ZeroAccess Infection?

canimera · July 15, 2012

Hi! I believe I am/was infected with ZeroAccess. Tried to remove it with toold from D7, but I might have also deleted components I shouldn't have or I am still infected. I have no access to internet on the infected computer, "the audio service is not running" and in normal boot up I am unable to run any programs. In safe mode with networking I am able to run and install software. My USB ports don't work but I can move data in/out through CDs.

I installed and ran DDS but no logs were generated on my desktop. Malwarebytes found one bug, deleted and re-ran and scan came out clean.

Thank you very much in advance!!

Maniac · July 16, 2012

Hello canimera and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select English as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

canimera · July 16, 2012

Hi Maniac!

Thank you for your help!! The log is as follows:

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 16-07-2012 01

Ran by SYSTEM at 16-07-2012 17:22:54

Running from E:\

Windows Vista Home Premium Service Pack 1 (X86) OS Language: English(US)

The current controlset is ControlSet003

========================== Registry (Whitelisted) =============

HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [202256 2010-03-22] (RealNetworks, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)

HKLM\...\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui [153672 2010-06-14] (Logitech Inc.)

HKLM\...\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2008-01-01] (IDT, Inc.)

HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [184320 2007-12-21] (CyberLink Corp.)

HKLM\...\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)

HKLM\...\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [291760 2006-12-11] ()

HKLM\...\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" [82864 2006-12-11] (Lexmark International Inc.)

HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-02-14] ()

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated)

HKLM\...\Run: [C:\Windows\System32\OEM02Cvw.dll] C:\Windows\system32\RegSvr32.exe /s C:\Windows\System32\OEM02Cvw.dll [393216 2007-12-02] (Creative Technology Ltd.)

HKU\David\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()

HKU\David\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)

HKU\David\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)

HKU\David\...\Run: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-02-14] (Google Inc.)

HKU\David\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

HKU\David\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [136136 2007-09-06] (DT Soft Ltd.)

HKU\David\...\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation)

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1082440 2012-04-04] (Malwarebytes Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

IMEO\unsecapp.exe: [Debugger] IFEO_Dummy.exe

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk

ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickSet.lnk

ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

Startup: C:\Users\David\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\David\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk

ShortcutTarget: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk

ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

Startup: C:\Users\Test\Start Menu\Programs\Startup\Dell Dock.lnk

ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

================================ Services (Whitelisted) ==================

2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)

2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)

3 GoToAssist; "C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe" Start=service [16680 2008-10-07] (Citrix Online, a division of Citrix Systems, Inc.)

2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [105832 2012-07-13] (SurfRight B.V.)

2 lxcr_device; C:\Windows\system32\lxcrcoms.exe -service [537520 2006-12-11] ( )

2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [120128 2011-01-12] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [159320 2011-07-24] (McAfee, Inc.)

2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe" [209760 2011-01-12] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [159608 2012-07-14] (McAfee, Inc.)

2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)

2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [158856 2012-05-03] (Skype Technologies)

3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-05] (Microsoft Corporation)

2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation)

2 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)

2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]

4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]

2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [x]

4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]

4 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]

2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-07-03] (Broadcom Corporation)

3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [116104 2011-07-24] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [171296 2011-07-24] (McAfee, Inc.)

3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [58456 2011-07-24] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [475704 2012-07-14] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-07-14] (McAfee, Inc.)

1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [162928 2011-07-24] (McAfee, Inc.)

3 MFE_RR; \??\C:\Users\David\AppData\Local\Temp\mfe_rr.sys [16960 2012-07-14] (McAfee, Inc.)

4 RsFx0102; C:\Windows\System32\DRIVERS\RsFx0102.sys [242712 2008-07-09] (Microsoft Corporation)

3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)

3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)

3 WmHidLo; C:\Windows\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)

3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)

3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-15 10:20 - 2012-07-15 10:20 - 00000909 ____A C:\Users\David\Desktop\DDS.txt

2012-07-15 08:18 - 2012-07-15 18:06 - 00000760 ____A C:\Windows\PFRO.log

2012-07-15 08:11 - 2012-07-15 08:07 - 00607260 ____R (Swearware) C:\Users\David\Desktop\dds.com

2012-07-15 08:01 - 2012-07-15 08:01 - 00118560 ____A C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-15 07:57 - 2012-07-15 18:18 - 00016604 ____A C:\Windows\WindowsUpdate.log

2012-07-15 07:51 - 2012-07-15 07:54 - 00429480 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-14 14:28 - 2012-07-14 21:49 - 00000680 ____A C:\Users\David\AppData\Local\d3d9caps.dat

2012-07-14 14:07 - 2012-07-14 14:08 - 00000197 ____A C:\Users\David\Desktop\RootkitRemover20120714170755.txt

2012-07-14 14:06 - 2012-07-14 14:06 - 00000197 ____A C:\Users\David\Desktop\RootkitRemover20120714170611.txt

2012-07-14 14:04 - 2012-07-14 14:04 - 00000197 ____A C:\Users\David\Desktop\RootkitRemover20120714170422.txt

2012-07-14 14:04 - 2012-07-14 14:04 - 00000039 ___RH C:\Users\David\Desktop\stinger.opt

2012-07-14 14:03 - 2012-07-14 14:01 - 00475712 ____A (McAfee, Inc.) C:\Users\David\Desktop\rootkitremover.exe

2012-07-14 13:52 - 2012-07-14 14:04 - 00000000 ____D C:\Program Files\stinger

2012-07-14 13:52 - 2012-07-13 15:08 - 00000048 ____A C:\Windows\System32\Drivers\etc\hosts.20120714-165250.backup

2012-07-14 13:51 - 2012-07-14 13:48 - 09626728 ____A (McAfee Inc.) C:\Users\David\Desktop\stinger.exe

2012-07-14 13:40 - 2012-07-14 13:53 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy

2012-07-14 13:40 - 2012-07-14 13:40 - 00001017 ____A C:\Users\David\Desktop\Spybot - Search & Destroy.lnk

2012-07-14 13:40 - 2012-07-14 13:40 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy

2012-07-14 13:38 - 2012-07-14 14:09 - 00000000 ____D C:\Users\David\AppData\Roaming\Ad-Aware Antivirus

2012-07-14 13:37 - 2012-07-14 13:30 - 16409960 ____A (Safer Networking Limited ) C:\Users\David\Desktop\spybotsd162.exe

2012-07-14 13:37 - 2012-07-14 13:30 - 06922872 ____A C:\Users\David\Desktop\spybotsd_includes.exe

2012-07-14 13:37 - 2012-07-14 13:30 - 06236280 ____A (Lavasoft Limited) C:\Users\David\Desktop\Adaware_Installer.exe

