464 TCPIP6 - ok12:59:42.0602 3464 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys12:59:42.0603 3464 tcpipreg - ok12:59:42.0632 3464 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys12:59:42.0632 3464 TDPIPE - ok12:59:42.0637 3464 [ E4245BDA3190A582D55ED09E137401A9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys12:59:42.0639 3464 TDTCP - ok12:59:42.0665 3464 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys12:59:42.0666 3464 tdx - ok12:59:42.0695 3464 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys12:59:42.0696 3464 TermDD - ok12:59:42.0739 3464 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll12:59:42.0759 3464 TermService - ok12:59:42.0796 3464 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll12:59:42.0798 3464 Themes - ok12:59:42.0834 3464 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll12:59:42.0836 3464 THREADORDER - ok12:59:42.0853 3464 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll12:59:42.0856 3464 TrkWks - ok12:59:42.0918 3464 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe12:59:42.0920 3464 TrustedInstaller - ok12:59:42.0951 3464 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys12:59:42.0952 3464 tssecsrv - ok12:59:42.0996 3464 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys12:59:42.0997 3464 TsUsbFlt - ok12:59:43.0046 3464 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys12:59:43.0048 3464 tunnel - ok12:59:43.0077 3464 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys12:59:43.0078 3464 uagp35 - ok12:59:43.0117 3464 [ 2E22C1FD397A5A9FFEF55E9D1FC96C00 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys12:59:43.0117 3464 UBHelper - ok12:59:43.0151 3464 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys12:59:43.0155 3464 udfs - ok12:59:43.0189 3464 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe12:59:43.0192 3464 UI0Detect - ok12:59:43.0207 3464 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys12:59:43.0208 3464 uliagpkx - ok12:59:43.0238 3464 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys12:59:43.0239 3464 umbus - ok12:59:43.0257 3464 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys12:59:43.0257 3464 UmPass - ok12:59:43.0315 3464 [ 70DDE3A86DBEB1D6C3C30AD687B1877A ] Updater Service C:\Program Files\Acer\Acer Updater\UpdaterService.exe12:59:43.0317 3464 Updater Service - ok12:59:43.0334 3464 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll12:59:43.0340 3464 upnphost - ok12:59:43.0393 3464 [ 241080F1B28E68F0D00F8F1066A3780D ] UrlFilter C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys12:59:43.0394 3464 UrlFilter - ok12:59:43.0436 3464 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys12:59:43.0437 3464 usbaudio - ok12:59:43.0463 3464 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys12:59:43.0464 3464 usbccgp - ok12:59:43.0488 3464 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys12:59:43.0489 3464 usbcir - ok12:59:43.0509 3464 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys12:59:43.0510 3464 usbehci - ok12:59:43.0543 3464 [ 6648C6D7323A2CE0C4776C36CEFBCB14 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys12:59:43.0544 3464 usbfilter - ok12:59:43.0585 3464 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys12:59:43.0589 3464 usbhub - ok12:59:43.0594 3464 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys12:59:43.0595 3464 usbohci - ok12:59:43.0621 3464 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys12:59:43.0622 3464 usbprint - ok12:59:43.0643 3464 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS12:59:43.0645 3464 USBSTOR - ok12:59:43.0651 3464 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys12:59:43.0652 3464 usbuhci - ok12:59:43.0713 3464 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys12:59:43.0715 3464 usbvideo - ok12:59:43.0734 3464 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll12:59:43.0736 3464 UxSms - ok12:59:43.0753 3464 [ 0793F40B9B8A1BDD266296409DBD91EA ] VaultSvc C:\Windows\system32\lsass.exe12:59:43.0754 3464 VaultSvc - ok12:59:43.0773 3464 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys12:59:43.0774 3464 vdrvroot - ok12:59:43.0815 3464 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe12:59:43.0834 3464 vds - ok12:59:43.0856 3464 