Jump to content

Duncann

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral

About Duncann

  • Birthday 05/18/1968

Profile Information

  • Location
    Maine
  1. Duncann
    Hi Maurice, I wanted to thank you once again and if I could impose just a little while longer, ask a couple of quick questions. I copied all the files I wanted to save from my already infected computer to a flash drive. Is it safe to copy them back to my computer? McAfee specifically told me not to run MBAM with their AV program. Is it OK to run MBAM with those free AVs you mentioned? Are you sure I should not have to wipe my HDD to remove any trace of this "RAT"? I guess thats enough you have been more than patient and again thank you very much! Duncan
  2. Duncann
    Hi maurice, Sorry I took so long to get back to you. But I have been busy... I have been to short on this in the past as it is a long story. Gateway has a propietary boot loader or boot manager they use for their recovery. I thought it was included with their "Gateway Recovery Center" (GRC) which was missing from my system. (I have since found out it is not.) This is why I have been so hot to get the windows"MSI" service running so I could install this program. If at anytime you reload windows from the system disk that ships with the computer you will loose GRC and the boot loader that comes with it. ( which I had years ago) You can get GRC back but not the bootloader. So as far as I can tell, from that point on your only opption to restore to "near" factory condition is to reinstall windows and then manually reinstall each factory program and driver from your disk or the recovery partition. Neither the disk or the recovery partition contain this boot loader program. AFAIK. (I don't Know what it looks like, let alone how to install or configure it) When you click on the factory restore button in GRC It reboots your system. Then it should boot up with the recovery process but mine just reboots windows as if I hadn't done anything. So I reinstalled windows. I am sorry if this causes you problems. I realize that you didn't instruct me to do so but I just couldn't see continuing to check the system from safe mode. I felt like a stabil normal mode was a better option. So now I have a fully functional windows enviornment. It seems to be working ok with a few glitches. Is there any reason to continue? I know that the HDD has not been formated but I'm not sure how I can do that given my recovery options. The last time I tried to format and reload from My windows disk I got an error that "Bootmgr" was missing and I had to have a repair guy fix it. Can this Trojan still be lurking on the HDD? Already done, weeks ago. But I have them saved on a flash drive that was connected to my still infected computer. Is that drive safe to reconnect? If you decide that we should keep going I want to let you know where we are in terms of the reload. So far I have reinstalled windows, loaded the basic driver files for my sound, video, LAN, and WLAN. I have connected to the internet and downloaded Adobe Reader and run windows up-date once. I have not reinstalled McAfee as I am not sure I want to continue with that program and it is a bitch to get back off. I do have windows firewall running and I have only been to trusted sites and google. If you think we should stop, Do you think it is safe to continue with this machine or should I try to find another way to format and reload the system? And could you please recomend a protection strategy for safer web browsing? Do you use both an antivirus and a malware program to protect your system? (i have not been able to do that because McAfee doesn't play well with others.) Is there anything else you would recomend? Please let me know and regardless I want you to know I am very grateful for all your help. You are truely a gentleman. sincerest thanks, Duncan PS sorry for all the spelling errors. If this forum has a spell checker I haven't found it
  3. Duncann
    Hi Maurice, I'm sorry but none of these things will work in Normal mode. We seem to have made some headway with those registry fixs but there are still several services not running. Do these programs require the windows installer program msiserver? I know that is not running. Do you think reinstalling windows would reset the registry and enable some of these progams to run? I think if the OS were running stabily I might still be able to get that Recovery Program installed and then do a factory restore. Any way let me know what you think or if you want to run these programs in safe mode.
  4. Duncann
    hi maurice, Yes. OK here we go reset internet explorer. -done Add ESET to my trusted sites list. -done, but I had to uncheck box that said "Require server verification" turn off pop-up blocker. -done, it was on Went to ESET and got the same results; "The website wants to install the following add-on..." clicked on install. Got; "To display this webpage again the browser needs to resend the information you've previously submitted..." Hit retry or cancel. Got; "An add-on for this website failed to run." end of story. Any other ideas? It says on their webpage that you have to have admin privledges to run scaner. But I can't run anything in normal mode as administrator. I have been periodicaly trying various programs as we work through this just to see if they will run and "run as administrator" does not work. I am the admin for this computer at least thats what it says in Account control. For instance; I am trying to install my "Gateway Recovery Center" (GRC) When I run the install program It does start but when I click on continue It says " The system administrator has set policies to prevent this installation". The file is an ".msi" file so there is no right click-Run as administrator option. Other programs like IE will run fine from a double click but not if you right click-run as admin. It says... ready..."The specified service does not ...bla bla bla" Should I try it in safe mode?
  5. Duncann
    Well we are making progress. When I first read your instructions I thought OK but niether IE or my web connection work in either safe or normal but I"ll try it.... Well I guess I have the internet back even though It still says "the specified service does not exist...bla bla" in the notification area of the task bar. First I could not find a check box that said "proxy servers BLOCK" instead I have a box that says "Use a proxy server for your LAN" it was unchecked and I left it that way. Under that if checked there is another check box that says "Bypass Proxy server for local address" Also unchecked. Is this what you want? Unfortunately It still seems that administrator privledges are offline or somehow screwed up. So right away I had trouble running the automatic IE reset. So I followed that page's onscreen instructions to do so manually and had no trouble. I ran "Flush.bat" without incident from normal mode and it rebooted the computer. I went to the ESET site and atempted to run the scan without much hope (since admin privledges are down) and this is what I got; "The website wants to install the following add-on..." clicked on install. Got; "To display this webpage again the browser needs to resend the information you've previously submitted..." Hit retry and cancell. Got; "An add on for this website failed to run." So what next boss?
  6. Duncann
    Hi Maurice, Ok, I do know what it takes to reload my software, and what it takes is factory recovery program called "Gateway Recovery Center". This program is no longer on my C Drive and because of this it no longer shows up as an option under the "advanced boot options menu" (f10). I have found a copy with it's installation program on my D Drive. But I cannot install anything in normal operation mode - currently i do not have the service(s) it needs and it will not run in safe mode. I could however install a clean copy of just Vista if you think that will help get my machine to just run normally. For some reason reinstalling just windows causes alot of issues with Gateway installed devices and is part of the reason why I no longer have "Gateway Recovery Center" installed on my C drive. Some programs that came installed on the machine do not reload after a windows clean install. As far as I know the only way for me to do a factory install using my D: Recovery Drive is to use this Gateway Recovery Center, and the only way to truly reset the machine to how it came from the factory. If you know of a different way to access the D Drive I would be happy to hear it. I performed the registry fixes that you gave me and did have some progress, thank you. Still most services are not working in normal mode, I did notice some improved speed and windows update seem to be running although the internet is still down. I was able to run that batch file from normal mode. But that is the only thing that would run in normal mode. I still had to reboot into safe mode to run FSS and ListParts and the logs will follow. It looks to me that according to FSS some of those services are back online even though they won't run in safe mode...? Also, I did some digging and it would appear that most of those services you were trying to restart require the RPC Service. It would seem that since most windows functions work in safe mode but not in normal mode that there is some common service loaded differently between the two, could it be this RPC Service? Which shows as started under safe mode? Anyways, here are the logs ... Farbar Service Scanner Version: 07-10-2012 Ran by Owner (administrator) on 14-10-2012 at 19:31:33 Running from "C:\Users\Owner\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Attempt to access Google.com returned error: Other errors Yahoo IP is accessible. Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= MpsSvc Service is not running. Checking service configuration: The start type of MpsSvc service is OK. The ImagePath of MpsSvc service is OK. The ServiceDll of MpsSvc service is OK. bfe Service is not running. Checking service configuration: The start type of bfe service is OK. The ImagePath of bfe service is OK. The ServiceDll of bfe service is OK. Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is set to Auto. The default start type is 3. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is OK. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 PlugPlay Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\ipnathlp.dll [2008-01-20 22:24] - [2008-01-20 22:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165 C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** ListParts by Farbar Version: 14-10-2012 Ran by Owner (administrator) on 14-10-2012 at 21:03:55 Windows Vista (X86) Running From: C:\Users\Owner\Desktop Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 21% Total physical RAM: 1917.38 MB Available physical RAM: 1498.43 MB Total Pagefile: 4077.27 MB Available Pagefile: 3760.8 MB Total Virtual: 2047.88 MB Available Virtual: 1983.64 MB ======================= Partitions ========================= 1 Drive c: () (Fixed) (Total:221.84 GB) (Free:162.