2012-07-14 13:37 - 2012-07-14 13:30 - 01752632 ____A (Safer-Networking Ltd. ) C:\Users\David\Desktop\regalyz-1.6.2.16.exe

2012-07-14 13:37 - 2012-07-14 13:30 - 00302592 ____A C:\Users\David\Desktop\u2df7di2.exe

2012-07-13 18:02 - 2012-07-13 18:02 - 00000029 ____A C:\Users\David\Desktop\DependOnService.txt

2012-07-13 14:46 - 2012-07-13 14:46 - 00000766 ____N C:\Users\Public\Desktop\CCleaner.lnk

2012-07-13 14:41 - 2012-07-13 14:41 - 00000000 ____D C:\Windows\SoftwareDistribution.old

2012-07-13 13:28 - 2012-07-13 13:28 - 00001694 ____N C:\Users\Public\Desktop\HitmanPro.lnk

2012-07-13 13:28 - 2012-07-13 13:28 - 00000000 ____D C:\Program Files\HitmanPro

2012-07-13 13:26 - 2012-07-13 13:26 - 00000000 ____D C:\Users\All Users\HitmanPro

2012-07-13 12:35 - 2012-07-13 12:32 - 07718272 ____A (SurfRight B.V.) C:\Users\David\Desktop\HitmanPro36.exe

2012-07-13 11:18 - 2012-07-13 11:19 - 00000000 ____D C:\Users\Test\AppData\Roaming\Mozilla

2012-07-13 11:18 - 2012-07-13 11:18 - 00000000 ____D C:\Users\Test\AppData\Local\Mozilla

2012-07-13 10:24 - 2012-07-13 10:24 - 00000908 ____N C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-13 10:24 - 2012-07-13 10:24 - 00000000 ____D C:\Users\Test\AppData\Roaming\Malwarebytes

2012-07-13 10:23 - 2012-07-09 18:20 - 10063000 ____N (Malwarebytes Corporation ) C:\Users\Test\Desktop\mbam-setup-1.61.0.1400.exe

2012-07-13 10:22 - 2012-07-09 04:13 - 02135640 ____N (Kaspersky Lab ZAO) C:\Users\Test\Desktop\tdsskiller.exe

2012-07-13 08:50 - 2012-07-13 08:50 - 00000000 ____D C:\Users\Test\Desktop\KillZA

2012-07-13 08:46 - 2012-07-13 13:37 - 00000000 ____D C:\Users\Test\Desktop\D7

2012-07-13 08:46 - 2012-07-13 08:46 - 00000000 ____D C:\Users\Test\AppData\Roaming\WinRAR

2012-07-13 08:40 - 2012-07-09 04:13 - 00090097 ____N C:\Users\Test\Desktop\KillZA.zip

2012-07-13 08:39 - 2012-07-13 08:39 - 00000000 ____D C:\Users\Test\AppData\Roaming\Subversion

2012-07-13 08:39 - 2012-07-09 04:13 - 05969266 ____N C:\Users\Test\Desktop\D7.zip

2012-07-13 08:35 - 2012-07-13 08:35 - 00000000 ____D C:\Users\Test\AppData\Local\Stardock_Corporation

2012-07-13 08:33 - 2012-07-13 08:33 - 00000000 ____D C:\Users\Test\AppData\Roaming\Dell

2012-07-13 08:32 - 2012-07-13 08:32 - 00118560 _____ C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-13 08:31 - 2012-07-13 08:31 - 00000000 ____D C:\Users\Test\AppData\Roaming\Real

2012-07-13 08:31 - 2012-07-13 08:31 - 00000000 ____D C:\Users\Test\AppData\Local\MediaDirect

2012-07-13 08:30 - 2012-07-13 08:31 - 00000000 ____D C:\Users\Test\AppData\Local\VirtualStore

2012-07-13 08:26 - 2012-07-13 16:59 - 00000000 ____D C:\users\Test

2012-07-13 08:26 - 2012-07-13 11:25 - 00000000 ____D C:\Users\Test\AppData\Local\TSVNCache

2012-07-13 08:26 - 2012-07-13 08:26 - 00000020 ____N C:\Users\Test\ntuser.ini

2012-07-13 08:26 - 2011-06-15 18:14 - 00000000 ____D C:\Users\Test\Documents\Visual Studio 2008

2012-07-13 08:26 - 2008-10-13 21:45 - 00000000 ____D C:\Users\Test\AppData\Local\Microsoft Help

2012-07-12 16:22 - 2012-07-13 10:24 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-07-12 16:22 - 2012-04-04 12:56 - 00022344 ____N (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-12 16:16 - 2012-07-13 14:46 - 00000000 ____D C:\Program Files\CCleaner

2012-07-12 16:16 - 2012-07-09 18:20 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\David\Desktop\mbam-setup-1.61.0.1400.exe

2012-07-12 16:15 - 2012-07-09 18:20 - 03889704 ____A (Piriform Ltd) C:\Users\David\Desktop\ccsetup320.exe

2012-07-12 16:12 - 2012-07-13 16:04 - 00000192 ____N C:\Windows\System32\zerobyte_files_deleted.txt

2012-07-12 16:12 - 2012-07-13 16:04 - 00000190 ____N C:\Windows\zerobyte_files_deleted.txt

2012-07-09 18:58 - 2012-07-15 08:08 - 00000000 ____D C:\Users\David\Desktop\D7

2012-07-09 04:25 - 2012-07-09 04:25 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-07-09 04:20 - 2012-07-09 04:13 - 05969266 ____A C:\Users\David\Desktop\D7.zip

2012-07-09 04:20 - 2012-07-09 04:13 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\David\Desktop\tdsskiller.exe

2012-07-09 04:19 - 2012-07-02 09:55 - 139176128 ____A C:\Users\David\Desktop\setup_11.0.0.1245.x01_2012_07_01_02_46.exe

2012-07-08 10:28 - 2012-07-08 10:52 - 00000000 ____D C:\Support

2012-07-08 10:27 - 2012-06-24 13:54 - 00289720 ____A (Foolish IT) C:\Users\David\Desktop\KillZA.exe

2012-07-03 09:46 - 2012-07-13 10:14 - 00000000 ____D C:\Users\All Users\Kaspersky Lab

2012-06-30 16:21 - 2012-06-30 16:21 - 00029126 ____N C:\Windows\System32\backup.reg

============ 3 Months Modified Files ========================

2012-07-16 09:52 - 2006-11-02 02:33 - 00851534 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-16 09:47 - 2012-07-15 07:57 - 00016604 ____A C:\Windows\WindowsUpdate.log

2012-07-16 09:47 - 2006-11-02 05:01 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-16 09:47 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-16 09:47 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-16 09:47 - 2006-11-02 04:47 - 00003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-16 09:39 - 2012-02-09 15:36 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job