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys12:59:43.0857 3464 vga - ok12:59:43.0880 3464 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys12:59:43.0881 3464 VgaSave - ok12:59:43.0903 3464 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys12:59:43.0906 3464 vhdmp - ok12:59:43.0937 3464 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys12:59:43.0938 3464 viaide - ok12:59:43.0972 3464 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys12:59:43.0974 3464 volmgr - ok12:59:44.0015 3464 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys12:59:44.0020 3464 volmgrx - ok12:59:44.0043 3464 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys12:59:44.0047 3464 volsnap - ok12:59:44.0071 3464 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys12:59:44.0073 3464 vsmraid - ok12:59:44.0134 3464 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe12:59:44.0161 3464 VSS - ok12:59:44.0171 3464 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys12:59:44.0172 3464 vwifibus - ok12:59:44.0178 3464 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys12:59:44.0179 3464 vwififlt - ok12:59:44.0209 3464 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll12:59:44.0215 3464 W32Time - ok12:59:44.0223 3464 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys12:59:44.0224 3464 WacomPen - ok12:59:44.0262 3464 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys12:59:44.0263 3464 WANARP - ok12:59:44.0269 3464 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys12:59:44.0270 3464 Wanarpv6 - ok12:59:44.0336 3464 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe12:59:44.0370 3464 WatAdminSvc - ok12:59:44.0432 3464 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe12:59:44.0467 3464 wbengine - ok12:59:44.0508 3464 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll12:59:44.0512 3464 WbioSrvc - ok12:59:44.0556 3464 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll12:59:44.0562 3464 wcncsvc - ok12:59:44.0574 3464 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll12:59:44.0577 3464 WcsPlugInService - ok12:59:44.0600 3464 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys12:59:44.0601 3464 Wd - ok12:59:44.0631 3464 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys12:59:44.0649 3464 Wdf01000 - ok12:59:44.0655 3464 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll12:59:44.0658 3464 WdiServiceHost - ok12:59:44.0663 3464 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll12:59:44.0667 3464 WdiSystemHost - ok12:59:44.0705 3464 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll12:59:44.0709 3464 WebClient - ok12:59:44.0731 3464 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll12:59:44.0738 3464 Wecsvc - ok12:59:44.0744 3464 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll12:59:44.0747 3464 wercplsupport - ok12:59:44.0774 3464 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll12:59:44.0777 3464 WerSvc - ok12:59:44.0782 3464 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys12:59:44.0783 3464 WfpLwf - ok12:59:44.0801 3464 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys12:59:44.0802 3464 WIMMount - ok12:59:44.0810 3464 WinDefend - ok12:59:44.0818 3464 WinHttpAutoProxySvc - ok12:59:44.0872 3464 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll12:59:44.0876 3464 Winmgmt - ok12:59:44.0942 3464 [ 0C0195C48B6B8582FA6F6373032118DA ] WinRing0_1_2_0 C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys12:59:44.0943 3464 WinRing0_1_2_0 - ok12:59:45.0019 3464 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll12:59:45.0065 3464 WinRM - ok12:59:45.0129 3464 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll12:59:45.0150 3464 Wlansvc - ok12:59:45.0194 3464 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe12:59:45.0195 3464 wlcrasvc - ok12:59:45.0310 3464 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE12:59:45.0325 3464 wlidsvc - ok12:59:45.0373 3464 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys12:59:45.0373 3464 WmiAcpi - ok12:59:45.0401 3464 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe12:59:45.0403 3464 wmiApSrv - ok12:59:45.0422 3464 WMPNetworkSvc - ok12:59:45.0453 3464 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll12:59:45.0455 3464 WPCSvc - ok12:59:45.0492 3464 