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (RECOVERY) (Fixed) (Total:11.04 GB) (Free:5.21 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.72 GB) FAT DiskPart has encountered an error: The dependency service does not exist or has been marked for deletion. See the System Event Log for more information. Windows Boot Manager -------------------- identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795} device partition=C: path \bootmgr description Windows Boot Manager locale en-US inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} default {e23fcb56-ef6d-11e0-8ff4-e29c84b9fc51} resumeobject {e23fcb57-ef6d-11e0-8ff4-e29c84b9fc51} displayorder {e23fcb56-ef6d-11e0-8ff4-e29c84b9fc51} toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d} timeout 30 resume No Windows Boot Loader ------------------- identifier {0acdd9b1-fc19-11e0-a0fb-ba66e51c8955} device partition=D: path \Windows\system32\boot\winload.exe description Windows ™ Code Name "Longhorn" Preinstallation Environment (recovered) osdevice partition=D: systemroot \Windows detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {e23fcb56-ef6d-11e0-8ff4-e29c84b9fc51} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale en-US inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} osdevice partition=C: systemroot \Windows resumeobject {e23fcb57-ef6d-11e0-8ff4-e29c84b9fc51} nx OptIn Resume from Hibernate --------------------- identifier {e23fcb57-ef6d-11e0-8ff4-e29c84b9fc51} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {1afa9c49-16ab-4a5c-901b-212802da9460} filedevice partition=C: filepath \hiberfil.sys pae Yes debugoptionenabled No Windows Memory Tester --------------------- identifier {b2721d73-1db4-4c62-bf78-c548a880142d} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} badmemoryaccess Yes Windows Legacy OS Loader ------------------------ identifier {466f5a88-0af2-4f76-9038-095b170dc21c} device partition=C: path \ntldr description Earlier Version of Windows EMS Settings ------------ identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} bootems Yes Debugger Settings ----------------- identifier {4636856e-540f-4170-a130-a84776f4c654} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2} Global Settings --------------- identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} inherit {4636856e-540f-4170-a130-a84776f4c654} {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9} {5189b25c-5558-4bf2-bca4-289b11bd29e2} Boot Loader Settings -------------------- identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7} inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} Resume Loader Settings ---------------------- identifier {1afa9c49-16ab-4a5c-901b-212802da9460} inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e} ****** End Of Log ******
  7. Duncann
    Now to your last post; Security center is not working in normal mode But I can tell you that my antivirus is disabled. Windows firewall has been disabled as I use the firewall in McAfee and Windows update has been set to manual for a long time now. I run update every month or so. The last time was about a week before this happened. I do remember trying to get McAfee completely shut down from MSconfig but I only shut them down I did not alter the way in which they loaded and they have since returned. I am the only user of this computer. So the answer is No. About a week before this meltdown I tried to run a scan and the computer locked up. After I got the warning about ZeroAcess I was able to run a scan as part of McAfee's online instructions (which included the "bootrec fixmbr" command) and it ran all the way through but found nothing. It was durring this time when I realized nothing was working in normal mode. To begin "MSconfig" will not run in normal mode. Under safe mode it was not set to normal start up because a long time ago I started using it to disable unwanted start up options so it has been set to selective start-up for years. However the load system services check box is checked and I have never tried to permenantly disable a service as I have no idea what most of them do. Especially the microsoft services. While in Safe mode I selected normal start-up and rebooted... No change in normal mode except a bunch of programs I had disabled came back and some gave me error msgs on start-up OK I went one step further I opened computer managment and checked those results as well... To begin everything listed under MSconfig was checked there were only 3 on your list missing Window firewall, and windows update (probably as I stated I don't use them) and RPC end point mapper(?) However the only service running was windows management intrumentation. Some of these won't run in safe mode anyway. (I know from prior experiments that windows installer won't run in safe mode) Below is the list you included and below each entry is what I found in order shown left to right on MSConfig \ and then Comp management. Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark. Checked, Stopped, \comp mgmt Status:No status shown, start-up: automatic Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark. checked, stopped \comp mgmt Status:No status shown, start-up: manual Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark. checked, stopped Status:No status shown, start-up: automatic Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. checked, stopped Status:No status shown, start-up: manual Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Not shown Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Not shown Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. checked, running Status:started, start-up: automatic Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. checked, stopped Status:No status shown, start-up: manual Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Not shown In general most every service is stopped but loaded automatically. Does this mean the are disabled or have the run their course and shut down? Or because I am stuck in safe mode? I know there are a bunch of services not running in normal mode. But why? Is there a list out there for min services for windows to run? It seems like there is a tleast one critical service that almost everything calls for that is not there. See prior post. I ran FSS; Normal mode; "specified service is not an installed service"!!!!!!!!!!!!!!!!!!! Safe mode; Farbar Service Scanner Version: 07-10-2012 Ran by Owner (administrator) on 13-10-2012 at 17:37:35 Running from "C:\Users\Owner\Desktop" Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Boot Mode: Network **************************************************************** Internet Services: ============ Dnscache Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist. Dhcp Service is not running. Checking service configuration: The start type of Dhcp service is OK. The ImagePath of Dhcp service is OK. The ServiceDll of Dhcp service is OK. Nsi Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist. Connection Status: ============== Attempt to access Local Host IP returned error: Localhost is blocked: Other errors LAN connected. Attempt to access Google IP returned error: Other errors Attempt to access Google.com returned error: Other errors Attempt to access Yahoo IP returned error: Other errors Attempt to access Yahoo.com returned error: Other errors Windows Firewall: ============= mpsdrv Service is not running. Checking service configuration: The start type of mpsdrv service is OK. The ImagePath of mpsdrv service is OK. MpsSvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist. bfe Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist. Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is set to Auto. The default start type is 3. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist. Windows Update: ============ wuauserv Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist. BITS Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 PlugPlay Service is not running. Checking service configuration: Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist. Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist. Other Services: ============== Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist. Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist. Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist. File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** Well maybe we are getting somewhere? Or is this because its in safe mode? As far as doing a clean install, I would love to but as I've said I can't run my recovery for that untill I get these services back. I don't care about anything on this machine. But the last time I tried to do a factory install without going through "Gateway recovery center" I had to have a tech guy fix it and I still don't have some of the original programs and features to this day.
  8. Duncann
    hi Maurice, OK First things first, TDSSkiller; I wasn't even able to copy the program to that folder in normal mode. It seems that along with most of my services administrator privliges is also not working. (I am admin for this computer) So back to safe mode... As I stated in last post ((x86) not in my folder path. So I copied program to chameleon folder then tried to run your command again (x86) no such folder. Altered command line to remove (x86) and ... No com window at all but up poped the folder Chameleon I ran TDSSKiller and it found nothing here is the log; 14:58:39.0814 1432 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 14:58:39.0845 1432 ============================================================ 14:58:39.0845 1432 Current date / time: 2012/10/13 14:58:39.0845 14:58:39.0845 1432 SystemInfo: 14:58:39.0845 1432 14:58:39.0845 1432 OS Version: 6.0.6002 ServicePack: 2.0 14:58:39.0845 1432 Product type: Workstation 14:58:39.0845 1432 ComputerName: DUNCAN-PC 14:58:39.0845 1432 UserName: Owner 14:58:39.0845 1432 Windows directory: C:\Windows 14:58:39.0845 1432 System windows directory: C:\Windows 14:58:39.0845 1432 Processor architecture: Intel x86 14:58:39.0845 1432 Number of processors: 2 14:58:39.0845 1432 Page size: 0x1000 14:58:39.0845 1432 Boot type: Safe boot with network 14:58:39.0845 1432 ============================================================ 14:58:41.0093 1432 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:58:41.0093 1432 Drive \Device\Harddisk1\DR1 - Size: 0x797D1A00 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:58:41.0093 1432 ============================================================ 14:58:41.0093 1432 \Device\Harddisk0\DR0: 14:58:41.0093 1432 MBR partitions: 14:58:41.0093 1432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1613C22 14:58:41.0093 1432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1613C61, BlocksNum 