2012-07-16 09:16 - 2012-06-14 08:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-16 09:09 - 2010-02-01 17:09 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-15 18:06 - 2012-07-15 08:18 - 00000760 ____A C:\Windows\PFRO.log

2012-07-15 10:20 - 2012-07-15 10:20 - 00000909 ____A C:\Users\David\Desktop\DDS.txt

2012-07-15 08:07 - 2012-07-15 08:11 - 00607260 ____R (Swearware) C:\Users\David\Desktop\dds.com

2012-07-15 08:01 - 2012-07-15 08:01 - 00118560 ____A C:\Users\David\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-15 07:54 - 2012-07-15 07:51 - 00429480 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-14 21:49 - 2012-07-14 14:28 - 00000680 ____A C:\Users\David\AppData\Local\d3d9caps.dat

2012-07-14 14:08 - 2012-07-14 14:07 - 00000197 ____A C:\Users\David\Desktop\RootkitRemover20120714170755.txt

2012-07-14 14:06 - 2012-07-14 14:06 - 00000197 ____A C:\Users\David\Desktop\RootkitRemover20120714170611.txt

2012-07-14 14:04 - 2012-07-14 14:04 - 00000197 ____A C:\Users\David\Desktop\RootkitRemover20120714170422.txt

2012-07-14 14:04 - 2012-07-14 14:04 - 00000039 ___RH C:\Users\David\Desktop\stinger.opt

2012-07-14 14:01 - 2012-07-14 14:03 - 00475712 ____A (McAfee, Inc.) C:\Users\David\Desktop\rootkitremover.exe

2012-07-14 13:52 - 2011-07-24 07:29 - 00475704 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys

2012-07-14 13:52 - 2011-07-24 07:29 - 00087656 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdet.sys

2012-07-14 13:52 - 2011-07-24 07:28 - 00159608 ____A (McAfee, Inc.) C:\Windows\System32\mfevtps.exe

2012-07-14 13:48 - 2012-07-14 13:51 - 09626728 ____A (McAfee Inc.) C:\Users\David\Desktop\stinger.exe

2012-07-14 13:40 - 2012-07-14 13:40 - 00001017 ____A C:\Users\David\Desktop\Spybot - Search & Destroy.lnk

2012-07-14 13:30 - 2012-07-14 13:37 - 16409960 ____A (Safer Networking Limited ) C:\Users\David\Desktop\spybotsd162.exe

2012-07-14 13:30 - 2012-07-14 13:37 - 06922872 ____A C:\Users\David\Desktop\spybotsd_includes.exe

2012-07-14 13:30 - 2012-07-14 13:37 - 06236280 ____A (Lavasoft Limited) C:\Users\David\Desktop\Adaware_Installer.exe

2012-07-14 13:30 - 2012-07-14 13:37 - 01752632 ____A (Safer-Networking Ltd. ) C:\Users\David\Desktop\regalyz-1.6.2.16.exe

2012-07-14 13:30 - 2012-07-14 13:37 - 00302592 ____A C:\Users\David\Desktop\u2df7di2.exe

2012-07-14 12:50 - 2011-02-14 14:59 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2022300406-301401420-3790491841-1000UA.job

2012-07-14 12:50 - 2010-02-01 17:09 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-14 11:44 - 2012-02-09 15:36 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

2012-07-13 18:02 - 2012-07-13 18:02 - 00000029 ____A C:\Users\David\Desktop\DependOnService.txt

2012-07-13 16:04 - 2012-07-12 16:12 - 00000192 ____N C:\Windows\System32\zerobyte_files_deleted.txt

2012-07-13 16:04 - 2012-07-12 16:12 - 00000190 ____N C:\Windows\zerobyte_files_deleted.txt

2012-07-13 15:58 - 2009-03-03 19:52 - 00000709 ____N C:\Windows\ODBCINST.INI

2012-07-13 15:08 - 2012-07-14 13:52 - 00000048 ____A C:\Windows\System32\Drivers\etc\hosts.20120714-165250.backup

2012-07-13 14:46 - 2012-07-13 14:46 - 00000766 ____N C:\Users\Public\Desktop\CCleaner.lnk

2012-07-13 13:28 - 2012-07-13 13:28 - 00001694 ____N C:\Users\Public\Desktop\HitmanPro.lnk

2012-07-13 12:32 - 2012-07-13 12:35 - 07718272 ____A (SurfRight B.V.) C:\Users\David\Desktop\HitmanPro36.exe

2012-07-13 10:24 - 2012-07-13 10:24 - 00000908 ____N C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-13 08:32 - 2012-07-13 08:32 - 00118560 _____ C:\Users\Test\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-13 08:26 - 2012-07-13 08:26 - 00000020 ____N C:\Users\Test\ntuser.ini

2012-07-09 18:20 - 2012-07-13 10:23 - 10063000 ____N (Malwarebytes Corporation ) C:\Users\Test\Desktop\mbam-setup-1.61.0.1400.exe

2012-07-09 18:20 - 2012-07-12 16:16 - 10063000 ____A (Malwarebytes Corporation ) C:\Users\David\Desktop\mbam-setup-1.61.0.1400.exe

2012-07-09 18:20 - 2012-07-12 16:15 - 03889704 ____A (Piriform Ltd) C:\Users\David\Desktop\ccsetup320.exe

2012-07-09 04:13 - 2012-07-13 10:22 - 02135640 ____N (Kaspersky Lab ZAO) C:\Users\Test\Desktop\tdsskiller.exe

2012-07-09 04:13 - 2012-07-13 08:40 - 00090097 ____N C:\Users\Test\Desktop\KillZA.zip

2012-07-09 04:13 - 2012-07-13 08:39 - 05969266 ____N C:\Users\Test\Desktop\D7.zip

2012-07-09 04:13 - 2012-07-09 04:20 - 05969266 ____A C:\Users\David\Desktop\D7.zip

2012-07-09 04:13 - 2012-07-09 04:20 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\David\Desktop\tdsskiller.exe

2012-07-02 09:55 - 2012-07-09 04:19 - 139176128 ____A C:\Users\David\Desktop\setup_11.0.0.1245.x01_2012_07_01_02_46.exe

2012-06-30 16:50 - 2011-02-14 14:59 - 00000856 ____N C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2022300406-301401420-3790491841-1000Core.job

2012-06-30 16:21 - 2012-06-30 16:21 - 00029126 ____N C:\Windows\System32\backup.reg

2012-06-26 10:21 - 2012-06-02 14:27 - 00426184 ____N (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-06-26 10:21 - 2011-12-15 19:19 - 00070344 ____N (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-06-24 13:54 - 2012-07-08 10:27 - 00289720 ____A (Foolish IT) C:\Users\David\Desktop\KillZA.exe