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll12:59:45.0495 3464 WPDBusEnum - ok12:59:45.0518 3464 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys12:59:45.0519 3464 ws2ifsl - ok12:59:45.0530 3464 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll12:59:45.0532 3464 wscsvc - ok12:59:45.0538 3464 WSearch - ok12:59:45.0627 3464 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll12:59:45.0646 3464 wuauserv - ok12:59:45.0681 3464 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys12:59:45.0682 3464 WudfPf - ok12:59:45.0719 3464 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys12:59:45.0722 3464 WUDFRd - ok12:59:45.0757 3464 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll12:59:45.0759 3464 wudfsvc - ok12:59:45.0783 3464 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll12:59:45.0788 3464 WwanSvc - ok12:59:45.0804 3464 ================ Scan global ===============================12:59:45.0836 3464 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll12:59:45.0876 3464 [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\Windows\system32\winsrv.dll12:59:45.0898 3464 [ 15822E7206C7A0A893395CB07A63C7E1 ] C:\Windows\system32\winsrv.dll12:59:45.0924 3464 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll12:59:45.0957 3464 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe12:59:45.0961 3464 [Global] - ok12:59:45.0962 3464 ================ Scan MBR ==================================12:59:45.0983 3464 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR012:59:46.0262 3464 \Device\Harddisk0\DR0 - ok12:59:46.0262 3464 ================ Scan VBR ==================================12:59:46.0266 3464 [ 111DC8E5BEE9A91143FB53A3D290A49A ] \Device\Harddisk0\DR0\Partition112:59:46.0268 3464 \Device\Harddisk0\DR0\Partition1 - ok12:59:46.0277 3464 [ 412687FF380F52D00646A79899D8F512 ] \Device\Harddisk0\DR0\Partition212:59:46.0279 3464 \Device\Harddisk0\DR0\Partition2 - ok12:59:46.0280 3464 ============================================================12:59:46.0280 3464 Scan finished12:59:46.0280 3464 ============================================================12:59:46.0295 6284 Detected object count: 012:59:46.0295 6284 Actual detected object count: 0Will begin step 5 as soon as I return... Link to post Share on other sites More sharing options...
kerux Posted August 20, 2012 Author ID:587860 Share Posted August 20, 2012 Step 5 - RK reportRogueKiller V7.6.6 [08/10/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Teri [Admin rights]Mode: Scan -- Date: 08/20/2012 15:39:29¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 2 ¤¤¤[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD32 00BEVT-22ZCT0 SATA Disk Device +++++--- User ---[MBR] d9ac55de354fad5db940a719a3eccd7a[bSP] 2855c458b75a9fca2ad56bbb73a07141 : Windows Vista MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 21, 2012 ID:588064 Share Posted August 21, 2012 (edited) You will want to print out or copy these instructions to Notepad for offline reference!These steps are for member Kerux only. If you are a casual viewer, do NOT try this on your system! If you are not and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use!Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.If you have a prior copy of Combofix, delete it now Download Combofix from any of the links below, and SAVE it to your Desktop. Link 1Link 2**Note: It is important that it is saved directly to your Desktop and not run straight away from download **Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsHave infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator". A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. A file will be created at => C:\Combofix.txt. Notes:[1] IF after Combofix reboot you get the message Illegal operation attempted on registry key that has been marked for deletion....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.[2] Do not mouseclick combofix's window nor run any program while Combofix is running.That may cause it to stall.[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :!:Reply & Copy/Paste the C:\Combofix.txt log and tell me, How is the system now ?Re-enable your antivirus program. Edited August 21, 2012 by Maurice Naggar Link to post Share on other sites More sharing options...