0x1BBB0920 14:58:41.0093 1432 \Device\Harddisk1\DR1: 14:58:41.0093 1432 MBR partitions: 14:58:41.0093 1432 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F 14:58:41.0093 1432 ============================================================ 14:58:41.0140 1432 C: <-> \Device\Harddisk0\DR0\Partition2 14:58:41.0171 1432 D: <-> \Device\Harddisk0\DR0\Partition1 14:58:41.0171 1432 ============================================================ 14:58:41.0171 1432 Initialize success 14:58:41.0171 1432 ============================================================ 14:58:53.0355 1024 ============================================================ 14:58:53.0355 1024 Scan started 14:58:53.0355 1024 Mode: Manual; 14:58:53.0355 1024 ============================================================ 14:58:54.0431 1024 ================ Scan system memory ======================== 14:58:54.0431 1024 System memory - ok 14:58:54.0447 1024 ================ Scan services ============================= 14:58:54.0650 1024 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 14:58:54.0650 1024 ACPI - ok 14:58:54.0743 1024 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:58:54.0790 1024 adp94xx - ok 14:58:54.0868 1024 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:58:54.0899 1024 adpahci - ok 14:58:54.0962 1024 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 14:58:54.0962 1024 adpu160m - ok 14:58:55.0024 1024 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:58:55.0055 1024 adpu320 - ok 14:58:55.0164 1024 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:58:55.0180 1024 AeLookupSvc - ok 14:58:55.0258 1024 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 14:58:55.0258 1024 AFD - ok 14:58:55.0289 1024 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe 14:58:55.0289 1024 AgereModemAudio - ok 14:58:55.0367 1024 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 14:58:55.0398 1024 AgereSoftModem - ok 14:58:55.0523 1024 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:58:55.0523 1024 agp440 - ok 14:58:55.0570 1024 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 14:58:55.0570 1024 aic78xx - ok 14:58:55.0601 1024 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 14:58:55.0601 1024 ALG - ok 14:58:55.0617 1024 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 14:58:55.0617 1024 aliide - ok 14:58:55.0632 1024 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 14:58:55.0648 1024 amdagp - ok 14:58:55.0679 1024 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 14:58:55.0679 1024 amdide - ok 14:58:55.0710 1024 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 14:58:55.0710 1024 AmdK7 - ok 14:58:55.0742 1024 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 14:58:55.0757 1024 AmdK8 - ok 14:58:55.0788 1024 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 14:58:55.0788 1024 arc - ok 14:58:55.0835 1024 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:58:55.0851 1024 arcsas - ok 14:58:55.0991 1024 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 14:58:55.0991 1024 aspnet_state - ok 14:58:56.0054 1024 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:58:56.0054 1024 AsyncMac - ok 14:58:56.0116 1024 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 14:58:56.0116 1024 atapi - ok 14:58:56.0225 1024 [ 86ACB6A60C50E99EB8E68710D5A12654 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 14:58:56.0256 1024 Ati External Event Utility - ok 14:58:56.0459 1024 [ 7DB96C2801A78513BDC133C25D07929E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 14:58:56.0584 1024 atikmdag - ok 14:58:56.0646 1024 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 14:58:56.0646 1024 AtiPcie - ok 14:58:56.0740 1024 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:58:56.0756 1024 AudioEndpointBuilder - ok 14:58:56.0787 1024 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 14:58:56.0802 1024 Audiosrv - ok 14:58:56.0865 1024 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 14:58:56.0865 1024 Beep - ok 14:58:56.0896 1024 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:58:56.0896 1024 blbdrive - ok 14:58:57.0005 1024 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:58:57.0005 1024 bowser - ok 14:58:57.0052 1024 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 14:58:57.0052 1024 BrFiltLo - ok 14:58:57.0052 1024 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 14:58:57.0052 1024 BrFiltUp - ok 14:58:57.0114 1024 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 14:58:57.0114 1024 Browser - ok 14:58:57.0146 1024 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 14:58:57.0146 1024 Brserid - ok 14:58:57.0177 1024 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 14:58:57.0177 1024 BrSerWdm - ok 14:58:57.0208 1024 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 14:58:57.0208 1024 BrUsbMdm - ok 14:58:57.0224 1024 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 14:58:57.0224 1024 BrUsbSer - ok 14:58:57.0286 1024 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:58:57.0286 1024 BTHMODEM - ok 14:58:57.0317 1024 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:58:57.0333 1024 cdfs - ok 14:58:57.0364 1024 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:58:57.0364 1024 cdrom - ok 14:58:57.0426 1024 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 14:58:57.0442 1024 CertPropSvc - ok 14:58:57.0504 1024 [ 958C33D0715D1496684D2E5E329748E8 ] cfwids C:\Windows\system32\drivers\cfwids.sys 14:58:57.0504 1024 cfwids - ok 14:58:57.0536 1024 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 14:58:57.0536 1024 circlass - ok 14:58:57.0598 1024 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 14:58:57.0614 1024 CLFS - ok 14:58:57.0676 1024 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:58:57.0707 1024 clr_optimization_v2.0.50727_32 - ok 14:58:57.0801 1024 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:58:57.0832 1024 clr_optimization_v4.0.30319_32 - ok 14:58:57.0910 1024 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:58:57.0910 1024 CmBatt - ok 14:58:57.0941 1024 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:58:57.0941 1024 cmdide - ok 14:58:57.0988 1024 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:58:57.0988 1024 Compbatt - ok 14:58:58.0019 1024 COMSysApp - ok 14:58:58.0050 1024 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:58:58.0050 1024 crcdisk - ok 14:58:58.0082 1024 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 14:58:58.0082 1024 Crusoe - ok 14:58:58.0160 1024 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:58:58.0160 1024 CryptSvc - ok 14:58:58.0238 1024 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:58:58.0284 1024 DcomLaunch - ok 14:58:58.0300 1024 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:58:58.0316 1024 DfsC - ok 14:58:58.0440 1024 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 14:58:58.0503 1024 DFSR - ok 14:58:58.0596 1024 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 14:58:58.0596 1024 Dhcp - ok 14:58:58.0674 1024 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 14:58:58.0674 1024 disk - ok 14:58:58.0721 1024 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:58:58.0737 1024 dot3svc - ok 14:58:58.0799 1024 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 14:58:58.0799 1024 DPS - ok 14:58:58.0846 1024 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:58:58.0846 1024 drmkaud - ok 14:58:58.0924 1024 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:58:58.0940 1024 DXGKrnl - ok 14:58:59.0049 1024 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 14:58:59.0049 1024 E1G60 - ok 14:58:59.0096 1024 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 14:58:59.0096 1024 EapHost - ok 14:58:59.0158 1024 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 14:58:59.0174 1024 Ecache - ok 14:58:59.0220 1024 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:58:59.0236 1024 ehRecvr - ok 14:58:59.0236 1024 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 14:58:59.0236 1024 ehSched - ok 14:58:59.0252 1024 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 14:58:59.0252 1024 ehstart - ok 14:58:59.0314 1024 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:58:59.0314 1024 elxstor - ok 14:58:59.0392 1024 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 14:58:59.0408 1024 EMDMgmt - ok 14:58:59.0470 1024 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:58:59.0470 1024 ErrDev - ok 14:58:59.0595 1024 esgiguard - ok 14:58:59.0642 1024 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 14:58:59.0657 1024 EventSystem - ok 14:58:59.0720 1024 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 14:58:59.0735 1024 exfat - ok 14:58:59.0766 1024 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:58:59.0782 1024 fastfat - ok 14:58:59.0813 1024 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:58:59.0813 1024 fdc - ok 14:58:59.0860 1024 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 14:58:59.0860 1024 fdPHost - ok 14:58:59.0860 1024 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 14:58:59.0876 1024 FDResPub - ok 14:58:59.0938 1024 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:58:59.0938 1024 FileInfo - ok 14:58:59.0954 1024 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:58:59.0954 1024 Filetrace - ok 14:59:00.0000 1024 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:59:00.0000 1024 flpydisk - ok 14:59:00.0063 1024 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:59:00.0063 1024 FltMgr - ok 14:59:00.0125 1024 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 14:59:00.0141 1024 FontCache3.0.0.0 - ok 14:59:00.0172 1024 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:59:00.0172 1024 Fs_Rec - ok 14:59:00.0266 1024 [ B7AA8283EC551D3A3B924E520E0621A7 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys 14:59:00.0266 1024 FTDIBUS - ok 14:59:00.0328 1024 [ 596D31583CE332B5514520D74837F434 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys 14:59:00.0344 1024 FTSER2K - ok 14:59:00.0375 1024 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:59:00.0375 1024 gagp30kx - ok 14:59:00.0437 1024 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 14:59:00.0453 1024 gpsvc - ok 14:59:00.0562 1024 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:59:00.0562 1024 HdAudAddService - ok 14:59:00.0640 1024 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:59:00.0656 1024 HDAudBus - ok 14:59:00.0687 1024 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:59:00.0687 1024 HidBth - ok 14:59:00.0687 1024 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 14:59:00.0702 1024 HidIr - ok 14:59:00.0734 1024 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 14:59:00.0734 1024 hidserv - ok 14:59:00.0780 1024 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:59:00.0780 1024 HidUsb - ok 14:59:00.0874 1024 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys 14:59:00.0874 1024 HipShieldK - ok 14:59:00.0936 1024 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:59:00.0936 1024 hkmsvc - ok 14:59:00.0968 1024 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 14:59:00.0968 1024 HpCISSs - ok 14:59:01.0030 1024 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:59:01.0030 1024 HTTP - ok 14:59:01.0092 1024 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 14:59:01.0092 1024 i2omp - ok 14:59:01.0155 1024 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:59:01.0155 1024 i8042prt - ok 14:59:01.0170 1024 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 14:59:01.0170 1024 iaStorV - ok 14:59:01.0295 1024 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 14:59:01.0326 1024 idsvc - ok 14:59:01.0358 1024 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:59:01.0358 1024 iirsp - ok 14:59:01.0404 1024 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 14:59:01.0420 1024 IKEEXT - ok 14:59:01.0467 1024 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 14:59:01.0467 1024 intelide - ok 14:59:01.0498 1024 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:59:01.0498 1024 intelppm - ok 14:59:01.0514 1024 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:59:01.0514 1024 IpFilterDriver - ok 14:59:01.0514 1024 IpInIp - ok 14:59:01.0529 1024 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 14:59:01.0529 1024 IPMIDRV - ok 14:59:01.0592 1024 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 14:59:01.0592 1024 IPNAT - ok 14:59:01.0607 1024 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:59:01.0623 1024 IRENUM - ok 14:59:01.0685 1024 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:59:01.0685 1024 isapnp - ok 14:59:01.0732 1024 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 14:59:01.0732 1024 iScsiPrt - ok 14:59:01.0763 1024 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 14:59:01.0763 1024 iteatapi - ok 14:59:01.0779 1024 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 14:59:01.0779 1024 iteraid - ok 14:59:01.0826 1024 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:59:01.0826 1024 kbdclass - ok 14:59:01.0841 1024 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 14:59:01.0841 1024 kbdhid - ok 14:59:01.0872 1024 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 14:59:01.0872 1024 KeyIso - ok 14:59:01.0935 1024 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:59:01.0935 1024 KSecDD - ok 14:59:02.0028 1024 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 14:59:02.0028 1024 KtmRm - ok 14:59:02.0091 1024 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 14:59:02.0106 1024 LanmanServer - ok 14:59:02.0169 1024 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:59:02.0169 1024 LanmanWorkstation - ok 14:59:02.0216 1024 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:59:02.0216 1024 lltdio - ok 14:59:02.0247 1024 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:59:02.0247 1024 lltdsvc - ok 14:59:02.0294 1024 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:59:02.0294 1024 lmhosts - ok 14:59:02.0325 1024 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:59:02.0325 1024 LSI_FC - ok 14:59:02.0356 1024 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:59:02.0372 1024 LSI_SAS - ok 14:59:02.0403 1024 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:59:02.0403 1024 LSI_SCSI - ok 14:59:02.0465 1024 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 14:59:02.0465 1024 luafv - ok 14:59:02.0559 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 14:59:02.0559 1024 McMPFSvc - ok 14:59:02.0590 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 14:59:02.0590 1024 mcmscsvc - ok 14:59:02.0606 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 14:59:02.0606 1024 McNaiAnn - ok 14:59:02.0621 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 14:59:02.0621 1024 McNASvc - ok 14:59:02.0762 1024 [ F2424960B82DFCED4FB08596D3EF100A ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe 14:59:02.0762 1024 McODS - ok 14:59:02.0762 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 14:59:02.0777 1024 McProxy - ok 14:59:02.0840 1024 [ 6A78931E71218F38B2B4665D2BA79789 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 14:59:02.0840 1024 McShield - ok 14:59:02.0871 1024 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:59:02.0871 1024 Mcx2Svc - ok 14:59:02.0902 1024 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 14:59:02.0902 1024 megasas - ok 14:59:02.0949 1024 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 14:59:02.0949 1024 MegaSR - ok 14:59:02.0996 1024 [ 38995E33939DCA02BEED384C37A0BABB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 14:59:02.0996 1024 mfeapfk - ok 14:59:03.0089 1024 [ ACB64C134E0FA7124FE67A8CC5F02833 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 14:59:03.0105 1024 mfeavfk - ok 14:59:03.0152 1024 [ FB331E460DBAE41B7CBDD72E690D6DA3 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys 14:59:03.0152 1024 mfebopk - ok 14:59:03.0183 1024 [ 8421EF9F71E0595BE68B5D913ED0FE78 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 14:59:03.0198 1024 mfefire - ok 14:59:03.0261 1024 [ 53891A53ACF0D43088E899DDD7209ACC ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 14:59:03.0261 1024 mfefirek - ok 14:59:03.0323 1024 [ 2F70286021B917F6D69C32C5DB8CD288 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 14:59:03.0339 1024 mfehidk - ok 14:59:03.0354 1024 [ 9171F3CA5DDD1D6A590B295F90E1E3BB ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 14:59:03.0370 1024 mferkdet - ok 14:59:03.0401 1024 [ 958E4A10C7C2C80714882542934C6912 ] mfevtp C:\Windows\system32\mfevtps.exe 14:59:03.0401 1024 mfevtp - ok 14:59:03.0432 1024 [ 07A474725D2DC08759496F58164795CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 14:59:03.0432 1024 mfewfpk - ok 14:59:03.0557 1024 MFE_RR - ok 14:59:03.0588 1024 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 14:59:03.0588 1024 MMCSS - ok 14:59:03.0604 1024 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 14:59:03.0604 1024 Modem - ok 14:59:03.0666 1024 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:59:03.0666 1024 monitor - ok 14:59:03.0682 1024 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:59:03.0682 1024 mouclass - ok 14:59:03.0698 1024 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:59:03.0698 1024 mouhid - ok 14:59:03.0729 1024 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 14:59:03.0729 1024 MountMgr - ok 14:59:03.0760 1024 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 14:59:03.0760 1024 mpio - ok 14:59:03.0822 1024 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:59:03.0822 1024 mpsdrv - ok 14:59:03.0854 1024 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 14:59:03.0854 1024 Mraid35x - ok 14:59:03.0916 1024 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:59:03.0916 1024 MRxDAV - ok 14:59:03.0963 1024 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:59:03.0963 1024 mrxsmb - ok 14:59:03.0978 1024 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:59:03.0978 1024 mrxsmb10 - ok 14:59:03.0978 1024 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:59:03.0978 1024 mrxsmb20 - ok 14:59:04.0010 1024 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 14:59:04.0010 1024 msahci - ok 14:59:04.0056 1024 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:59:04.0056 1024 msdsm - ok 14:59:04.0088 1024 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 14:59:04.0088 1024 MSDTC - ok 14:59:04.0150 1024 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:59:04.0150 1024 Msfs - ok 14:59:04.0212 1024 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:59:04.0212 1024 msisadrv - ok 14:59:04.0244 1024 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:59:04.0244 1024 MSiSCSI - ok 14:59:04.0275 1024 msiserver - ok 14:59:04.0290 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 14:59:04.0290 1024 MSK80Service - ok 14:59:04.0337 1024 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:59:04.0337 1024 MSKSSRV - ok 14:59:04.0400 1024 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:59:04.0400 1024 MSPCLOCK - ok 14:59:04.0415 1024 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:59:04.0415 1024 MSPQM - ok 14:59:04.0431 1024 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:59:04.0431 1024 MsRPC - ok 14:59:04.0478 1024 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 14:59:04.0478 1024 mssmbios - ok 14:59:04.0524 1024 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:59:04.0524 1024 MSTEE - ok 14:59:04.0556 1024 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 14:59:04.0556 1024 Mup - ok 14:59:04.0602 1024 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 14:59:04.0602 1024 napagent - ok 14:59:04.0665 1024 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:59:04.0665 1024 NativeWifiP - ok 14:59:04.0680 1024 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:59:04.0696 1024 NDIS - ok 14:59:04.0727 1024 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:59:04.0727 1024 NdisTapi - ok 14:59:04.0743 1024 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:59:04.0758 1024 Ndisuio - ok 14:59:04.0836 1024 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:59:04.0836 1024 NdisWan - ok 14:59:04.0852 1024 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:59:04.0852 1024 NDProxy - ok 14:59:04.0899 1024 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:59:04.0899 1024 NetBIOS - ok 14:59:04.0930 1024 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 14:59:04.0946 1024 netbt - ok 14:59:05.0008 1024 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 14:59:05.0008 1024 Netlogon - ok 14:59:05.0039 1024 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:59:05.0039 1024 NetTcpPortSharing - ok 14:59:05.0055 1024 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:59:05.0055 1024 nfrd960 - ok 14:59:05.0102 1024 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:59:05.0102 1024 NlaSvc - ok 14:59:05.0148 1024 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:59:05.0148 1024 Npfs - ok 14:59:05.0164 1024 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:59:05.0164 1024 nsiproxy - ok 14:59:05.0258 1024 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:59:05.0289 1024 Ntfs - ok 14:59:05.0304 1024 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 14:59:05.0304 1024 ntrigdigi - ok 14:59:05.0382 1024 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys 14:59:05.0382 1024 NuidFltr - ok 14:59:05.0398 1024 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 14:59:05.0398 1024 Null - ok 14:59:05.0445 1024 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:59:05.0445 1024 nvraid - ok 14:59:05.0476 1024 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:59:05.0476 1024 nvstor - ok 14:59:05.0507 1024 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:59:05.0523 1024 nv_agp - ok 14:59:05.0523 1024 NwlnkFlt - ok 14:59:05.0523 1024 NwlnkFwd - ok 14:59:05.0663 1024 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:59:05.0679 1024 odserv - ok 14:59:05.0710 1024 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:59:05.0710 1024 ohci1394 - ok 14:59:05.0772 1024 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:59:05.0772 1024 ose - ok 14:59:05.0866 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 14:59:05.0882 1024 p2pimsvc - ok 14:59:05.0897 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 14:59:05.0897 1024 p2psvc - ok 14:59:05.0913 1024 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 14:59:05.0928 1024 Parport - ok 14:59:05.0975 1024 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:59:05.0975 1024 partmgr - ok 14:59:06.0006 1024 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 14:59:06.0006 1024 Parvdm - ok 14:59:06.0038 1024 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 14:59:06.0038 1024 PcaSvc - ok 14:59:06.0084 1024 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 14:59:06.0084 1024 pci - ok 14:59:06.0131 1024 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 14:59:06.0131 1024 pciide - ok 14:59:06.0162 1024 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:59:06.0162 1024 pcmcia - ok 14:59:06.0240 1024 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:59:06.0272 1024 PEAUTH - ok 14:59:06.0334 1024 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 14:59:06.0381 1024 pla - ok 14:59:06.0412 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 14:59:06.0412 1024 PNRPAutoReg - ok 14:59:06.0459 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 14:59:06.0459 1024 PNRPsvc - ok 14:59:06.0506 1024 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:59:06.0521 1024 PolicyAgent - ok 14:59:06.0537 1024 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:59:06.0537 1024 PptpMiniport - ok 14:59:06.0568 1024 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 14:59:06.0568 1024 Processor - ok 14:59:06.0615 1024 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 14:59:06.0630 1024 ProfSvc - ok 14:59:06.0646 1024 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 14:59:06.0646 1024 ProtectedStorage - ok 14:59:06.0708 1024 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 14:59:06.0708 1024 PSched - ok 14:59:06.0786 1024 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:59:06.0833 1024 ql2300 - ok 14:59:06.0849 1024 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:59:06.0849 1024 ql40xx - ok 14:59:06.0880 1024 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:59:06.0880 1024 QWAVEdrv - ok 14:59:06.0911 1024 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:59:06.0911 1024 RasAcd - ok 14:59:06.0958 1024 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 14:59:06.0958 1024 RasAuto - ok 14:59:06.0989 1024 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:59:07.0005 1024 Rasl2tp - ok 14:59:07.0036 1024 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 14:59:07.0052 1024 RasMan - ok 14:59:07.0098 1024 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:59:07.0098 1024 RasPppoe - ok 14:59:07.0145 1024 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:59:07.0145 1024 RasSstp - ok 14:59:07.0192 1024 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:59:07.0192 1024 rdbss - ok 14:59:07.0223 1024 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:59:07.0223 1024 RDPCDD - ok 14:59:07.0254 1024 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 14:59:07.0254 1024 rdpdr - ok 14:59:07.0254 1024 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:59:07.0270 1024 RDPENCDD - ok 14:59:07.0332 1024 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:59:07.0332 1024 RDPWD - ok 14:59:07.0410 1024 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:59:07.0426 1024 RemoteAccess - ok 14:59:07.0488 1024 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:59:07.0504 1024 RemoteRegistry - ok 14:59:07.0551 1024 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 14:59:07.0551 1024 RpcLocator - ok 14:59:07.0613 1024 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\Windows\system32\rpcnet.exe 14:59:07.0613 1024 rpcnet - ok 14:59:07.0676 1024 [ 11CF31E0D86D71D7D0CF5A5DA86EBFF2 ] rpcnetp C:\Windows\System32\rpcnetp.exe 14:59:07.0676 1024 rpcnetp - ok 14:59:07.0707 1024 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 14:59:07.0707 1024 RpcSs - ok 14:59:07.0738 1024 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:59:07.0754 1024 rspndr - ok 14:59:07.0816 1024 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys 14:59:07.0832 1024 RTL8169 - ok 14:59:07.0878 1024 [ 661AF6A63DFF9F23B1DC3FB7B3E7A917 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys 14:59:07.0878 1024 RTL8187B - ok 14:59:07.0941 1024 [ 68180821FEDEBB2B373D83A2D8E4E16A ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS 14:59:07.0941 1024 RTSTOR - ok 14:59:07.0972 1024 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 14:59:07.0972 1024 SamSs - ok 14:59:08.0003 1024 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:59:08.0003 1024 sbp2port - ok 14:59:08.0050 1024 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:59:08.0050 1024 SCardSvr - ok 14:59:08.0128 1024 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 14:59:08.0159 1024 Schedule - ok 14:59:08.0175 1024 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 14:59:08.0175 1024 SCPolicySvc - ok 14:59:08.0206 1024 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:59:08.0206 1024 SDRSVC - ok 14:59:08.0237 1024 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:59:08.0237 1024 secdrv - ok 14:59:08.0268 1024 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 14:59:08.0268 1024 Serenum - ok 14:59:08.0284 1024 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 14:59:08.0300 1024 Serial - ok 14:59:08.0331 1024 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:59:08.0331 1024 sermouse - ok 14:59:08.0362 1024 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:59:08.0362 1024 sffdisk - ok 14:59:08.0409 1024 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:59:08.0409 1024 sffp_mmc - ok 14:59:08.0424 1024 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:59:08.0424 1024 sffp_sd - ok 14:59:08.0440 1024 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:59:08.0440 1024 sfloppy - ok 14:59:08.0518 1024 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:59:08.0518 1024 ShellHWDetection - ok 14:59:08.0549 1024 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 14:59:08.0549 1024 sisagp - ok 14:59:08.0580 1024 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 14:59:08.0580 1024 SiSRaid2 - ok 14:59:08.0612 1024 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:59:08.0612 1024 SiSRaid4 - ok 14:59:08.0736 1024 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 14:59:08.0830 1024 slsvc - ok 14:59:08.0877 1024 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:59:08.0877 1024 Smb - ok 14:59:08.0939 1024 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:59:08.0939 1024 SNMPTRAP - ok 14:59:08.0955 1024 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 14:59:08.0955 1024 spldr - ok 14:59:08.0986 1024 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 14:59:09.0002 1024 Spooler - ok 14:59:09.0048 1024 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 14:59:09.0064 1024 srv - ok 14:59:09.0095 1024 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:59:09.0111 1024 srv2 - ok 14:59:09.0126 1024 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:59:09.0126 1024 srvnet - ok 14:59:09.0158 1024 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:59:09.0173 1024 SSDPSRV - ok 14:59:09.0251 1024 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:59:09.0251 1024 SstpSvc - ok 14:59:09.0345 1024 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 14:59:09.0360 1024 stisvc - ok 14:59:09.0392 1024 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 14:59:09.0392 1024 swenum - ok 14:59:09.0438 1024 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 14:59:09.0438 1024 swprv - ok 14:59:09.0485 1024 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 14:59:09.0485 1024 Symc8xx - ok 14:59:09.0501 1024 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 14:59:09.0516 1024 Sym_hi - ok 14:59:09.0532 1024 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 14:59:09.0532 1024 Sym_u3 - ok 14:59:09.0563 1024 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:59:09.0579 1024 TabletInputService - ok 14:59:09.0641 1024 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:59:09.0657 1024 TapiSrv - ok 14:59:09.0688 1024 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 14:59:09.0704 1024 TBS - ok 14:59:09.0766 1024 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:59:09.0797 1024 Tcpip - ok 14:59:09.0813 1024 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 14:59:09.0828 1024 Tcpip6 - ok 14:59:09.0875 1024 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:59:09.0891 1024 tcpipreg - ok 14:59:09.0922 1024 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:59:09.0938 1024 TDPIPE - ok 14:59:09.0953 1024 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:59:09.0953 1024 TDTCP - ok 14:59:10.0031 1024 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:59:10.0031 1024 tdx - ok 14:59:10.0047 1024 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 14:59:10.0047 1024 TermDD - ok 14:59:10.0125 1024 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 14:59:10.0140 1024 TermService - ok 14:59:10.0172 1024 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 14:59:10.0172 1024 Themes - ok 14:59:10.0187 1024 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 14:59:10.0187 1024 THREADORDER - ok 14:59:10.0218 1024 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 14:59:10.0218 1024 TrkWks - ok 14:59:10.0312 1024 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:59:10.0328 1024 TrustedInstaller - ok 14:59:10.0374 1024 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:59:10.0406 1024 tssecsrv - ok 14:59:10.0452 1024 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 14:59:10.0452 1024 tunmp - ok 14:59:10.0515 1024 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:59:10.0515 1024 tunnel - ok 14:59:10.0546 1024 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:59:10.0546 1024 uagp35 - ok 14:59:10.0577 1024 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:59:10.0577 1024 udfs - ok 14:59:10.0640 1024 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:59:10.0640 1024 UI0Detect - ok 14:59:10.0655 1024 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:59:10.0655 1024 uliagpkx - ok 14:59:10.0702 1024 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 14:59:10.0718 1024 uliahci - ok 14:59:10.0733 1024 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 14:59:10.0733 1024 UlSata - ok 14:59:10.0780 1024 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 