2012-06-14 09:56 - 2010-06-18 08:17 - 00115200 ____A C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-06-11 16:53 - 2012-01-17 19:56 - 00002044 ____A C:\Users\David\Desktop\Google Chrome.lnk

2012-05-15 17:46 - 2012-05-15 15:13 - 168345600 ____A C:\Users\David\Downloads\LCA_Case_Data_FY2011.mdb

2012-05-15 15:12 - 2012-05-15 15:10 - 88464908 ____A C:\Users\David\Downloads\H1B_efile_FY07.zip

2012-05-15 15:11 - 2012-05-15 15:10 - 07981769 ____A C:\Users\David\Downloads\OWL_2011_TEXT.zip

2012-05-03 14:40 - 2012-05-03 14:40 - 01635905 ____A C:\Users\David\Downloads\Homework 4.rar

2012-05-03 14:40 - 2012-05-03 14:40 - 01615924 ____A C:\Users\David\Downloads\Homework 6.rar

2012-04-26 17:08 - 2006-11-02 02:24 - 55656824 ____N (Microsoft Corporation) C:\Windows\System32\mrt.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%

Total physical RAM: 3061.31 MB

Available physical RAM: 2732.1 MB

Total Pagefile: 2959.99 MB

Available Pagefile: 2828.47 MB

Total Virtual: 2047.88 MB

Available Virtual: 1974.31 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:220.29 GB) (Free:43.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive e: (STORE N GO) (Removable) (Total:3.73 GB) (Free:1.66 GB) FAT32

4 Drive x: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.02 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 233 GB 0 B

Disk 1 Online 3822 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 OEM 94 MB 32 KB

Partition 2 Primary 10 GB 95 MB

Partition 3 Primary 220 GB 10 GB

Partition 0 Extended 2560 MB 230 GB

Partition 4 Logical 2559 MB 230 GB

==================================================================================

Disk: 0

Partition 1

Type : DE

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 FAT Partition 94 MB Healthy Hidden

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 X RECOVERY NTFS Partition 10 GB Healthy Boot

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C OS NTFS Partition 220 GB Healthy

==================================================================================

Disk: 0

Partition 4

Type : DD

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3818 MB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E STORE N GO FAT32 Removable 3818 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-16 10:08

======================= End Of Log ==========================

Maniac · July 17, 2012

Everything seems to be fine, I mean there is no trace from ZA. Let's check what's going on with your internet access.

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
[*]Press "Scan".
[*]It will create a log (FSS.txt) in the same directory the tool is run.
[*]Please copy and paste the log to your reply.

canimera · July 17, 2012

Hi Maniac!

Thanks again for your help!!! Please find the log FSS.txt below:

Farbar Service Scanner Version: 08-07-2012

Ran by David (administrator) on 17-07-2012 at 07:00:52

Running from "C:\Users\David\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Network

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

LAN connected.

Attempt to access Google IP returned error: Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

PlugPlay Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Maniac · July 17, 2012

I would not give you false hope and take up your time, I would like to warn you that the situation is really complicated and cases similar to yours have failed because the lesions are very serious and difficult to be recovered. If you wish we could go like this:

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Please download the following files on your Desktop:

http://download.bleepingcomputer.com/win-services/vista/Dnscache.reg

http://download.bleepingcomputer.com/win-services/vista/Dhcp.reg

http://download.bleepingcomputer.com/win-services/vista/nsi.reg

http://download.bleepingcomputer.com/win-services/vista/MpsSvc.reg

http://download.bleepingcomputer.com/win-services/vista/BFE.reg

http://download.bleepingcomputer.com/win-services/vista/wscsvc.reg

http://download.bleepingcomputer.com/win-services/vista/PlugPlay.reg

Step 3

Now, one by one, right-click on them and click "Merge". Allow registry merge.

When you finish, reboot your system and then generate a new fresh Farbar Service Scanner log.

canimera · July 17, 2012

No worries, I really appreciate your help!! I know I am in a bad situation, just I guess I don't know how bad it is I followed your steps and on step 2 I cannot use my right click as windows explorer crashes without even showing any options. I did left click and then OK on the install pop up for each file. After this, I ran again Farbar Service and got the log below (BTW I seem to have audio again, but still no internet, and no right click option for files):

Farbar Service Scanner Version: 08-07-2012

Ran by David (administrator) on 17-07-2012 at 14:18:24

Running from "C:\Users\David\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Network

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

The start type of Dnscache service is OK.

The ImagePath of Dnscache service is OK.

The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:

The start type of Nsi service is OK.

The ImagePath of Nsi service is OK.

The ServiceDll of Nsi service is OK.

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

LAN connected.

Attempt to access Google IP returned error: Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

PlugPlay Service is not running. Checking service configuration:

The start type of PlugPlay service is OK.

The ImagePath of PlugPlay service is OK.

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Maniac · July 17, 2012

We have some progress. That's very good!

Please, open Start Menu and type cmd then press Enter button. In the Command Prompt type:

net start Dhcp

Press the Enter button.

Repeat these steps for the following commands too:

net start Dnscache

net start Nsi

net start mpsdrv

net start MpsSvc

net start bfe

net start SDRSVC

net start VSS

net start wscsvc

net start wuauserv

net start BITS

net start EventSystem

net start PlugPlay

Finally, reboot your system and post a new fresh Farbar Service Scanner log.

canimera · July 17, 2012

Thanks again Maniac!! I first tried the commands in Normal mode and as soon as I started with Dhcp I received an "Error 5 has occurred" message. Re-booted in Safe mode with Networking (my audio was gone again) and introduced the commands in a command prompt: I got the following messages for the commands you mentioned:

Dhcp, Dnscache, NSI, mpsdrv, PlugPlay ==> "... has already been started..."

MpsSvc, SDRSVC, VSS, wscsvc, wuauserv, BITS, EventSystem ==> "System error 1068"

bfe ==> "Could not be started, System error 5 has occurred"

The FSS log is:

Farbar Service Scanner Version: 08-07-2012

Ran by David (administrator) on 17-07-2012 at 16:27:10

Running from "C:\Users\David\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Network

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Attempt to access Google.com returned error: Other errors

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Maniac · July 18, 2012

Some progress here too!

Let's try to start them manually. Please follow the instructions here enable services:

http://www.vistax64.com/tutorials/59910-services.html

Next, enable the following service: Windows Update AutoUpdate Service, Background Intelligent Transfer Service and Event System

Reboot and post a new fresh Farbar Service Scanner log.

canimera · July 18, 2012

Great!! Thanks for your help Maniac! I followed the instructions from the link and again had problems with error 1068 not allowing me to start some services (MpsSvc, SDRSVC, BITS, EventSystem). I got error 1084 for few others, which didn't let me start them in safe mode with networking (VSS, wscsvc, wuauserv). Finally, again system error 5 for (bfe).