kerux Posted August 21, 2012 Author ID:588332 Share Posted August 21, 2012 Ran ComboFix...tried Windows Update...code 80246008ComboFix 12-08-20.02 - Teri 08/21/2012 7:33:45.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3838.2708 [GMT -5:00]Running from: C:\Users\Teri\Desktop\ComboFix.exeAV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))C:\Install.exeInfected copy of C:\Windows\SysWow64\userinit.exe was found and disinfected Restored copy from - C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe ((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))2012-08-21 13:11:56 . 2012-08-21 13:11:56 -------- d-----w- C:\Users\Default\AppData\Local\temp2012-08-20 17:46:10 . 2012-08-20 17:46:28 -------- d-----w- C:\Program Files (x86)\ERUNT2012-08-17 19:35:01 . 2012-08-17 19:35:01 -------- d-----w- C:\Windows\CheckSur2012-08-17 02:16:51 . 2012-08-17 02:16:51 -------- d-----w- C:\Users\Teri\AppData\Roaming\Avira2012-08-17 02:10:56 . 2012-07-18 23:05:10 98848 ----a-w- C:\Windows\system32\drivers\avgntflt.sys2012-08-17 02:10:56 . 2012-07-18 23:05:10 27760 ----a-w- C:\Windows\system32\drivers\avkmgr.sys2012-08-17 02:10:56 . 2012-07-18 23:05:10 132832 ----a-w- C:\Windows\system32\drivers\avipbb.sys2012-08-17 02:10:55 . 2012-08-17 02:10:55 -------- d-----w- C:\ProgramData\Avira2012-08-17 02:10:55 . 2012-08-17 02:10:55 -------- d-----w- C:\Program Files (x86)\Avira2012-08-17 00:27:50 . 2012-08-17 00:36:24 -------- d-----w- C:\Users\Teri\AppData\Roaming\WinPatrol2012-08-17 00:27:37 . 2012-08-17 00:27:37 -------- d-----w- C:\ProgramData\InstallMate2012-08-17 00:27:37 . 2012-08-17 00:27:37 -------- d-----w- C:\Program Files (x86)\BillP Studios2012-08-16 18:10:40 . 2012-08-16 18:10:40 -------- d-----w- C:\Program Files (x86)\Belarc2012-08-15 18:14:17 . 2012-08-15 18:14:17 181064 ----a-w- C:\Windows\PSEXESVC.EXE2012-08-15 18:10:11 . 2012-08-15 18:08:43 381816 ----a-w- C:\Windows\system32\PsExec.exe2012-08-15 04:49:58 . 2012-08-15 04:49:58 -------- d-----w- C:\Program Files\HitmanPro2012-08-15 04:45:27 . 2012-08-15 04:55:35 -------- d-----w- C:\ProgramData\HitmanPro.(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))2012-08-15 04:56:29 . 2012-06-14 17:07:50 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-15 04:56:29 . 2012-06-14 17:07:50 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-06-02 22:19:46 . 2012-07-13 01:47:42 38424 ----a-w- C:\Windows\system32\wups.dll2012-06-02 22:19:43 . 2012-07-13 01:47:52 2428952 ----a-w- C:\Windows\system32\wuaueng.dll2012-06-02 22:19:42 . 2012-07-13 01:47:53 57880 ----a-w- C:\Windows\system32\wuauclt.exe2012-06-02 22:19:42 . 2012-07-13 01:47:53 44056 ----a-w- C:\Windows\system32\wups2.dll2012-06-02 22:19:23 . 2012-07-13 01:47:42 701976 ----a-w- C:\Windows\system32\wuapi.dll2012-06-02 22:15:31 . 2012-07-13 01:47:53 2622464 ----a-w- C:\Windows\system32\wucltux.dll2012-06-02 22:15:08 . 2012-07-13 01:47:42 99840 ----a-w- C:\Windows\system32\wudriver.dll2012-06-02 20:19:42 . 2012-07-13 01:47:33 186752 ----a-w- C:\Windows\system32\wuwebv.dll2012-06-02 20:15:12 . 2012-07-13 01:47:33 36864 ----a-w- C:\Windows\system32\wuapp.exe((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{a8864317-e18b-4292-99d9-e6e65ab905d3}"= "C:\Program Files (x86)\Runescape\tbRun1.dll" [2011-01-28 00:14:15 3911776][HKEY_CLASSES_ROOT\clsid\{a8864317-e18b-4292-99d9-e6e65ab905d3}][HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]2009-09-11 05:41:42 120104 ----a-w- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Advanced SystemCare 5"="C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-03-06 23:39:50 574296] Link to post Share on other sites More sharing options...
Maurice Naggar Posted August 22, 2012 ID:588567 Share Posted August 22, 2012 Your copy of the Combofix.txt is short (truncated/incomplete).Please retry. Open NOTEPAD. Edit >> Select ALL >> COPY {CTRL+ A then CTRL+C }then in reply box PasteI need an entire (verbatim) copy).You have Advanced SystemCare 5. Did you buy it? If not, uninstall it. In any event, Iobit does not have a good reputation.And irregardless, using any registry cleaner/tweaker is ill-advised and often does more harm than good.You do not need registry cleaners, at all.In addition to above, you already have the FSS tool. I need for you to do a new run, and then Copy/Paste the FSS.txt into a separate reply. Link to post Share on other sites More sharing options...
Recommended Posts