14:59:10.0780 1024 ulsata2 - ok 14:59:10.0811 1024 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:59:10.0811 1024 umbus - ok 14:59:10.0858 1024 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:59:10.0858 1024 usbccgp - ok 14:59:10.0936 1024 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:59:10.0936 1024 usbcir - ok 14:59:10.0983 1024 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:59:10.0983 1024 usbehci - ok 14:59:11.0014 1024 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:59:11.0014 1024 usbhub - ok 14:59:11.0045 1024 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 14:59:11.0045 1024 usbohci - ok 14:59:11.0108 1024 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:59:11.0108 1024 usbprint - ok 14:59:11.0186 1024 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:59:11.0186 1024 usbscan - ok 14:59:11.0201 1024 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:59:11.0201 1024 USBSTOR - ok 14:59:11.0248 1024 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 14:59:11.0248 1024 usbuhci - ok 14:59:11.0295 1024 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 14:59:11.0295 1024 usbvideo - ok 14:59:11.0326 1024 [ 7B8424BBAAFBC127C8F55AD6007D6D6B ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS 14:59:11.0326 1024 UVCFTR - ok 14:59:11.0373 1024 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 14:59:11.0373 1024 UxSms - ok 14:59:11.0420 1024 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 14:59:11.0435 1024 vds - ok 14:59:11.0466 1024 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:59:11.0466 1024 vga - ok 14:59:11.0482 1024 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 14:59:11.0482 1024 VgaSave - ok 14:59:11.0513 1024 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 14:59:11.0513 1024 viaagp - ok 14:59:11.0544 1024 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 14:59:11.0544 1024 ViaC7 - ok 14:59:11.0560 1024 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 14:59:11.0560 1024 viaide - ok 14:59:11.0591 1024 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:59:11.0591 1024 volmgr - ok 14:59:11.0669 1024 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:59:11.0669 1024 volmgrx - ok 14:59:11.0732 1024 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:59:11.0747 1024 volsnap - ok 14:59:11.0794 1024 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:59:11.0794 1024 vsmraid - ok 14:59:11.0841 1024 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 14:59:11.0872 1024 VSS - ok 14:59:11.0919 1024 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 14:59:11.0934 1024 W32Time - ok 14:59:11.0966 1024 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:59:11.0966 1024 WacomPen - ok 14:59:12.0012 1024 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 14:59:12.0012 1024 Wanarp - ok 14:59:12.0012 1024 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:59:12.0028 1024 Wanarpv6 - ok 14:59:12.0044 1024 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 14:59:12.0044 1024 Wd - ok 14:59:12.0090 1024 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:59:12.0106 1024 Wdf01000 - ok 14:59:12.0137 1024 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:59:12.0137 1024 WdiServiceHost - ok 14:59:12.0153 1024 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:59:12.0153 1024 WdiSystemHost - ok 14:59:12.0215 1024 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:59:12.0215 1024 Wecsvc - ok 14:59:12.0231 1024 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:59:12.0246 1024 wercplsupport - ok 14:59:12.0262 1024 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 14:59:12.0262 1024 WerSvc - ok 14:59:12.0371 1024 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:59:12.0387 1024 Winmgmt - ok 14:59:12.0465 1024 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 14:59:12.0543 1024 WinRM - ok 14:59:12.0605 1024 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 14:59:12.0621 1024 Wlansvc - ok 14:59:12.0652 1024 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 14:59:12.0652 1024 WmiAcpi - ok 14:59:12.0714 1024 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:59:12.0730 1024 wmiApSrv - ok 14:59:12.0824 1024 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 14:59:12.0855 1024 WMPNetworkSvc - ok 14:59:12.0917 1024 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:59:12.0933 1024 WPCSvc - ok 14:59:13.0042 1024 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 14:59:13.0058 1024 WpdUsb - ok 14:59:13.0214 1024 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 14:59:13.0229 1024 WPFFontCache_v0400 - ok 14:59:13.0323 1024 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:59:13.0354 1024 ws2ifsl - ok 14:59:13.0385 1024 WSearch - ok 14:59:13.0432 1024 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:59:13.0463 1024 WUDFRd - ok 14:59:13.0494 1024 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:59:13.0510 1024 wudfsvc - ok 14:59:13.0557 1024 ================ Scan global =============================== 14:59:13.0619 1024 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 14:59:13.0697 1024 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 14:59:13.0806 1024 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 14:59:13.0869 1024 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 14:59:13.0869 1024 [Global] - ok 14:59:13.0900 1024 ================ Scan MBR ================================== 14:59:13.0931 1024 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 14:59:15.0273 1024 \Device\Harddisk0\DR0 - ok 14:59:15.0288 1024 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk1\DR1 14:59:15.0288 1024 \Device\Harddisk1\DR1 - ok 14:59:15.0288 1024 ================ Scan VBR ================================== 14:59:15.0320 1024 [ 570BF47E461EAFF2B1B82C1A7A6F870E ] \Device\Harddisk0\DR0\Partition1 14:59:15.0320 1024 \Device\Harddisk0\DR0\Partition1 - ok 14:59:15.0382 1024 [ 1E9C0BA18D156E64011492099A1DCE16 ] \Device\Harddisk0\DR0\Partition2 14:59:15.0398 1024 \Device\Harddisk0\DR0\Partition2 - ok 14:59:15.0413 1024 [ C7D35E39758639961CC01BFC9E071CD3 ] \Device\Harddisk1\DR1\Partition1 14:59:15.0413 1024 \Device\Harddisk1\DR1\Partition1 - ok 14:59:15.0413 1024 ============================================================ 14:59:15.0413 1024 Scan finished 14:59:15.0413 1024 ============================================================ 14:59:15.0429 1000 Detected object count: 0 14:59:15.0429 1000 Actual detected object count: 0 14:59:36.0348 1416 Deinitialize success
  9. Duncann
    Hi Maurice' Well I tried like hell to use normal mode. I just can't get these programs to run there. I get the same message "The specified service is not an installed service." Nothing works in normal mode!!! The list is endless it would be easier to list the things that do work. It would seem that some ini file/registry setting that loads all these services is not being loaded. I'm sorry, I spent 4 hrs trying all the different versions of RKill but each time after waiting I get "Specified service...bla bla" You seem to be urging me to use normal mode so I will try but in the end until we get those services back up I don't think anything will work there. If you don't want me to perform a task in safe mode please let me know otherwise I will try normal first then safe if that won't work Anyway I gave in a ran Rkill in Safe mode and here are the results; Rkill 2.4.3 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 10/12/2012 06:08:30 PM in x86 mode. Windows Version: Windows Vista ™ Home Premium Service Pack 2 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * DHCP Client (Dhcp) is not Running. Startup Type set to: Automatic * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * COM+ Event System (RpcSs) is not Running. Startup Type set to: Automatic * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * Appinfo [Missing Service] * BFE [Missing Service] * BITS [Missing Service] * Dnscache [Missing Service] * IPBusEnum [Missing Service] * iphlpsvc [Missing Service] * MpsSvc [Missing Service] * Netman [Missing Service] * netprofm [Missing Service] * nsi [Missing Service] * PlugPlay [Missing Service] * QWAVE [Missing Service] * seclogon [Missing Service] * SENS [Missing Service] * SessionEnv [Missing Service] * SLUINotify [Missing Service] * SysMain [Missing Service] * upnphost [Missing Service] * wcncsvc [Missing Service] * WcsPlugInService [Missing Service] * WinDefend [Missing Service] * WinHttpAutoProxySvc [Missing Service] * wscsvc [Missing Service] * wuauserv [Missing Service] * SharedAccess [Missing ImagePath] * WebClient [Missing Parameters Key] * WPDBusEnum [Missing Parameters Key] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 10/12/2012 06:09:18 PM Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s) As you can see a lot of missing services even for safe mode. I did not continue with TDSSKiller I wanted to ask you if it ok to perform that task in safe mode if it won't work in Normal? (which it probaby won't.) Also, I do not have (x86) in this folder path in case it maters, ? But I am using a 32 bit system.
  10. Duncann
    Hi maurice, Well I had problems in normal mode. (Surprise) I was able to install ERUNT in safe mode and back up the registry. I ran Chameleon From there as well and MBAM but MBAM found nothing. I rebooted into normal mode and tried to run chameleon again but nothing. It did run but I tried all 12 options and no Command box appeared. MBAM will not run in normal mode either. Here is the log for what its worth; Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.07.13 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Owner :: DUNCAN-PC [administrator] 10/11/2012 9:19:54 PM mbam-log-2012-10-11 (21-19-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 198107 Time elapsed: 3 minute(s), 37 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. Duncann
    Hi Dave, I will change those passwords. I have not run those programs since I started with you. As I mentioned in my first post, SuperDave (Computer hope forums) had me run several cleaning and diagnostic programs. I realize that you are helping me out of the goodness in your heart. and I appreciate it. I will follow your lead. I ran FRST with the script here is the log; Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012 Ran by SYSTEM at 2012-10-10 20:53:59 Run:1 Running from G:\ ============================================== Could not move C:\$Recycle.Bin\S-1-5-21-3537287095-3571365832-2134347009-1000\$0aa21280e1fc7d5237c7009ab6215ffc. Could not move C:\$Recycle.Bin\S-1-5-18\$0aa21280e1fc7d5237c7009ab6215ffc. ==== End of Fixlog ====
  12. Duncann