One thing that I noticed was a -k in the path to the services it didn't allow me to start i.e. C:\...\svchost.exe -k SDRSVC

I don't know if this means anything but thought about pointing it out

The new FSS log is found below, thanks again!!:

Farbar Service Scanner Version: 08-07-2012

Ran by David (administrator) on 18-07-2012 at 07:08:27

Running from "C:\Users\David\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Network

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Attempt to access Google.com returned error: Other errors

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is set to Demand. The default start type is Auto.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is set to Auto. The default start type is 3.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Maniac · July 18, 2012

Hm... okay, please perform this scan:

http://support.microsoft.com/kb/929833

And then post the log file from it.

canimera · July 19, 2012

Again, thanks so much for your help

As for the log, I got the following:

2012-07-18 18:27:22, Info CSI 00000006 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:27:22, Info CSI 00000007 [sR] Beginning Verify and Repair transaction

2012-07-18 18:27:29, Info CSI 00000009 [sR] Verify complete

2012-07-18 18:27:31, Info CSI 0000000a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:27:31, Info CSI 0000000b [sR] Beginning Verify and Repair transaction

2012-07-18 18:27:37, Info CSI 0000000d [sR] Verify complete

2012-07-18 18:27:39, Info CSI 0000000e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:27:39, Info CSI 0000000f [sR] Beginning Verify and Repair transaction

2012-07-18 18:27:41, Info CSI 00000011 [sR] Verify complete

2012-07-18 18:27:43, Info CSI 00000012 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:27:43, Info CSI 00000013 [sR] Beginning Verify and Repair transaction

2012-07-18 18:27:45, Info CSI 00000015 [sR] Verify complete

2012-07-18 18:27:46, Info CSI 00000016 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:27:46, Info CSI 00000017 [sR] Beginning Verify and Repair transaction

2012-07-18 18:27:48, Info CSI 00000019 [sR] Verify complete

2012-07-18 18:27:50, Info CSI 0000001a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:27:50, Info CSI 0000001b [sR] Beginning Verify and Repair transaction

2012-07-18 18:27:52, Info CSI 0000001d [sR] Verify complete

2012-07-18 18:27:53, Info CSI 0000001e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:27:53, Info CSI 0000001f [sR] Beginning Verify and Repair transaction

2012-07-18 18:27:55, Info CSI 00000021 [sR] Verify complete

2012-07-18 18:27:57, Info CSI 00000022 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:27:57, Info CSI 00000023 [sR] Beginning Verify and Repair transaction

2012-07-18 18:27:58, Info CSI 00000025 [sR] Verify complete

2012-07-18 18:28:00, Info CSI 00000026 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:00, Info CSI 00000027 [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:01, Info CSI 00000029 [sR] Verify complete

2012-07-18 18:28:03, Info CSI 0000002a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:03, Info CSI 0000002b [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:05, Info CSI 0000002d [sR] Verify complete

2012-07-18 18:28:06, Info CSI 0000002e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:06, Info CSI 0000002f [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:08, Info CSI 00000031 [sR] Verify complete

2012-07-18 18:28:09, Info CSI 00000032 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:09, Info CSI 00000033 [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:11, Info CSI 00000035 [sR] Verify complete

2012-07-18 18:28:13, Info CSI 00000036 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:13, Info CSI 00000037 [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:14, Info CSI 00000039 [sR] Verify complete

2012-07-18 18:28:16, Info CSI 0000003a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:16, Info CSI 0000003b [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:17, Info CSI 0000003d [sR] Verify complete

2012-07-18 18:28:19, Info CSI 0000003e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:19, Info CSI 0000003f [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:21, Info CSI 00000041 [sR] Verify complete

2012-07-18 18:28:22, Info CSI 00000042 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:22, Info CSI 00000043 [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:24, Info CSI 00000045 [sR] Verify complete

2012-07-18 18:28:25, Info CSI 00000046 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:25, Info CSI 00000047 [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:27, Info CSI 00000049 [sR] Verify complete

2012-07-18 18:28:28, Info CSI 0000004a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:28, Info CSI 0000004b [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:30, Info CSI 0000004d [sR] Verify complete

2012-07-18 18:28:31, Info CSI 0000004e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:31, Info CSI 0000004f [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:34, Info CSI 00000051 [sR] Verify complete

2012-07-18 18:28:35, Info CSI 00000052 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:35, Info CSI 00000053 [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:36, Info CSI 00000055 [sR] Verify complete

2012-07-18 18:28:38, Info CSI 00000056 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:38, Info CSI 00000057 [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:39, Info CSI 00000059 [sR] Verify complete

2012-07-18 18:28:41, Info CSI 0000005a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:41, Info CSI 0000005b [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:42, Info CSI 0000005d [sR] Verify complete

2012-07-18 18:28:43, Info CSI 0000005e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:43, Info CSI 0000005f [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:45, Info CSI 00000061 [sR] Verify complete

2012-07-18 18:28:46, Info CSI 00000062 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:46, Info CSI 00000063 [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:48, Info CSI 00000065 [sR] Verify complete

2012-07-18 18:28:49, Info CSI 00000066 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:49, Info CSI 00000067 [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:51, Info CSI 00000069 [sR] Verify complete

2012-07-18 18:28:52, Info CSI 0000006a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:52, Info CSI 0000006b [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:55, Info CSI 0000006d [sR] Verify complete

2012-07-18 18:28:56, Info CSI 0000006e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:56, Info CSI 0000006f [sR] Beginning Verify and Repair transaction

2012-07-18 18:28:58, Info CSI 00000071 [sR] Verify complete

2012-07-18 18:28:59, Info CSI 00000072 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:28:59, Info CSI 00000073 [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:02, Info CSI 00000075 [sR] Verify complete

2012-07-18 18:29:03, Info CSI 00000076 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:03, Info CSI 00000077 [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:05, Info CSI 00000079 [sR] Verify complete

2012-07-18 18:29:06, Info CSI 0000007a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:06, Info CSI 0000007b [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:08, Info CSI 0000007d [sR] Verify complete

2012-07-18 18:29:09, Info CSI 0000007e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:09, Info CSI 0000007f [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:11, Info CSI 00000081 [sR] Verify complete

2012-07-18 18:29:12, Info CSI 00000082 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:12, Info CSI 00000083 [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:14, Info CSI 00000085 [sR] Verify complete

2012-07-18 18:29:15, Info CSI 00000086 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:15, Info CSI 00000087 [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:19, Info CSI 00000089 [sR] Verify complete

2012-07-18 18:29:20, Info CSI 0000008a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:20, Info CSI 0000008b [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:21, Info CSI 0000008d [sR] Verify complete

2012-07-18 18:29:22, Info CSI 0000008e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:22, Info CSI 0000008f [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:24, Info CSI 00000091 [sR] Verify complete

2012-07-18 18:29:25, Info CSI 00000092 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:25, Info CSI 00000093 [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:27, Info CSI 00000095 [sR] Verify complete

2012-07-18 18:29:28, Info CSI 00000096 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:28, Info CSI 00000097 [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:32, Info CSI 00000099 [sR] Verify complete

2012-07-18 18:29:32, Info CSI 0000009a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:32, Info CSI 0000009b [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:39, Info CSI 0000009d [sR] Verify complete

2012-07-18 18:29:40, Info CSI 0000009e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:40, Info CSI 0000009f [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:46, Info CSI 000000a1 [sR] Verify complete

2012-07-18 18:29:46, Info CSI 000000a2 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:46, Info CSI 000000a3 [sR] Beginning Verify and Repair transaction

2012-07-18 18:29:54, Info CSI 000000a6 [sR] Verify complete

2012-07-18 18:29:55, Info CSI 000000a7 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:29:55, Info CSI 000000a8 [sR] Beginning Verify and Repair transaction

2012-07-18 18:30:01, Info CSI 000000aa [sR] Verify complete

2012-07-18 18:30:02, Info CSI 000000ab [sR] Verifying 100 (0x00000064) components

2012-07-18 18:30:02, Info CSI 000000ac [sR] Beginning Verify and Repair transaction

2012-07-18 18:30:08, Info CSI 000000af [sR] Verify complete

2012-07-18 18:30:09, Info CSI 000000b0 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:30:09, Info CSI 000000b1 [sR] Beginning Verify and Repair transaction

2012-07-18 18:30:17, Info CSI 000000b3 [sR] Verify complete

2012-07-18 18:30:17, Info CSI 000000b4 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:30:17, Info CSI 000000b5 [sR] Beginning Verify and Repair transaction

2012-07-18 18:30:28, Info CSI 000000bf [sR] Verify complete

2012-07-18 18:30:28, Info CSI 000000c0 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:30:28, Info CSI 000000c1 [sR] Beginning Verify and Repair transaction

2012-07-18 18:30:35, Info CSI 000000c3 [sR] Verify complete

2012-07-18 18:30:36, Info CSI 000000c4 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:30:36, Info CSI 000000c5 [sR] Beginning Verify and Repair transaction

2012-07-18 18:30:43, Info CSI 000000c7 [sR] Verify complete

2012-07-18 18:30:44, Info CSI 000000c8 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:30:44, Info CSI 000000c9 [sR] Beginning Verify and Repair transaction

2012-07-18 18:30:51, Info CSI 000000cb [sR] Verify complete

2012-07-18 18:30:51, Info CSI 000000cc [sR] Verifying 100 (0x00000064) components

2012-07-18 18:30:51, Info CSI 000000cd [sR] Beginning Verify and Repair transaction

2012-07-18 18:31:01, Info CSI 000000cf [sR] Verify complete

2012-07-18 18:31:02, Info CSI 000000d0 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:31:02, Info CSI 000000d1 [sR] Beginning Verify and Repair transaction

2012-07-18 18:31:13, Info CSI 000000d5 [sR] Verify complete

2012-07-18 18:31:14, Info CSI 000000d6 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:31:14, Info CSI 000000d7 [sR] Beginning Verify and Repair transaction

2012-07-18 18:31:27, Info CSI 000000d9 [sR] Verify complete

2012-07-18 18:31:28, Info CSI 000000da [sR] Verifying 100 (0x00000064) components

2012-07-18 18:31:28, Info CSI 000000db [sR] Beginning Verify and Repair transaction

2012-07-18 18:31:34, Info CSI 000000dc [sR] Cannot repair member file [l:22{11}]"desktop.ini" of Microsoft-Windows-fontext, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing

2012-07-18 18:31:46, Info CSI 000000dd [sR] Cannot repair member file [l:22{11}]"desktop.ini" of Microsoft-Windows-fontext, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing

2012-07-18 18:31:46, Info CSI 000000de [sR] This component was referenced by [l:160{80}]"Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-113_neutral_GDR"

2012-07-18 18:31:46, Info CSI 000000df [sR] Could not reproject corrupted file [ml:520{260},l:40{20}]"\??\C:\Windows\fonts"\[l:22{11}]"desktop.ini"; source file in store is also corrupted

2012-07-18 18:31:48, Info CSI 000000e1 [sR] Verify complete

2012-07-18 18:31:48, Info CSI 000000e2 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:31:48, Info CSI 000000e3 [sR] Beginning Verify and Repair transaction

2012-07-18 18:31:55, Info CSI 000000e5 [sR] Verify complete

2012-07-18 18:31:55, Info CSI 000000e6 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:31:55, Info CSI 000000e7 [sR] Beginning Verify and Repair transaction

2012-07-18 18:31:58, Info CSI 000000e9 [sR] Verify complete

2012-07-18 18:31:58, Info CSI 000000ea [sR] Verifying 100 (0x00000064) components

2012-07-18 18:31:58, Info CSI 000000eb [sR] Beginning Verify and Repair transaction

2012-07-18 18:32:01, Info CSI 000000ed [sR] Verify complete

2012-07-18 18:32:01, Info CSI 000000ee [sR] Verifying 100 (0x00000064) components

2012-07-18 18:32:01, Info CSI 000000ef [sR] Beginning Verify and Repair transaction

2012-07-18 18:32:10, Info CSI 000000fc [sR] Verify complete

2012-07-18 18:32:10, Info CSI 000000fd [sR] Verifying 100 (0x00000064) components

2012-07-18 18:32:10, Info CSI 000000fe [sR] Beginning Verify and Repair transaction

2012-07-18 18:32:17, Info CSI 00000111 [sR] Verify complete

2012-07-18 18:32:18, Info CSI 00000112 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:32:18, Info CSI 00000113 [sR] Beginning Verify and Repair transaction

2012-07-18 18:32:21, Info CSI 00000115 [sR] Verify complete

2012-07-18 18:32:21, Info CSI 00000116 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:32:21, Info CSI 00000117 [sR] Beginning Verify and Repair transaction

2012-07-18 18:32:26, Info CSI 00000119 [sR] Verify complete

2012-07-18 18:32:27, Info CSI 0000011a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:32:27, Info CSI 0000011b [sR] Beginning Verify and Repair transaction

2012-07-18 18:32:32, Info CSI 0000011d [sR] Verify complete

2012-07-18 18:32:34, Info CSI 0000011e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:32:34, Info CSI 0000011f [sR] Beginning Verify and Repair transaction