    Hi Maurice, I read everything in your block text, I don't know if my passwords and login info are safe. The only ones I am concerned about are my online banking and I don't believe those are saved on the PC and I havn't been to that site since I got the Trojan. In fact I havn't been anywhere with that machine since it all came apart. It says that my wireless network adapter is not installed. Also as soon as I noticed the problem,(Trojan Detected) I turned off the switch for the wireless reciever and I have only turned it back on a few times briefly to see if it was working. In spite of this do you think my data has been compromised? I do intend to wipe the hard drive and install fresh. Unfortunately with Gateway I need thier recovery center to do that. . At some point I lost it. I think because I installed a clean copy of windows some months ago for another problem. Anyway I can't install "Gateway Recovery Center" until I get back at least some functionality to the machine. If we can just get those services back I think I can do it. It would mean reloading from the recovery partition of my Hard Drive however, Can this "back door Trojan" stick around after a factory recovery from the recovery partition? (I do have a disk with Programs and drivers as well, but I don't believe it was intended for a full recovery) I downloaded and ran FRST here is the log; Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012 Ran by SYSTEM at 09-10-2012 14:01:39 Running from G:\ Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-07] (Malwarebytes Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 ==================== Services (Whitelisted) =================== 2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.) 3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [279584 2012-08-24] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200816 2012-06-22] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [168368 2012-06-22] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [166320 2012-06-22] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.) 2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2011-12-07] (Absolute Software Corp.) 2 rpcnetp; C:\Windows\System32\rpcnetp.exe [17408 2012-10-08] () 2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation) 2 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== 3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-06-22] (McAfee, Inc.) 3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.) 3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [127992 2012-06-22] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [230224 2012-06-22] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [61912 2012-06-22] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [360792 2012-06-22] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [554048 2012-06-22] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-06-22] (McAfee, Inc.) 1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-06-22] (McAfee, Inc.) 3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation) 3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation ) 3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-05-23] (Chicony Electronics Co., Ltd.) 3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 MFE_RR; \??\C:\Users\Owner\AppData\Local\Temp\mfe_rr.sys [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-10-09 14:01 - 2012-10-09 14:01 - 00000000 ____D C:\FRST 2012-10-08 17:04 - 2012-10-08 17:04 - 00000000 ____D C:\Program Files\trend micro 2012-10-08 17:03 - 2012-10-08 17:04 - 00000000 ____D C:\rsit 2012-10-08 16:34 - 2012-10-08 16:24 - 00781383 ____A C:\Users\Owner\Desktop\RSIT.exe 2012-10-01 11:44 - 2012-10-01 11:45 - 00000000 ____D C:\GRC 2012-10-01 10:43 - 2012-10-01 10:43 - 102055407 ____A C:\Windows\MEMORY.DMP 2012-10-01 10:43 - 2012-10-01 10:43 - 00134656 ____A C:\Windows\Minidump\Mini100112-01.dmp 2012-09-29 21:00 - 2012-09-29 21:00 - 00000789 ____A C:\AdwCleaner[R3].txt 2012-09-29 20:38 - 2012-09-29 20:39 - 00000730 ____A C:\AdwCleaner[R2].txt 2012-09-29 20:24 - 2012-09-29 20:24 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-09-29 20:24 - 2012-09-29 20:24 - 00000000 ____D C:\Program Files\CCleaner 2012-09-29 20:20 - 2012-09-29 18:54 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe 2012-09-29 20:20 - 2012-09-29 17:57 - 04758577 ___RA (Swearware) C:\Users\Owner\Desktop\ComboFix.exe 2012-09-29 20:20 - 2012-09-29 17:57 - 00881724 ____A C:\Users\Owner\Desktop\SecurityCheck.exe 2012-09-29 20:20 - 2012-09-29 17:47 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr 2012-09-29 19:35 - 2012-09-29 19:06 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe 2012-09-29 19:16 - 2012-09-29 19:16 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-29 19:16 - 2012-09-29 19:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-09-29 19:16 - 2012-09-07 13:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-29 19:12 - 2012-09-29 19:12 - 00000671 ____A C:\AdwCleaner[R1].txt 2012-09-28 14:17 - 2012-09-27 16:57 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup.exe 2012-09-28 14:15 - 2012-09-27 16:56 - 00513501 ____A C:\Users\Owner\Desktop\adwcleaner.exe 2012-09-21 15:23 - 2012-09-29 20:05 - 00059952 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2012-09-21 05:21 - 2012-09-21 05:22 - 00000000 ____D C:\Users\Owner\Documents\gateway 2012-09-15 06:05 - 2012-09-15 06:20 - 00000000 ____D C:\Users\Owner\Desktop\New Folder 2012-09-13 16:59 - 2012-09-13 16:59 - 00000000 ____D C:\Users\Owner\AppData\Roaming\McAfee 2012-09-09 09:45 - 2012-09-09 09:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\progeSOFT 2012-09-09 09:44 - 2012-09-09 09:44 - 00001936 ____A C:\Users\Public\Desktop\progeCAD 2009 Smart!.lnk 2012-09-09 09:44 - 2012-09-09 09:44 - 00000000 ____D C:\Users\All Users\progeSOFT 2012-09-09 09:43 - 2009-10-07 11:42 - 00089360 ____A (Microsoft Corporation) C:\Windows\System32\vb5db.dll 2012-09-09 09:43 - 2009-10-07 11:40 - 00266293 ____A (Microsoft Corporation) C:\Windows\System32\temp.000 2012-09-09 09:43 - 2009-10-07 11:40 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\temp.002 2012-09-09 09:43 - 2009-10-07 11:39 - 02134016 ____A (Amyuni Technologies 2012-09-09 09:43 - 2009-10-07 11:39 - 00077878 ____A (Microsoft Corporation) C:\Windows\System32\temp.001 2012-09-09 09:42 - 2012-09-09 09:42 - 00000000 ____D C:\Program Files\progeSOFT 2012-09-09 09:42 - 2009-10-07 11:42 - 01060864 ____A (Microsoft Corporation) C:\Windows\System32\mfc71.dll 2012-09-09 09:42 - 2009-10-07 11:42 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll 2012-09-09 09:42 - 2009-10-07 11:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll 2012-09-09 09:42 - 2009-10-07 11:42 - 00061440 ____A C:\Windows\System32\wintab32.dll 2012-09-09 09:42 - 2001-03-13 11:49 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.OCX 2012-09-09 09:42 - 1999-11-08 09:45 - 00339968 ____A (Autodesk) C:\Windows\System32\Slide.ocx 2012-09-09 09:42 - 1999-07-21 13:25 - 00274432 ____A (Autodesk Developer Consulting Group) C:\Windows\System32\DwgThumbnail.ocx 2012-09-09 09:42 - 1998-04-24 20:00 - 00368912 ____A (Microsoft Corporation) C:\Windows\System32\vbar332.dll 2012-09-09 09:31 - 2012-09-09 09:39 - 101350261 ____A C:\Users\Owner\Downloads\progeCAD-2009-Smart-AutoCAD-Clone.exe ==================== 3 Months Modified Files ================== 2012-10-08 17:30 - 2011-10-05 03:35 - 00001356 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat 2012-10-08 17:08 - 2012-06-11 05:16 - 00001735 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk 2012-10-08 17:01 - 2011-10-05 07:21 - 00017408 ____A C:\Windows\System32\rpcnetp.exe 2012-10-08 16:57 - 2006-11-02 05:01 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-10-08 16:57 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-08 16:57 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2012-10-08 16:57 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2012-10-08 16:55 - 2006-11-02 02:33 - 00716688 ____A C:\Windows\System32\PerfStringBackup.INI 2012-10-08 16:47 - 2011-10-05 07:52 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll 2012-10-08 16:47 - 2011-10-05 07:22 - 00017408 ____A C:\Windows\System32\rpcnetp.dll 2012-10-08 16:24 - 2012-10-08 16:34 - 00781383 ____A C:\Users\Owner\Desktop\RSIT.exe 2012-10-01 10:43 - 2012-10-01 10:43 - 102055407 ____A C:\Windows\MEMORY.DMP 2012-10-01 10:43 - 2012-10-01 10:43 - 00134656 ____A C:\Windows\Minidump\Mini100112-01.dmp 2012-09-29 21:00 - 2012-09-29 21:00 - 00000789 ____A C:\AdwCleaner[R3].txt 2012-09-29 20:39 - 2012-09-29 20:38 - 00000730 ____A C:\AdwCleaner[R2].txt 2012-09-29 20:24 - 2012-09-29 20:24 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk 2012-09-29 20:05 - 2012-09-21 15:23 - 00059952 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT 2012-09-29 19:16 - 2012-09-29 19:16 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-09-29 19:12 - 2012-09-29 19:12 - 00000671 ____A C:\AdwCleaner[R1].txt 2012-09-29 19:06 - 2012-09-29 19:35 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe 2012-09-29 18:54 - 2012-09-29 20:20 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe 2012-09-29 17:57 - 2012-09-29 20:20 - 04758577 ___RA (Swearware) C:\Users\Owner\Desktop\ComboFix.exe 2012-09-29 17:57 - 2012-09-29 20:20 - 00881724 ____A C:\Users\Owner\Desktop\SecurityCheck.exe 2012-09-29 17:47 - 2012-09-29 20:20 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr 2012-09-27 16:57 - 2012-09-28 14:17 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup.exe 2012-09-27 16:56 - 2012-09-28 14:15 - 00513501 ____A C:\Users\Owner\Desktop\adwcleaner.exe 2012-09-21 15:58 - 2006-11-02 04:47 - 00264840 ____A C:\Windows\System32\FNTCACHE.DAT 2012-09-13 16:25 - 2012-04-18 05:36 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-09-13 16:25 - 2011-10-26 06:46 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-09-09 09:44 - 2012-09-09 09:44 - 00001936 ____A C:\Users\Public\Desktop\progeCAD 2009 Smart!.lnk 2012-09-09 09:39 - 2012-09-09 09:31 - 101350261 ____A C:\Users\Owner\Downloads\progeCAD-2009-Smart-AutoCAD-Clone.exe 2012-09-07 13:04 - 2012-09-29 19:16 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-07-24 03:28 - 2012-07-24 03:28 - 00001675 ____A C:\Users\Owner\Desktop\Guns of August (Quick Start).lnk ZeroAccess: C:\$Recycle.Bin\S-1-5-21-3537287095-3571365832-2134347009-1000\$0aa21280e1fc7d5237c7009ab6215ffc ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$0aa21280e1fc7d5237c7009ab6215ffc ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 1917.38 MB Available physical RAM: 1510.14 MB Total Pagefile: 1765.2 MB Available Pagefile: 1581.35 MB Total Virtual: 2047.88 MB Available Virtual: 1974.31 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:221.84 GB) (Free:162.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)] 2 Drive d: (RECOVERY) (Fixed) (Total:11.04 GB) (Free:5.21 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive e: (ENU_HOME_PREM_32BIT_SP1.CMD) (CDROM) (Total:2.94 GB) (Free:0 GB) CDFS 5 Drive g: () (Removable) (Total:1.86 GB) (Free:1.74 GB) FAT 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 233 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 1944 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 11 GB 32 KB Partition 2 Primary 222 GB 11 GB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 D RECOVERY NTFS Partition 11 GB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 222 GB Healthy ========================================================= Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1908 MB 65 KB ========================================================= Disk: 2 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT Removable 1908 MB Healthy ========================================================= Last Boot: 2012-10-08 17:20 ==================== End Of Log ============================
  13. Duncann
    Hello Maurice, Thank you so much for responding. As i said I have seen this error talked about alot but your conversation with hemi425 was the only one resolved so I have high hopes. If we can just get my services back up so I can execute my recovery program I would be happy. I am assuming that a virus "root kit" or not can't survive a full format ? I do. It was they only way I can access the Recovery console where I ran the bootrec commands both originally and later with Superdave. It will not allow me to do a factory reset however. I am not a "paying customer" but I have recently downloaded and used their shareware version. Superdave had me run it and it did remove at least some part of "Zeroaccess" I downloaded and moved the files to the infected machine but neither one would run in Normal mode. Same message "Specified service not an installed service" I ran both the batch fix and RSIT from safe mode. Batch fix ran but paused very briefly and I thought I saw a message saying could not run in safe enviornment but it continued and rebooted the system. No change. RSIT ran ok here are the logs: BTW would you rather I attach or copy/paste these logs Again thank you so much for responding. log.txt info.txt
  14. Duncann
    I am having trouble with my laptop and yours is the only site I have found with a resolution. Specifically a post by the same name as this dated Sep 12 2012 by Hemi425. He was helped by a Mr. Maurice Naggar . There were several warnings by Mr. Nagger not to follow those instructions on my own but to Post a new topic. So Mr. Nagger if you are out there Please Help. First the stats and info; Gateway laptop model 1625, circa 2008 OS- microsoft vista service pack 2 build 6002 Pro- AMD turion 64 X2 mobile technology Ram- 2Gb HD- ? 220 Gb Video card- ? Supposed to be ATI based Sound card- ? AV- until now I have been using McAfee internet security (part of my problem is that device manager does not work) The back story; About 3 weeks ago while surfing the web I got a virus. Specificaly Zeroaccess Trojan that Mcafee was good enough to tell me about. My first indication was a pop-up from McAfee stating that it was there and in order to fix the problem I would need to reboot. I rebooted only to have the same msg. occure over and over I couldn't even ignore it. Well long story short after talking with Mcafee for an hour they said they could help me for a modest $90.00 fee. I was angry and decided to go it alone. I found instructions on how to remove the virus on-line at McAfee's own web site and folowed them to the letter. The last instruction given was to run the Bootrec /fixmbr command from the recovery console command prompt. I did this and rebooted my machine. Well no more virus pop-ups... Also no more internet conection, no sound, No device manager, almost nothing works in controll panel Most of my programs either fail to start or give me the following msg, "The specified service does not exist as an installed service". Explorerer will allow me to veiw and work with my files but will hang sometimes for a min in between every mouse click, and it takes almost 6 min to boot the machine. Windows boots but that is about all. I have tried all the usuall chanels for support. My vendor gateway has very little help for a model this old. Thinking that this was virus related I originally sought help at the viruses and malware forum of Computer help Forums, where a very nice guy named superdave was helping me. And I am affraid I stumped Dave. He had me run both the fixmbr and the fixboot commands again. We ran the windows startup repair utility as well as several cleanup and malware removal tools (from safemode which is the only place they will run) The logs of which are available if needed. Finally He sugested I format and reload windows. Which I'd be only to happy to do, I had intended to all along but I can't because of this issue. Thats annother story suffice to say that is issue 2 which I may also need help with... I am sorry for the length of this post if anyone could help me I would sincerely appreciate it! I will post DDS logs here; (please note all my scans are from safe mode. They will not work any other way. Also I have no access to the internet on the problem machine so all files are transfered using a flash drive.) . DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL Internet Explorer: 9.0.8112.16421 Run by Owner at 23:04:58 on 2012-10-07 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1607 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\helppane.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.myfairpoint.net/fairpoint/portal/index.aspx/ mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: netflix.com DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B512CDF3-308A-4F41-82BD-75D11C1878E6} : DhcpNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll . ============= SERVICES / DRIVERS =============== . S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-11-12 60480] . =============== Created Last 30 ================ . 2012-10-01 19:44:32 -------- d-----w- C:\GRC 2012-09-30 04:24:48 -------- d-----w- c:\program files\CCleaner 2012-09-30 03:16:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-30 03:16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-14 00:59:43 -------- d-----w- c:\users\owner\appdata\roaming\McAfee 2012-09-09 17:45:10 -------- d-----w- c:\users\owner\appdata\roaming\progeSOFT 2012-09-09 17:44:40 -------- d-----w- c:\programdata\progeSOFT 2012-09-09 17:43:34 69632 ----a-w- c:\windows\system32\temp.002 2012-09-09 17:43:33 77878 ----a-w- c:\windows\system32\temp.001 2012-09-09 17:43:33 266293 ----a-w- c:\windows\system32\temp.000 2012-09-09 17:43:29 2134016 ----a-w- c:\windows\system32\cdintf251.dll 2012-09-09 17:43:01 89360 ----a-w- c:\windows\system32\vb5db.dll 2012-09-09 17:42:58 339968 ----a-w- c:\windows\system32\Slide.ocx 2012-09-09 17:42:58 274432 ----a-w- c:\windows\system32\DwgThumbnail.ocx 2012-09-09 17:42:45 503808 ----a-w- c:\windows\system32\msvcp71.dll 2012-09-09 17:42:45 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-09-09 17:42:44 61440 ----a-w- c:\windows\system32\wintab32.dll 2012-09-09 17:42:44 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-09-09 17:42:42 368912 ----a-w- c:\windows\system32\vbar332.dll 2012-09-09 17:42:42 140288 ----a-w- c:\windows\system32\COMDLG32.OCX 2012-09-09 17:42:42 -------- d-----w- c:\program files\progeSOFT . ==================== Find3M ==================== . 2012-10-08 01:04:37 17408 ----a-w- c:\windows\system32\rpcnetp.exe 2012-10-08 01:04:35 58288 ----a-w- c:\windows\system32\rpcnet.dll 2012-10-08 00:19:57 17408 ----a-w- c:\windows\system32\rpcnetp.dll 2012-09-14 00:25:23 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-14 00:25:23 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe . ============= FINISH: 23:07:03.40 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 10/5/2011 11:26:11 AM System Uptime: 10/7/2012 11:03:32 PM (0 hours ago) . Motherboard: Gateway | | Processor: AMD Turion™ 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 1995/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 222 GiB total, 162.616 GiB free. D: is FIXED (NTFS) - 11 GiB total, 5.213 GiB free. E: is CDROM () G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader 8.1.2 Amazon MP3 Downloader 1.0.15 ATI Catalyst Install Manager Camera Assistant Software for Gateway Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Civilization III Complete Edition Forge of Freedom Garmin Training Center Garmin USB Drivers Guns of August Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Malwarebytes Anti-Malware version 1.65.0.1400 McAfee Internet Security McAfee Virtual Technician Medieval II Total War Medieval II Total War : Kingdoms : Americas Medieval II Total War : Kingdoms : Britannia Medieval II Total War : Kingdoms : Crusades Medieval II Total War : Kingdoms : Teutonic Microsoft .NET Framework 1.1 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual J# .NET Redistributable Package 1.1 OBDwiz Power2Go 5.0 progeCAD 2009 Smart! ENG Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista Realtek USB 2.0 Card Reader REALTEK USB Wireless LAN Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Shared C Run-time for x86 Sid Meier's Civilization 4 Complete Sid Meier's Civilization IV Colonization Skins Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) . ==== Event Viewer Messages From Past Week ======== . 9/30/2012 6:23:54 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 10/7/2012 9:37:01 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 10/7/2012 9:06:01 PM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting. 10/7/2012 9:05:33 PM, Error: Service Control Manager [7024] - The ReadyBoost service terminated with service-specific error 0 (0x0). 10/7/2012 9:05:33 PM, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified. 10/7/2012 9:05:33 PM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified. 10/7/2012 9:05:33 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: Operation aborted 10/7/2012 9:05:33 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed. 10/7/2012 9:05:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 10/7/2012 9:05:33 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/7/2012 9:01:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 10/7/2012 9:01:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 10/7/2012 11:06:11 PM, Error: Microsoft-Windows-TBS [16392] - An error occurred while starting the TBS. The error code was 0x8007000d. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Tablet PC Input Service service depends the following service: PlugPlay. This service might not be installed. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/7/2012 11:05:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/7/2012 11:04:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF} 10/7/2012 11:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/7/2012 11:04:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/7/2012 10:24:42 PM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed. 10/1/2012 6:17:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6 10/1/2012 3:44:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.