2012-07-18 18:32:45, Info CSI 00000122 [sR] Verify complete

2012-07-18 18:32:45, Info CSI 00000123 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:32:45, Info CSI 00000124 [sR] Beginning Verify and Repair transaction

2012-07-18 18:32:53, Info CSI 00000126 [sR] Verify complete

2012-07-18 18:32:53, Info CSI 00000127 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:32:53, Info CSI 00000128 [sR] Beginning Verify and Repair transaction

2012-07-18 18:32:58, Info CSI 0000012a [sR] Verify complete

2012-07-18 18:32:58, Info CSI 0000012b [sR] Verifying 100 (0x00000064) components

2012-07-18 18:32:58, Info CSI 0000012c [sR] Beginning Verify and Repair transaction

2012-07-18 18:33:08, Info CSI 0000012e [sR] Verify complete

2012-07-18 18:33:09, Info CSI 0000012f [sR] Verifying 100 (0x00000064) components

2012-07-18 18:33:09, Info CSI 00000130 [sR] Beginning Verify and Repair transaction

2012-07-18 18:33:16, Info CSI 00000132 [sR] Verify complete

2012-07-18 18:33:16, Info CSI 00000133 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:33:16, Info CSI 00000134 [sR] Beginning Verify and Repair transaction

2012-07-18 18:33:25, Info CSI 00000136 [sR] Verify complete

2012-07-18 18:33:26, Info CSI 00000137 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:33:26, Info CSI 00000138 [sR] Beginning Verify and Repair transaction

2012-07-18 18:33:37, Info CSI 0000015d [sR] Verify complete

2012-07-18 18:33:38, Info CSI 0000015e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:33:38, Info CSI 0000015f [sR] Beginning Verify and Repair transaction

2012-07-18 18:33:51, Info CSI 00000161 [sR] Verify complete

2012-07-18 18:33:51, Info CSI 00000162 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:33:51, Info CSI 00000163 [sR] Beginning Verify and Repair transaction

2012-07-18 18:34:11, Info CSI 00000165 [sR] Verify complete

2012-07-18 18:34:11, Info CSI 00000166 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:34:11, Info CSI 00000167 [sR] Beginning Verify and Repair transaction

2012-07-18 18:34:28, Info CSI 00000169 [sR] Verify complete

2012-07-18 18:34:29, Info CSI 0000016a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:34:29, Info CSI 0000016b [sR] Beginning Verify and Repair transaction

2012-07-18 18:34:40, Info CSI 0000016d [sR] Verify complete

2012-07-18 18:34:41, Info CSI 0000016e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:34:41, Info CSI 0000016f [sR] Beginning Verify and Repair transaction

2012-07-18 18:34:44, Info CSI 00000171 [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2012-07-18 18:34:48, Info CSI 00000173 [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2012-07-18 18:34:48, Info CSI 00000174 [sR] This component was referenced by [l:160{80}]"Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-187_neutral_GDR"

2012-07-18 18:34:48, Info CSI 00000177 [sR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted

2012-07-18 18:34:48, Info CSI 00000179 [sR] Verify complete

2012-07-18 18:34:49, Info CSI 0000017a [sR] Verifying 100 (0x00000064) components

2012-07-18 18:34:49, Info CSI 0000017b [sR] Beginning Verify and Repair transaction

2012-07-18 18:34:55, Info CSI 0000017d [sR] Verify complete

2012-07-18 18:34:56, Info CSI 0000017e [sR] Verifying 100 (0x00000064) components

2012-07-18 18:34:56, Info CSI 0000017f [sR] Beginning Verify and Repair transaction

2012-07-18 18:35:02, Info CSI 00000182 [sR] Verify complete

2012-07-18 18:35:03, Info CSI 00000183 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:35:03, Info CSI 00000184 [sR] Beginning Verify and Repair transaction

2012-07-18 18:35:17, Info CSI 00000186 [sR] Verify complete

2012-07-18 18:35:17, Info CSI 00000187 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:35:17, Info CSI 00000188 [sR] Beginning Verify and Repair transaction

2012-07-18 18:35:26, Info CSI 0000018a [sR] Verify complete

2012-07-18 18:35:27, Info CSI 0000018b [sR] Verifying 100 (0x00000064) components

2012-07-18 18:35:27, Info CSI 0000018c [sR] Beginning Verify and Repair transaction

2012-07-18 18:35:34, Info CSI 0000018e [sR] Verify complete

2012-07-18 18:35:35, Info CSI 0000018f [sR] Verifying 100 (0x00000064) components

2012-07-18 18:35:35, Info CSI 00000190 [sR] Beginning Verify and Repair transaction

2012-07-18 18:35:45, Info CSI 00000192 [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2012-07-18 18:35:45, Info CSI 00000194 [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2012-07-18 18:35:45, Info CSI 00000195 [sR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"

2012-07-18 18:35:48, Info CSI 00000197 [sR] Verify complete

2012-07-18 18:35:48, Info CSI 00000198 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:35:48, Info CSI 00000199 [sR] Beginning Verify and Repair transaction

2012-07-18 18:35:57, Info CSI 0000019b [sR] Verify complete

2012-07-18 18:35:57, Info CSI 0000019c [sR] Verifying 100 (0x00000064) components

2012-07-18 18:35:57, Info CSI 0000019d [sR] Beginning Verify and Repair transaction

2012-07-18 18:36:07, Info CSI 0000019f [sR] Verify complete

2012-07-18 18:36:07, Info CSI 000001a0 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:36:07, Info CSI 000001a1 [sR] Beginning Verify and Repair transaction

2012-07-18 18:36:18, Info CSI 000001a4 [sR] Verify complete

2012-07-18 18:36:18, Info CSI 000001a5 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:36:18, Info CSI 000001a6 [sR] Beginning Verify and Repair transaction

2012-07-18 18:36:27, Info CSI 000001a8 [sR] Verify complete

2012-07-18 18:36:28, Info CSI 000001a9 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:36:28, Info CSI 000001aa [sR] Beginning Verify and Repair transaction

2012-07-18 18:36:33, Info CSI 000001ac [sR] Verify complete

2012-07-18 18:36:34, Info CSI 000001ad [sR] Verifying 100 (0x00000064) components

2012-07-18 18:36:34, Info CSI 000001ae [sR] Beginning Verify and Repair transaction

2012-07-18 18:36:41, Info CSI 000001b0 [sR] Verify complete

2012-07-18 18:36:42, Info CSI 000001b1 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:36:42, Info CSI 000001b2 [sR] Beginning Verify and Repair transaction

2012-07-18 18:36:50, Info CSI 000001b7 [sR] Verify complete

2012-07-18 18:36:51, Info CSI 000001b8 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:36:51, Info CSI 000001b9 [sR] Beginning Verify and Repair transaction

2012-07-18 18:37:00, Info CSI 000001bb [sR] Verify complete

2012-07-18 18:37:01, Info CSI 000001bc [sR] Verifying 100 (0x00000064) components

2012-07-18 18:37:01, Info CSI 000001bd [sR] Beginning Verify and Repair transaction

2012-07-18 18:37:12, Info CSI 000001bf [sR] Verify complete

2012-07-18 18:37:13, Info CSI 000001c0 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:37:13, Info CSI 000001c1 [sR] Beginning Verify and Repair transaction

2012-07-18 18:37:21, Info CSI 000001c3 [sR] Verify complete

2012-07-18 18:37:22, Info CSI 000001c4 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:37:22, Info CSI 000001c5 [sR] Beginning Verify and Repair transaction

2012-07-18 18:37:25, Info CSI 000001c7 [sR] Verify complete

2012-07-18 18:37:26, Info CSI 000001c8 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:37:26, Info CSI 000001c9 [sR] Beginning Verify and Repair transaction

2012-07-18 18:37:36, Info CSI 000001cb [sR] Verify complete

2012-07-18 18:37:37, Info CSI 000001cc [sR] Verifying 100 (0x00000064) components

2012-07-18 18:37:37, Info CSI 000001cd [sR] Beginning Verify and Repair transaction

2012-07-18 18:37:47, Info CSI 000001cf [sR] Verify complete

2012-07-18 18:37:47, Info CSI 000001d0 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:37:47, Info CSI 000001d1 [sR] Beginning Verify and Repair transaction

2012-07-18 18:37:55, Info CSI 000001d3 [sR] Verify complete

2012-07-18 18:37:55, Info CSI 000001d4 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:37:55, Info CSI 000001d5 [sR] Beginning Verify and Repair transaction

2012-07-18 18:38:16, Info CSI 000001d7 [sR] Verify complete

2012-07-18 18:38:17, Info CSI 000001d8 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:38:17, Info CSI 000001d9 [sR] Beginning Verify and Repair transaction

2012-07-18 18:38:21, Info CSI 000001db [sR] Verify complete

2012-07-18 18:38:22, Info CSI 000001dc [sR] Verifying 100 (0x00000064) components

2012-07-18 18:38:22, Info CSI 000001dd [sR] Beginning Verify and Repair transaction

2012-07-18 18:38:29, Info CSI 000001df [sR] Verify complete

2012-07-18 18:38:30, Info CSI 000001e0 [sR] Verifying 100 (0x00000064) components

2012-07-18 18:38:30, Info CSI 000001e1 [sR] Beginning Verify and Repair transaction

2012-07-18 18:38:39, Info CSI 000001ec [sR] Verify complete

2012-07-18 18:38:39, Info CSI 000001ed [sR] Verifying 4 components

2012-07-18 18:38:39, Info CSI 000001ee [sR] Beginning Verify and Repair transaction

2012-07-18 18:38:40, Info CSI 000001f0 [sR] Verify complete

2012-07-18 18:38:40, Info CSI 000001f1 [sR] Repairing 3 components

2012-07-18 18:38:40, Info CSI 000001f2 [sR] Beginning Verify and Repair transaction

2012-07-18 18:38:40, Info CSI 000001f3 [sR] Cannot repair member file [l:22{11}]"desktop.ini" of Microsoft-Windows-fontext, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing

2012-07-18 18:38:40, Info CSI 000001f5 [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2012-07-18 18:38:40, Info CSI 000001f7 [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2012-07-18 18:38:40, Info CSI 000001f8 [sR] Cannot repair member file [l:22{11}]"desktop.ini" of Microsoft-Windows-fontext, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, file is missing

2012-07-18 18:38:40, Info CSI 000001f9 [sR] This component was referenced by [l:160{80}]"Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-113_neutral_GDR"

2012-07-18 18:38:40, Info CSI 000001fa [sR] Could not reproject corrupted file [ml:520{260},l:40{20}]"\??\C:\Windows\fonts"\[l:22{11}]"desktop.ini"; source file in store is also corrupted

2012-07-18 18:38:40, Info CSI 000001fc [sR] Cannot repair member file [l:20{10}]"tcpmon.ini" of Microsoft-Windows-Printing-StandardPortMonitor-TCPMonINI, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2012-07-18 18:38:40, Info CSI 000001fd [sR] This component was referenced by [l:160{80}]"Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.936330-187_neutral_GDR"

2012-07-18 18:38:40, Info CSI 00000200 [sR] Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"; source file in store is also corrupted

2012-07-18 18:38:40, Info CSI 00000202 [sR] Cannot repair member file [l:24{12}]"settings.ini" of Microsoft-Windows-Sidebar, Version = 6.0.6002.18005, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2012-07-18 18:38:40, Info CSI 00000203 [sR] This component was referenced by [l:158{79}]"Package_16_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.948465-49_neutral_GDR"

2012-07-18 18:38:40, Info CSI 00000205 [sR] Repair complete

2012-07-18 18:38:40, Info CSI 00000206 [sR] Committing transaction

2012-07-18 18:38:40, Info CSI 0000020a [sR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired

Maniac · July 19, 2012

Good!

Please post a new fresh Farbar Service Scanner log.

canimera · July 19, 2012

Hi Maniac! Please find the FSS log below, thanks!!:

Farbar Service Scanner Version: 08-07-2012

Ran by David (administrator) on 19-07-2012 at 06:53:39

Running from "C:\Users\David\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Network

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Attempt to access Google.com returned error: Other errors

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is set to Demand. The default start type is Auto.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is set to Auto. The default start type is 3.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Maniac · July 19, 2012

Please try to start them again and let me know.

canimera · July 20, 2012

Hi again. I followed your instructions as posted below. I tried to post everything in a single post but it is too large so it will be split in three posts:

Post 1: Install services from command prompt and then manually using link posted above. Using both methods I got the same results when starting the services:

I got the following messages for the commands you mentioned:

Dhcp, Dnscache, NSI, PlugPlay ==> "... has already been started..."

MpsSvc, ==> "System error 1068"

bfe ==> "Could not be started, System error 5 has occurred"

SDRSVC, VSS, wscsvc, wuauserv, BITS, EventSystem ==> Error 1084

Then ran a farbar scan. Log is as follows:

Farbar Service Scanner Version: 08-07-2012

Ran by David (administrator) on 19-07-2012 at 19:11:07

Running from "C:\Users\David\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Network

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Attempt to access Google.com returned error: Other errors

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is set to Demand. The default start type is Auto.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is set to Auto. The default start type is 3.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is OK.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

canimera · July 20, 2012

Post 2: Then I ran the sfc /scannow. Getting the next log (which I will further divide in two since "the post is too long"):

Log part a: