Jump to content


Photo
- - - - -

The specified service does not exist as an installed service


  • This topic is locked This topic is locked
27 replies to this topic

#1 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 07 October 2012 - 10:18 PM

I am having trouble with my laptop and yours is the only site I have found with a resolution. Specifically a post by the same name as this dated Sep 12 2012 by Hemi425. He was helped by a Mr. Posted Image Maurice Naggar . There were several warnings by Mr. Nagger not to follow those instructions on my own but to Post a new topic. So Mr. Nagger if you are out there Please Help.


First the stats and info;
Gateway laptop model 1625, circa 2008
OS- microsoft vista service pack 2 build 6002
Pro- AMD turion 64 X2 mobile technology
Ram- 2Gb
HD- ? 220 Gb
Video card- ? Supposed to be ATI based
Sound card- ?
AV- until now I have been using McAfee internet security
(part of my problem is that device manager does not work)

The back story;
About 3 weeks ago while surfing the web I got a virus. Specificaly Zeroaccess Trojan that Mcafee was good enough to tell me about. My first indication was a pop-up from McAfee stating that it was there and in order to fix the problem I would need to reboot. I rebooted only to have the same msg. occure over and over I couldn't even ignore it. Well long story short after talking with Mcafee for an hour they said they could help me for a modest $90.00 fee. I was angry and decided to go it alone. I found instructions on how to remove the virus on-line at McAfee's own web site and folowed them to the letter. The last instruction given was to run the Bootrec /fixmbr command from the recovery console command prompt. I did this and rebooted my machine. Well no more virus pop-ups... Also no more internet conection, no sound, No device manager, almost nothing works in controll panel Most of my programs either fail to start or give me the following msg, "The specified service does not exist as an installed service". Explorerer will allow me to veiw and work with my files but will hang sometimes for a min in between every mouse click, and it takes almost 6 min to boot the machine. Windows boots but that is about all.

I have tried all the usuall chanels for support. My vendor gateway has very little help for a model this old. Thinking that this was virus related I originally sought help at the viruses and malware forum of Computer help Forums, where a very nice guy named superdave was helping me. And I am affraid I stumped Dave. He had me run both the fixmbr and the fixboot commands again. We ran the windows startup repair utility as well as several cleanup and malware removal tools (from safemode which is the only place they will run) The logs of which are available if needed. Finally He sugested I format and reload windows. Which I'd be only to happy to do, I had intended to all along but I can't because of this issue. Thats annother story suffice to say that is issue 2 which I may also need help with... I am sorry for the length of this post if anyone could help me I would sincerely appreciate it!

I will post DDS logs here;

(please note all my scans are from safe mode. They will not work any other way. Also I have no access to the internet on the problem machine so all files are transfered using a flash drive.)

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Owner at 23:04:58 on 2012-10-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1607 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.myfairpoint.net/fairpoint/portal/index.aspx/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: netflix.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B512CDF3-308A-4F41-82BD-75D11C1878E6} : DhcpNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
.
============= SERVICES / DRIVERS ===============
.
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-11-12 60480]
.
=============== Created Last 30 ================
.
2012-10-01 19:44:32 -------- d-----w- C:\GRC
2012-09-30 04:24:48 -------- d-----w- c:\program files\CCleaner
2012-09-30 03:16:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-30 03:16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-14 00:59:43 -------- d-----w- c:\users\owner\appdata\roaming\McAfee
2012-09-09 17:45:10 -------- d-----w- c:\users\owner\appdata\roaming\progeSOFT
2012-09-09 17:44:40 -------- d-----w- c:\programdata\progeSOFT
2012-09-09 17:43:34 69632 ----a-w- c:\windows\system32\temp.002
2012-09-09 17:43:33 77878 ----a-w- c:\windows\system32\temp.001
2012-09-09 17:43:33 266293 ----a-w- c:\windows\system32\temp.000
2012-09-09 17:43:29 2134016 ----a-w- c:\windows\system32\cdintf251.dll
2012-09-09 17:43:01 89360 ----a-w- c:\windows\system32\vb5db.dll
2012-09-09 17:42:58 339968 ----a-w- c:\windows\system32\Slide.ocx
2012-09-09 17:42:58 274432 ----a-w- c:\windows\system32\DwgThumbnail.ocx
2012-09-09 17:42:45 503808 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-09 17:42:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-09 17:42:44 61440 ----a-w- c:\windows\system32\wintab32.dll
2012-09-09 17:42:44 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-09-09 17:42:42 368912 ----a-w- c:\windows\system32\vbar332.dll
2012-09-09 17:42:42 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-09-09 17:42:42 -------- d-----w- c:\program files\progeSOFT
.
==================== Find3M ====================
.
2012-10-08 01:04:37 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2012-10-08 01:04:35 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-10-08 00:19:57 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2012-09-14 00:25:23 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 00:25:23 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 23:07:03.40 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/5/2011 11:26:11 AM
System Uptime: 10/7/2012 11:03:32 PM (0 hours ago)
.
Motherboard: Gateway | |
Processor: AMD Turion™ 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 162.616 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 5.213 GiB free.
E: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.2
Amazon MP3 Downloader 1.0.15
ATI Catalyst Install Manager
Camera Assistant Software for Gateway
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Civilization III Complete Edition
Forge of Freedom
Garmin Training Center
Garmin USB Drivers
Guns of August
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Internet Security
McAfee Virtual Technician
Medieval II Total War
Medieval II Total War : Kingdoms : Americas
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Medieval II Total War : Kingdoms : Teutonic
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
OBDwiz
Power2Go 5.0
progeCAD 2009 Smart! ENG
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
REALTEK USB Wireless LAN Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shared C Run-time for x86
Sid Meier's Civilization 4 Complete
Sid Meier's Civilization IV Colonization
Skins
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
.
==== Event Viewer Messages From Past Week ========
.
9/30/2012 6:23:54 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
10/7/2012 9:37:01 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
10/7/2012 9:06:01 PM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting.
10/7/2012 9:05:33 PM, Error: Service Control Manager [7024] - The ReadyBoost service terminated with service-specific error 0 (0x0).
10/7/2012 9:05:33 PM, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified.
10/7/2012 9:05:33 PM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified.
10/7/2012 9:05:33 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: Operation aborted
10/7/2012 9:05:33 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.
10/7/2012 9:05:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
10/7/2012 9:05:33 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/7/2012 9:01:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
10/7/2012 9:01:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
10/7/2012 11:06:11 PM, Error: Microsoft-Windows-TBS [16392] - An error occurred while starting the TBS. The error code was 0x8007000d.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Tablet PC Input Service service depends the following service: PlugPlay. This service might not be installed.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/7/2012 11:05:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
10/7/2012 11:04:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
10/7/2012 11:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/7/2012 11:04:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/7/2012 10:24:42 PM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.
10/1/2012 6:17:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6
10/1/2012 3:44:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
.
==== End Of File ===========================

#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 08 October 2012 - 09:50 AM

Hello Duncann and welcome to MalwareBytes forums.

Wow, long story. Keep in mind that this may be beyond a good fix, given the previous "fixes".
Do tell me if you have the Vista operating system DVD.

Also, keep in mind, this type of problem takes, usually, much more than 1, or 2, or even 3 sessions of back-and-forth.

Let me suggest, if you're an MBAM customer, you contact the consumer help desk here.
If you do that, please let me know.


Do this batch run and advise me after it is completed.

Windows services
This will be a batch-fix .
  • Press the Windows-key on keyboard.
  • In the Posted Image box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    sc stop msiserver
    sc config msiserver start= manual
    sc start msiserver
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= delayed-auto
    sc config bits start= delayed-auto
    sc config wuauserv start= delayed-auto
    sc config sdrsvc start= manual
    sc config vss start= auto
    sc config eventlog start= auto
    sc start mpsdrv
    sc start mpssvc
    shutdown -r -t 1
    del %0
  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the Posted Image box, type in Fix.bat.
  • Press Posted Image.
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose Posted Image.
  • Press Yes if prompted by User Account Control.
This procedure will do its tasks and then it will Restart Windows.

As much as possible, have Windows Vista in normal mode ! ! !


Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 08 October 2012 - 08:58 PM

Hello Maurice,


Thank you so much for responding. :) As i said I have seen this error talked about alot but your conversation with hemi425 was the only one resolved so I have high hopes. If we can just get my services back up so I can execute my recovery program I would be happy. I am assuming that a virus "root kit" or not can't survive a full format ?

Do tell me if you have the Vista operating system DVD.


I do. It was they only way I can access the Recovery console where I ran the bootrec commands both originally and later with Superdave. It will not allow me to do a factory reset however.

Let me suggest, if you're an MBAM customer, you contact the consumer help desk here.
If you do that, please let me know


I am not a "paying customer" but I have recently downloaded and used their shareware version. Superdave had me run it and it did remove at least some part of "Zeroaccess"

I downloaded and moved the files to the infected machine but neither one would run in Normal mode. Same message "Specified service not an installed service" I ran both the batch fix and RSIT from safe mode. Batch fix ran but paused very briefly and I thought I saw a message saying could not run in safe enviornment but it continued and rebooted the system. No change.

RSIT ran ok here are the logs:

BTW would you rather I attach or copy/paste these logs
Again thank you so much for responding.

Attached Files

  • Attached File  log.txt   13.21KB   11 downloads
  • Attached File  info.txt   19.68KB   8 downloads


#4 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 09 October 2012 - 07:28 AM

Note, always Copy and Paste the logs/reports inside main-body of reply box. Do NOT attach.

Given your report of ZeroAccess: Be advised :excl:

Backdoor trojan warning:ZeroAccess / Sirefef
This system has some serious backdoor trojans. ZeroAccess / Sirefef


This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.
You are strongly advised to do the following immediately.
1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.
2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.
3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.
* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.
While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan
Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx
Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html
When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx
Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx
Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx
Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Let me know what you decide.

IF you decide to still go forward, do this:
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt Posted Image
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#5 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 09 October 2012 - 01:48 PM

Hi Maurice,
I read everything in your block text, I don't know if my passwords and login info are safe. The only ones I am concerned about are my online banking and I don't believe those are saved on the PC and I havn't been to that site since I got the Trojan. In fact I havn't been anywhere with that machine since it all came apart. It says that my wireless network adapter is not installed. Also as soon as I noticed the problem,(Trojan Detected) I turned off the switch for the wireless reciever and I have only turned it back on a few times briefly to see if it was working. In spite of this do you think my data has been compromised?

Let me know what you decide.


I do intend to wipe the hard drive and install fresh. Unfortunately with Gateway I need thier recovery center to do that. . At some point I lost it. I think because I installed a clean copy of windows some months ago for another problem. Anyway I can't install "Gateway Recovery Center" until I get back at least some functionality to the machine. If we can just get those services back I think I can do it. It would mean reloading from the recovery partition of my Hard Drive however, Can this "back door Trojan" stick around after a factory recovery from the recovery partition? (I do have a disk with Programs and drivers as well, but I don't believe it was intended for a full recovery)

I downloaded and ran FRST here is the log;

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012
Ran by SYSTEM at 09-10-2012 14:01:39
Running from G:\
Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-07] (Malwarebytes Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
==================== Services (Whitelisted) ===================
2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [279584 2012-08-24] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200816 2012-06-22] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [168368 2012-06-22] (McAfee, Inc.)
2 mfevtp; "C:\Windows\system32\mfevtps.exe" [166320 2012-06-22] (McAfee, Inc.)
2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)
2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2011-12-07] (Absolute Software Corp.)
2 rpcnetp; C:\Windows\System32\rpcnetp.exe [17408 2012-10-08] ()
2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation)
2 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-06-22] (McAfee, Inc.)
3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)
3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [127992 2012-06-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [230224 2012-06-22] (McAfee, Inc.)
3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [61912 2012-06-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [360792 2012-06-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [554048 2012-06-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-06-22] (McAfee, Inc.)
1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-06-22] (McAfee, Inc.)
3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation )
3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-05-23] (Chicony Electronics Co., Ltd.)
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MFE_RR; \??\C:\Users\Owner\AppData\Local\Temp\mfe_rr.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-10-09 14:01 - 2012-10-09 14:01 - 00000000 ____D C:\FRST
2012-10-08 17:04 - 2012-10-08 17:04 - 00000000 ____D C:\Program Files\trend micro
2012-10-08 17:03 - 2012-10-08 17:04 - 00000000 ____D C:\rsit
2012-10-08 16:34 - 2012-10-08 16:24 - 00781383 ____A C:\Users\Owner\Desktop\RSIT.exe
2012-10-01 11:44 - 2012-10-01 11:45 - 00000000 ____D C:\GRC
2012-10-01 10:43 - 2012-10-01 10:43 - 102055407 ____A C:\Windows\MEMORY.DMP
2012-10-01 10:43 - 2012-10-01 10:43 - 00134656 ____A C:\Windows\Minidump\Mini100112-01.dmp
2012-09-29 21:00 - 2012-09-29 21:00 - 00000789 ____A C:\AdwCleaner[R3].txt
2012-09-29 20:38 - 2012-09-29 20:39 - 00000730 ____A C:\AdwCleaner[R2].txt
2012-09-29 20:24 - 2012-09-29 20:24 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-29 20:24 - 2012-09-29 20:24 - 00000000 ____D C:\Program Files\CCleaner
2012-09-29 20:20 - 2012-09-29 18:54 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2012-09-29 20:20 - 2012-09-29 17:57 - 04758577 ___RA (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-09-29 20:20 - 2012-09-29 17:57 - 00881724 ____A C:\Users\Owner\Desktop\SecurityCheck.exe
2012-09-29 20:20 - 2012-09-29 17:47 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr
2012-09-29 19:35 - 2012-09-29 19:06 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2012-09-29 19:16 - 2012-09-29 19:16 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 19:16 - 2012-09-29 19:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-09-29 19:16 - 2012-09-07 13:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-29 19:12 - 2012-09-29 19:12 - 00000671 ____A C:\AdwCleaner[R1].txt
2012-09-28 14:17 - 2012-09-27 16:57 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup.exe
2012-09-28 14:15 - 2012-09-27 16:56 - 00513501 ____A C:\Users\Owner\Desktop\adwcleaner.exe
2012-09-21 15:23 - 2012-09-29 20:05 - 00059952 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-21 05:21 - 2012-09-21 05:22 - 00000000 ____D C:\Users\Owner\Documents\gateway
2012-09-15 06:05 - 2012-09-15 06:20 - 00000000 ____D C:\Users\Owner\Desktop\New Folder
2012-09-13 16:59 - 2012-09-13 16:59 - 00000000 ____D C:\Users\Owner\AppData\Roaming\McAfee
2012-09-09 09:45 - 2012-09-09 09:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\progeSOFT
2012-09-09 09:44 - 2012-09-09 09:44 - 00001936 ____A C:\Users\Public\Desktop\progeCAD 2009 Smart!.lnk
2012-09-09 09:44 - 2012-09-09 09:44 - 00000000 ____D C:\Users\All Users\progeSOFT
2012-09-09 09:43 - 2009-10-07 11:42 - 00089360 ____A (Microsoft Corporation) C:\Windows\System32\vb5db.dll
2012-09-09 09:43 - 2009-10-07 11:40 - 00266293 ____A (Microsoft Corporation) C:\Windows\System32\temp.000
2012-09-09 09:43 - 2009-10-07 11:40 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\temp.002
2012-09-09 09:43 - 2009-10-07 11:39 - 02134016 ____A (Amyuni Technologies
2012-09-09 09:43 - 2009-10-07 11:39 - 00077878 ____A (Microsoft Corporation) C:\Windows\System32\temp.001
2012-09-09 09:42 - 2012-09-09 09:42 - 00000000 ____D C:\Program Files\progeSOFT
2012-09-09 09:42 - 2009-10-07 11:42 - 01060864 ____A (Microsoft Corporation) C:\Windows\System32\mfc71.dll
2012-09-09 09:42 - 2009-10-07 11:42 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll
2012-09-09 09:42 - 2009-10-07 11:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll
2012-09-09 09:42 - 2009-10-07 11:42 - 00061440 ____A C:\Windows\System32\wintab32.dll
2012-09-09 09:42 - 2001-03-13 11:49 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.OCX
2012-09-09 09:42 - 1999-11-08 09:45 - 00339968 ____A (Autodesk) C:\Windows\System32\Slide.ocx
2012-09-09 09:42 - 1999-07-21 13:25 - 00274432 ____A (Autodesk Developer Consulting Group) C:\Windows\System32\DwgThumbnail.ocx
2012-09-09 09:42 - 1998-04-24 20:00 - 00368912 ____A (Microsoft Corporation) C:\Windows\System32\vbar332.dll
2012-09-09 09:31 - 2012-09-09 09:39 - 101350261 ____A C:\Users\Owner\Downloads\progeCAD-2009-Smart-AutoCAD-Clone.exe
==================== 3 Months Modified Files ==================
2012-10-08 17:30 - 2011-10-05 03:35 - 00001356 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat
2012-10-08 17:08 - 2012-06-11 05:16 - 00001735 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk
2012-10-08 17:01 - 2011-10-05 07:21 - 00017408 ____A C:\Windows\System32\rpcnetp.exe
2012-10-08 16:57 - 2006-11-02 05:01 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-08 16:57 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-08 16:57 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-08 16:57 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-08 16:55 - 2006-11-02 02:33 - 00716688 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-08 16:47 - 2011-10-05 07:52 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll
2012-10-08 16:47 - 2011-10-05 07:22 - 00017408 ____A C:\Windows\System32\rpcnetp.dll
2012-10-08 16:24 - 2012-10-08 16:34 - 00781383 ____A C:\Users\Owner\Desktop\RSIT.exe
2012-10-01 10:43 - 2012-10-01 10:43 - 102055407 ____A C:\Windows\MEMORY.DMP
2012-10-01 10:43 - 2012-10-01 10:43 - 00134656 ____A C:\Windows\Minidump\Mini100112-01.dmp
2012-09-29 21:00 - 2012-09-29 21:00 - 00000789 ____A C:\AdwCleaner[R3].txt
2012-09-29 20:39 - 2012-09-29 20:38 - 00000730 ____A C:\AdwCleaner[R2].txt
2012-09-29 20:24 - 2012-09-29 20:24 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-09-29 20:05 - 2012-09-21 15:23 - 00059952 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT
2012-09-29 19:16 - 2012-09-29 19:16 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-29 19:12 - 2012-09-29 19:12 - 00000671 ____A C:\AdwCleaner[R1].txt
2012-09-29 19:06 - 2012-09-29 19:35 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2012-09-29 18:54 - 2012-09-29 20:20 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe
2012-09-29 17:57 - 2012-09-29 20:20 - 04758577 ___RA (Swearware) C:\Users\Owner\Desktop\ComboFix.exe
2012-09-29 17:57 - 2012-09-29 20:20 - 00881724 ____A C:\Users\Owner\Desktop\SecurityCheck.exe
2012-09-29 17:47 - 2012-09-29 20:20 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr
2012-09-27 16:57 - 2012-09-28 14:17 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup.exe
2012-09-27 16:56 - 2012-09-28 14:15 - 00513501 ____A C:\Users\Owner\Desktop\adwcleaner.exe
2012-09-21 15:58 - 2006-11-02 04:47 - 00264840 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-13 16:25 - 2012-04-18 05:36 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-09-13 16:25 - 2011-10-26 06:46 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-09-09 09:44 - 2012-09-09 09:44 - 00001936 ____A C:\Users\Public\Desktop\progeCAD 2009 Smart!.lnk
2012-09-09 09:39 - 2012-09-09 09:31 - 101350261 ____A C:\Users\Owner\Downloads\progeCAD-2009-Smart-AutoCAD-Clone.exe
2012-09-07 13:04 - 2012-09-29 19:16 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-24 03:28 - 2012-07-24 03:28 - 00001675 ____A C:\Users\Owner\Desktop\Guns of August (Quick Start).lnk
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3537287095-3571365832-2134347009-1000\$0aa21280e1fc7d5237c7009ab6215ffc
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$0aa21280e1fc7d5237c7009ab6215ffc
==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================

==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 1917.38 MB
Available physical RAM: 1510.14 MB
Total Pagefile: 1765.2 MB
Available Pagefile: 1581.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.31 MB
==================== Partitions =============================
1 Drive c: () (Fixed) (Total:221.84 GB) (Free:162.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:11.04 GB) (Free:5.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (ENU_HOME_PREM_32BIT_SP1.CMD) (CDROM) (Total:2.94 GB) (Free:0 GB) CDFS
5 Drive g: () (Removable) (Total:1.86 GB) (Free:1.74 GB) FAT
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1944 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 11 GB 32 KB
Partition 2 Primary 222 GB 11 GB
=========================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 11 GB Healthy
=========================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 222 GB Healthy
=========================================================
Partitions of Disk 2:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1908 MB 65 KB
=========================================================
Disk: 2
Partition 1
Type : 06
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 1908 MB Healthy
=========================================================
Last Boot: 2012-10-08 17:20
==================== End Of Log ============================

#6 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 10 October 2012 - 08:52 AM

I would urge you, using a clean computer, to change ALL your passwords/logins. It is quite possible for the attacker, using the backdoor trojans, to have lifted your passwords and personal information. That's why I suggest you also cover your bank and credit accounts.

It's not typical for the infection to get into the factory recovery partition. On the actual process to do the factory restore, check with Gateway on the exact procedure.

While I am helping you here, it is important that you follow my guidance, and that you do NOT run tools/ or fixes/ or changes on your own, without first checking with me first.
It seems you had already run aswMBR, Adwcleaner, and Combofix on your own.

Please carefully follow this procedure :excl:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on this system. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#7 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 10 October 2012 - 08:31 PM

Hi Dave,

I will change those passwords.

While I am helping you here, it is important that you follow my guidance, and that you do NOT run tools/ or fixes/ or changes on your own, without first checking with me first.
It seems you had already run aswMBR, Adwcleaner, and Combofix on your own.


I have not run those programs since I started with you. As I mentioned in my first post, SuperDave (Computer hope forums) had me run several cleaning and diagnostic programs. I realize that you are helping me out of the goodness in your heart. and I appreciate it. I will follow your lead.

I ran FRST with the script here is the log;

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012
Ran by SYSTEM at 2012-10-10 20:53:59 Run:1
Running from G:\
==============================================
Could not move C:\$Recycle.Bin\S-1-5-21-3537287095-3571365832-2134347009-1000\$0aa21280e1fc7d5237c7009ab6215ffc.
Could not move C:\$Recycle.Bin\S-1-5-18\$0aa21280e1fc7d5237c7009ab6215ffc.
==== End of Fixlog ====

#8 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 11 October 2012 - 08:37 AM

Hello Duncann,

Start the pc into normal mode Windows. {fresh start}


Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.
Step 2
Show all files:
  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.
Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
  • Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  • Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box [code=auto:0]Malwarebytes[code=auto:0] then select/click Malwarebytes Anti-Malware Chameleon
  • Once the Help file opens, click on a Chameleon button (starting with #1)
  • If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
  • You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. 1.6 at the top
  • Press any key to continue as it says in the window {space-bar will do}
  • If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  • Have infinite patience during this process
  • Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  • Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:
  • Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  • After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  • A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  • Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  • If prompted to restart your computer to complete the removal process, click Yes :excl:
  • If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  • After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats
Reply with copy of the MBAM scan log for review.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#9 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 11 October 2012 - 09:26 PM

Hi maurice,

Well I had problems in normal mode. (Surprise) I was able to install ERUNT in safe mode and back up the registry. I ran Chameleon From there as well and MBAM but MBAM found nothing. I rebooted into normal mode and tried to run chameleon again but nothing. It did run but I tried all 12 options and no Command box appeared. MBAM will not run in normal mode either.

Here is the log for what its worth;

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.07.13
Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Owner :: DUNCAN-PC [administrator]
10/11/2012 9:19:54 PM
mbam-log-2012-10-11 (21-19-54).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198107
Time elapsed: 3 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#10 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 12 October 2012 - 07:56 AM

Restart the system {fresh} and be sure it is in normal mode.

First
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
Please download Rkill by Grinler and save it to your desktop.
  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL
IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.
When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.
More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html

Next
Please follow my guidance. Ask if you have questions.
I am going to ask you to read very carefully. I am asking you to download to unique folder !!
Step 1. Close and save any open documents, and exit programs that you started.
Step 2. Download TDSSKiller.exe and SAVE it to a special folder
http://support.kaspe.../tdsskiller.exe
and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:
Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon" /o
A black DOS prompt will appear with a prompt to press any key to continue, please do.
Step 4
Please read carefully and follow these steps.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Please Copy & Paste that log in reply.

Edited by Maurice Naggar, 12 October 2012 - 07:59 AM.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#11 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 12 October 2012 - 10:12 PM

Hi Maurice'

Well I tried like hell to use normal mode. I just can't get these programs to run there. I get the same message "The specified service is not an installed service." Nothing works in normal mode!!! The list is endless it would be easier to list the things that do work. It would seem that some ini file/registry setting that loads all these services is not being loaded. I'm sorry, I spent 4 hrs trying all the different versions of RKill but each time after waiting I get "Specified service...bla bla" You seem to be urging me to use normal mode so I will try but in the end until we get those services back up I don't think anything will work there. If you don't want me to perform a task in safe mode please let me know otherwise I will try normal first then safe if that won't work


Anyway I gave in a ran Rkill in Safe mode and here are the results;


Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html
Program started at: 10/12/2012 06:08:30 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* DHCP Client (Dhcp) is not Running.
Startup Type set to: Automatic
* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic
* COM+ Event System (RpcSs) is not Running.
Startup Type set to: Automatic
* Windows Firewall Authorization Driver (mpsdrv) is not Running.
Startup Type set to: Manual
* Appinfo [Missing Service]
* BFE [Missing Service]
* BITS [Missing Service]
* Dnscache [Missing Service]
* IPBusEnum [Missing Service]
* iphlpsvc [Missing Service]
* MpsSvc [Missing Service]
* Netman [Missing Service]
* netprofm [Missing Service]
* nsi [Missing Service]
* PlugPlay [Missing Service]
* QWAVE [Missing Service]
* seclogon [Missing Service]
* SENS [Missing Service]
* SessionEnv [Missing Service]
* SLUINotify [Missing Service]
* SysMain [Missing Service]
* upnphost [Missing Service]
* wcncsvc [Missing Service]
* WcsPlugInService [Missing Service]
* WinDefend [Missing Service]
* WinHttpAutoProxySvc [Missing Service]
* wscsvc [Missing Service]
* wuauserv [Missing Service]
* SharedAccess [Missing ImagePath]
* WebClient [Missing Parameters Key]
* WPDBusEnum [Missing Parameters Key]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
Program finished at: 10/12/2012 06:09:18 PM
Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)


As you can see a lot of missing services even for safe mode.


I did not continue with TDSSKiller I wanted to ask you if it ok to perform that task in safe mode if it won't work in Normal? (which it probaby won't.)
Also,

and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

I do not have (x86) in this folder path in case it maters, ? But I am using a 32 bit system.

#12 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 13 October 2012 - 01:11 PM

I understand what you noted about Safe Mode with Networking. You may continue to use it for now.

But, a reminder, the pc has or had a ZeroAccess infection and surely knocked out some very important Windows services.
and remember my "backdoor trojan warning" from before. It may wind up at the point where you will need to do a system wipe and clean install of Vista + all your applications.


It looks as if you have a missing Windows service (one or more). Which may be a clue & confirmation that you do still have a malware infection and if so, that has to be hunted and corrected if possible.

Go to Start >> select Control Panel >> and go to Action Center or Security Center (as appropos)

What does it show for antivirus status?
What does it show for Firewall status ?
What does it show for Automatic Updates?

Did you or any other user of the system "disable any Windows services" ?

When was the last time you scanned your system with your antivirus program and security app (if you have another anti-malware) ?


NEXT: Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

From Start button, select RUN (or Win-key +R) and in the run-text-box type in MSCONFIG and press OK or Enter.
On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)
IF it does not, then you click on Normal startup.

Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

Look at the bottom line Hide all Microsoft services
IF and only IF its is checkmarked, then un-check it.

the list of servies may be shown in non-alphabetical order, so ....
Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.
You can toggle as needed to get the desired order.


IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !


Then using the scroll-bar scroll down the list

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.


When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

Then report back here with details.

If any of the services are not shown, just let me know which.

NEXT:
Do your best to run the TDSSKILLER with Chameleon MBAM run as I outlined before ..... even in Safe Mode with Networking !



NEXT

Download >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#13 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 13 October 2012 - 02:31 PM

hi Maurice,

OK First things first, TDSSkiller;

I wasn't even able to copy the program to that folder in normal mode. It seems that along with most of my services administrator privliges is also not working. (I am admin for this computer) So back to safe mode... As I stated in last post ((x86) not in my folder path. So I copied program to chameleon folder then tried to run your command again (x86) no such folder. Altered command line to remove (x86) and ... No com window at all but up poped the folder Chameleon I ran TDSSKiller and it found nothing here is the log;

14:58:39.0814 1432 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:58:39.0845 1432 ============================================================
14:58:39.0845 1432 Current date / time: 2012/10/13 14:58:39.0845
14:58:39.0845 1432 SystemInfo:
14:58:39.0845 1432
14:58:39.0845 1432 OS Version: 6.0.6002 ServicePack: 2.0
14:58:39.0845 1432 Product type: Workstation
14:58:39.0845 1432 ComputerName: DUNCAN-PC
14:58:39.0845 1432 UserName: Owner
14:58:39.0845 1432 Windows directory: C:\Windows
14:58:39.0845 1432 System windows directory: C:\Windows
14:58:39.0845 1432 Processor architecture: Intel x86
14:58:39.0845 1432 Number of processors: 2
14:58:39.0845 1432 Page size: 0x1000
14:58:39.0845 1432 Boot type: Safe boot with network
14:58:39.0845 1432 ============================================================
14:58:41.0093 1432 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:58:41.0093 1432 Drive \Device\Harddisk1\DR1 - Size: 0x797D1A00 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:58:41.0093 1432 ============================================================
14:58:41.0093 1432 \Device\Harddisk0\DR0:
14:58:41.0093 1432 MBR partitions:
14:58:41.0093 1432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1613C22
14:58:41.0093 1432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1613C61, BlocksNum 0x1BBB0920
14:58:41.0093 1432 \Device\Harddisk1\DR1:
14:58:41.0093 1432 MBR partitions:
14:58:41.0093 1432 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F
14:58:41.0093 1432 ============================================================
14:58:41.0140 1432 C: <-> \Device\Harddisk0\DR0\Partition2
14:58:41.0171 1432 D: <-> \Device\Harddisk0\DR0\Partition1
14:58:41.0171 1432 ============================================================
14:58:41.0171 1432 Initialize success
14:58:41.0171 1432 ============================================================
14:58:53.0355 1024 ============================================================
14:58:53.0355 1024 Scan started
14:58:53.0355 1024 Mode: Manual;
14:58:53.0355 1024 ============================================================
14:58:54.0431 1024 ================ Scan system memory ========================
14:58:54.0431 1024 System memory - ok
14:58:54.0447 1024 ================ Scan services =============================
14:58:54.0650 1024 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
14:58:54.0650 1024 ACPI - ok
14:58:54.0743 1024 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:58:54.0790 1024 adp94xx - ok
14:58:54.0868 1024 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:58:54.0899 1024 adpahci - ok
14:58:54.0962 1024 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
14:58:54.0962 1024 adpu160m - ok
14:58:55.0024 1024 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:58:55.0055 1024 adpu320 - ok
14:58:55.0164 1024 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:58:55.0180 1024 AeLookupSvc - ok
14:58:55.0258 1024 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
14:58:55.0258 1024 AFD - ok
14:58:55.0289 1024 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
14:58:55.0289 1024 AgereModemAudio - ok
14:58:55.0367 1024 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
14:58:55.0398 1024 AgereSoftModem - ok
14:58:55.0523 1024 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:58:55.0523 1024 agp440 - ok
14:58:55.0570 1024 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:58:55.0570 1024 aic78xx - ok
14:58:55.0601 1024 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
14:58:55.0601 1024 ALG - ok
14:58:55.0617 1024 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
14:58:55.0617 1024 aliide - ok
14:58:55.0632 1024 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:58:55.0648 1024 amdagp - ok
14:58:55.0679 1024 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
14:58:55.0679 1024 amdide - ok
14:58:55.0710 1024 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
14:58:55.0710 1024 AmdK7 - ok
14:58:55.0742 1024 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:58:55.0757 1024 AmdK8 - ok
14:58:55.0788 1024 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
14:58:55.0788 1024 arc - ok
14:58:55.0835 1024 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:58:55.0851 1024 arcsas - ok
14:58:55.0991 1024 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:58:55.0991 1024 aspnet_state - ok
14:58:56.0054 1024 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:58:56.0054 1024 AsyncMac - ok
14:58:56.0116 1024 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
14:58:56.0116 1024 atapi - ok
14:58:56.0225 1024 [ 86ACB6A60C50E99EB8E68710D5A12654 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
14:58:56.0256 1024 Ati External Event Utility - ok
14:58:56.0459 1024 [ 7DB96C2801A78513BDC133C25D07929E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:58:56.0584 1024 atikmdag - ok
14:58:56.0646 1024 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
14:58:56.0646 1024 AtiPcie - ok
14:58:56.0740 1024 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:58:56.0756 1024 AudioEndpointBuilder - ok
14:58:56.0787 1024 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:58:56.0802 1024 Audiosrv - ok
14:58:56.0865 1024 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
14:58:56.0865 1024 Beep - ok
14:58:56.0896 1024 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
14:58:56.0896 1024 blbdrive - ok
14:58:57.0005 1024 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:58:57.0005 1024 bowser - ok
14:58:57.0052 1024 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
14:58:57.0052 1024 BrFiltLo - ok
14:58:57.0052 1024 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
14:58:57.0052 1024 BrFiltUp - ok
14:58:57.0114 1024 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
14:58:57.0114 1024 Browser - ok
14:58:57.0146 1024 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
14:58:57.0146 1024 Brserid - ok
14:58:57.0177 1024 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
14:58:57.0177 1024 BrSerWdm - ok
14:58:57.0208 1024 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
14:58:57.0208 1024 BrUsbMdm - ok
14:58:57.0224 1024 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
14:58:57.0224 1024 BrUsbSer - ok
14:58:57.0286 1024 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:58:57.0286 1024 BTHMODEM - ok
14:58:57.0317 1024 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:58:57.0333 1024 cdfs - ok
14:58:57.0364 1024 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:58:57.0364 1024 cdrom - ok
14:58:57.0426 1024 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
14:58:57.0442 1024 CertPropSvc - ok
14:58:57.0504 1024 [ 958C33D0715D1496684D2E5E329748E8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
14:58:57.0504 1024 cfwids - ok
14:58:57.0536 1024 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
14:58:57.0536 1024 circlass - ok
14:58:57.0598 1024 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
14:58:57.0614 1024 CLFS - ok
14:58:57.0676 1024 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:58:57.0707 1024 clr_optimization_v2.0.50727_32 - ok
14:58:57.0801 1024 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:58:57.0832 1024 clr_optimization_v4.0.30319_32 - ok
14:58:57.0910 1024 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:58:57.0910 1024 CmBatt - ok
14:58:57.0941 1024 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:58:57.0941 1024 cmdide - ok
14:58:57.0988 1024 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:58:57.0988 1024 Compbatt - ok
14:58:58.0019 1024 COMSysApp - ok
14:58:58.0050 1024 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:58:58.0050 1024 crcdisk - ok
14:58:58.0082 1024 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
14:58:58.0082 1024 Crusoe - ok
14:58:58.0160 1024 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:58:58.0160 1024 CryptSvc - ok
14:58:58.0238 1024 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:58:58.0284 1024 DcomLaunch - ok
14:58:58.0300 1024 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:58:58.0316 1024 DfsC - ok
14:58:58.0440 1024 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
14:58:58.0503 1024 DFSR - ok
14:58:58.0596 1024 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
14:58:58.0596 1024 Dhcp - ok
14:58:58.0674 1024 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
14:58:58.0674 1024 disk - ok
14:58:58.0721 1024 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:58:58.0737 1024 dot3svc - ok
14:58:58.0799 1024 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
14:58:58.0799 1024 DPS - ok
14:58:58.0846 1024 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:58:58.0846 1024 drmkaud - ok
14:58:58.0924 1024 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:58:58.0940 1024 DXGKrnl - ok
14:58:59.0049 1024 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
14:58:59.0049 1024 E1G60 - ok
14:58:59.0096 1024 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
14:58:59.0096 1024 EapHost - ok
14:58:59.0158 1024 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
14:58:59.0174 1024 Ecache - ok
14:58:59.0220 1024 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:58:59.0236 1024 ehRecvr - ok
14:58:59.0236 1024 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
14:58:59.0236 1024 ehSched - ok
14:58:59.0252 1024 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
14:58:59.0252 1024 ehstart - ok
14:58:59.0314 1024 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:58:59.0314 1024 elxstor - ok
14:58:59.0392 1024 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
14:58:59.0408 1024 EMDMgmt - ok
14:58:59.0470 1024 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:58:59.0470 1024 ErrDev - ok
14:58:59.0595 1024 esgiguard - ok
14:58:59.0642 1024 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
14:58:59.0657 1024 EventSystem - ok
14:58:59.0720 1024 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
14:58:59.0735 1024 exfat - ok
14:58:59.0766 1024 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:58:59.0782 1024 fastfat - ok
14:58:59.0813 1024 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:58:59.0813 1024 fdc - ok
14:58:59.0860 1024 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
14:58:59.0860 1024 fdPHost - ok
14:58:59.0860 1024 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
14:58:59.0876 1024 FDResPub - ok
14:58:59.0938 1024 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:58:59.0938 1024 FileInfo - ok
14:58:59.0954 1024 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:58:59.0954 1024 Filetrace - ok
14:59:00.0000 1024 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:59:00.0000 1024 flpydisk - ok
14:59:00.0063 1024 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:59:00.0063 1024 FltMgr - ok
14:59:00.0125 1024 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:59:00.0141 1024 FontCache3.0.0.0 - ok
14:59:00.0172 1024 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:59:00.0172 1024 Fs_Rec - ok
14:59:00.0266 1024 [ B7AA8283EC551D3A3B924E520E0621A7 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys
14:59:00.0266 1024 FTDIBUS - ok
14:59:00.0328 1024 [ 596D31583CE332B5514520D74837F434 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys
14:59:00.0344 1024 FTSER2K - ok
14:59:00.0375 1024 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:59:00.0375 1024 gagp30kx - ok
14:59:00.0437 1024 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
14:59:00.0453 1024 gpsvc - ok
14:59:00.0562 1024 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:59:00.0562 1024 HdAudAddService - ok
14:59:00.0640 1024 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:59:00.0656 1024 HDAudBus - ok
14:59:00.0687 1024 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:59:00.0687 1024 HidBth - ok
14:59:00.0687 1024 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:59:00.0702 1024 HidIr - ok
14:59:00.0734 1024 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
14:59:00.0734 1024 hidserv - ok
14:59:00.0780 1024 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:59:00.0780 1024 HidUsb - ok
14:59:00.0874 1024 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
14:59:00.0874 1024 HipShieldK - ok
14:59:00.0936 1024 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:59:00.0936 1024 hkmsvc - ok
14:59:00.0968 1024 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
14:59:00.0968 1024 HpCISSs - ok
14:59:01.0030 1024 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:59:01.0030 1024 HTTP - ok
14:59:01.0092 1024 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
14:59:01.0092 1024 i2omp - ok
14:59:01.0155 1024 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
14:59:01.0155 1024 i8042prt - ok
14:59:01.0170 1024 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
14:59:01.0170 1024 iaStorV - ok
14:59:01.0295 1024 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:59:01.0326 1024 idsvc - ok
14:59:01.0358 1024 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:59:01.0358 1024 iirsp - ok
14:59:01.0404 1024 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
14:59:01.0420 1024 IKEEXT - ok
14:59:01.0467 1024 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
14:59:01.0467 1024 intelide - ok
14:59:01.0498 1024 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:59:01.0498 1024 intelppm - ok
14:59:01.0514 1024 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:59:01.0514 1024 IpFilterDriver - ok
14:59:01.0514 1024 IpInIp - ok
14:59:01.0529 1024 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
14:59:01.0529 1024 IPMIDRV - ok
14:59:01.0592 1024 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
14:59:01.0592 1024 IPNAT - ok
14:59:01.0607 1024 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:59:01.0623 1024 IRENUM - ok
14:59:01.0685 1024 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:59:01.0685 1024 isapnp - ok
14:59:01.0732 1024 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
14:59:01.0732 1024 iScsiPrt - ok
14:59:01.0763 1024 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
14:59:01.0763 1024 iteatapi - ok
14:59:01.0779 1024 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
14:59:01.0779 1024 iteraid - ok
14:59:01.0826 1024 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:59:01.0826 1024 kbdclass - ok
14:59:01.0841 1024 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:59:01.0841 1024 kbdhid - ok
14:59:01.0872 1024 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
14:59:01.0872 1024 KeyIso - ok
14:59:01.0935 1024 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:59:01.0935 1024 KSecDD - ok
14:59:02.0028 1024 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
14:59:02.0028 1024 KtmRm - ok
14:59:02.0091 1024 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
14:59:02.0106 1024 LanmanServer - ok
14:59:02.0169 1024 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:59:02.0169 1024 LanmanWorkstation - ok
14:59:02.0216 1024 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:59:02.0216 1024 lltdio - ok
14:59:02.0247 1024 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:59:02.0247 1024 lltdsvc - ok
14:59:02.0294 1024 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:59:02.0294 1024 lmhosts - ok
14:59:02.0325 1024 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:59:02.0325 1024 LSI_FC - ok
14:59:02.0356 1024 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:59:02.0372 1024 LSI_SAS - ok
14:59:02.0403 1024 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:59:02.0403 1024 LSI_SCSI - ok
14:59:02.0465 1024 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
14:59:02.0465 1024 luafv - ok
14:59:02.0559 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
14:59:02.0559 1024 McMPFSvc - ok
14:59:02.0590 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
14:59:02.0590 1024 mcmscsvc - ok
14:59:02.0606 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
14:59:02.0606 1024 McNaiAnn - ok
14:59:02.0621 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
14:59:02.0621 1024 McNASvc - ok
14:59:02.0762 1024 [ F2424960B82DFCED4FB08596D3EF100A ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
14:59:02.0762 1024 McODS - ok
14:59:02.0762 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
14:59:02.0777 1024 McProxy - ok
14:59:02.0840 1024 [ 6A78931E71218F38B2B4665D2BA79789 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
14:59:02.0840 1024 McShield - ok
14:59:02.0871 1024 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:59:02.0871 1024 Mcx2Svc - ok
14:59:02.0902 1024 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
14:59:02.0902 1024 megasas - ok
14:59:02.0949 1024 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
14:59:02.0949 1024 MegaSR - ok
14:59:02.0996 1024 [ 38995E33939DCA02BEED384C37A0BABB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
14:59:02.0996 1024 mfeapfk - ok
14:59:03.0089 1024 [ ACB64C134E0FA7124FE67A8CC5F02833 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
14:59:03.0105 1024 mfeavfk - ok
14:59:03.0152 1024 [ FB331E460DBAE41B7CBDD72E690D6DA3 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
14:59:03.0152 1024 mfebopk - ok
14:59:03.0183 1024 [ 8421EF9F71E0595BE68B5D913ED0FE78 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:59:03.0198 1024 mfefire - ok
14:59:03.0261 1024 [ 53891A53ACF0D43088E899DDD7209ACC ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
14:59:03.0261 1024 mfefirek - ok
14:59:03.0323 1024 [ 2F70286021B917F6D69C32C5DB8CD288 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
14:59:03.0339 1024 mfehidk - ok
14:59:03.0354 1024 [ 9171F3CA5DDD1D6A590B295F90E1E3BB ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
14:59:03.0370 1024 mferkdet - ok
14:59:03.0401 1024 [ 958E4A10C7C2C80714882542934C6912 ] mfevtp C:\Windows\system32\mfevtps.exe
14:59:03.0401 1024 mfevtp - ok
14:59:03.0432 1024 [ 07A474725D2DC08759496F58164795CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
14:59:03.0432 1024 mfewfpk - ok
14:59:03.0557 1024 MFE_RR - ok
14:59:03.0588 1024 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
14:59:03.0588 1024 MMCSS - ok
14:59:03.0604 1024 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
14:59:03.0604 1024 Modem - ok
14:59:03.0666 1024 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:59:03.0666 1024 monitor - ok
14:59:03.0682 1024 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:59:03.0682 1024 mouclass - ok
14:59:03.0698 1024 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:59:03.0698 1024 mouhid - ok
14:59:03.0729 1024 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
14:59:03.0729 1024 MountMgr - ok
14:59:03.0760 1024 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
14:59:03.0760 1024 mpio - ok
14:59:03.0822 1024 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:59:03.0822 1024 mpsdrv - ok
14:59:03.0854 1024 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
14:59:03.0854 1024 Mraid35x - ok
14:59:03.0916 1024 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:59:03.0916 1024 MRxDAV - ok
14:59:03.0963 1024 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:59:03.0963 1024 mrxsmb - ok
14:59:03.0978 1024 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:59:03.0978 1024 mrxsmb10 - ok
14:59:03.0978 1024 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:59:03.0978 1024 mrxsmb20 - ok
14:59:04.0010 1024 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
14:59:04.0010 1024 msahci - ok
14:59:04.0056 1024 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:59:04.0056 1024 msdsm - ok
14:59:04.0088 1024 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
14:59:04.0088 1024 MSDTC - ok
14:59:04.0150 1024 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:59:04.0150 1024 Msfs - ok
14:59:04.0212 1024 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:59:04.0212 1024 msisadrv - ok
14:59:04.0244 1024 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:59:04.0244 1024 MSiSCSI - ok
14:59:04.0275 1024 msiserver - ok
14:59:04.0290 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
14:59:04.0290 1024 MSK80Service - ok
14:59:04.0337 1024 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:59:04.0337 1024 MSKSSRV - ok
14:59:04.0400 1024 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:59:04.0400 1024 MSPCLOCK - ok
14:59:04.0415 1024 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:59:04.0415 1024 MSPQM - ok
14:59:04.0431 1024 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:59:04.0431 1024 MsRPC - ok
14:59:04.0478 1024 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
14:59:04.0478 1024 mssmbios - ok
14:59:04.0524 1024 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:59:04.0524 1024 MSTEE - ok
14:59:04.0556 1024 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
14:59:04.0556 1024 Mup - ok
14:59:04.0602 1024 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
14:59:04.0602 1024 napagent - ok
14:59:04.0665 1024 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:59:04.0665 1024 NativeWifiP - ok
14:59:04.0680 1024 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
14:59:04.0696 1024 NDIS - ok
14:59:04.0727 1024 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:59:04.0727 1024 NdisTapi - ok
14:59:04.0743 1024 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:59:04.0758 1024 Ndisuio - ok
14:59:04.0836 1024 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:59:04.0836 1024 NdisWan - ok
14:59:04.0852 1024 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:59:04.0852 1024 NDProxy - ok
14:59:04.0899 1024 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:59:04.0899 1024 NetBIOS - ok
14:59:04.0930 1024 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
14:59:04.0946 1024 netbt - ok
14:59:05.0008 1024 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
14:59:05.0008 1024 Netlogon - ok
14:59:05.0039 1024 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:59:05.0039 1024 NetTcpPortSharing - ok
14:59:05.0055 1024 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
14:59:05.0055 1024 nfrd960 - ok
14:59:05.0102 1024 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:59:05.0102 1024 NlaSvc - ok
14:59:05.0148 1024 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:59:05.0148 1024 Npfs - ok
14:59:05.0164 1024 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:59:05.0164 1024 nsiproxy - ok
14:59:05.0258 1024 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:59:05.0289 1024 Ntfs - ok
14:59:05.0304 1024 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
14:59:05.0304 1024 ntrigdigi - ok
14:59:05.0382 1024 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
14:59:05.0382 1024 NuidFltr - ok
14:59:05.0398 1024 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
14:59:05.0398 1024 Null - ok
14:59:05.0445 1024 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:59:05.0445 1024 nvraid - ok
14:59:05.0476 1024 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:59:05.0476 1024 nvstor - ok
14:59:05.0507 1024 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:59:05.0523 1024 nv_agp - ok
14:59:05.0523 1024 NwlnkFlt - ok
14:59:05.0523 1024 NwlnkFwd - ok
14:59:05.0663 1024 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:59:05.0679 1024 odserv - ok
14:59:05.0710 1024 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:59:05.0710 1024 ohci1394 - ok
14:59:05.0772 1024 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:59:05.0772 1024 ose - ok
14:59:05.0866 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
14:59:05.0882 1024 p2pimsvc - ok
14:59:05.0897 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
14:59:05.0897 1024 p2psvc - ok
14:59:05.0913 1024 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
14:59:05.0928 1024 Parport - ok
14:59:05.0975 1024 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:59:05.0975 1024 partmgr - ok
14:59:06.0006 1024 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
14:59:06.0006 1024 Parvdm - ok
14:59:06.0038 1024 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
14:59:06.0038 1024 PcaSvc - ok
14:59:06.0084 1024 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
14:59:06.0084 1024 pci - ok
14:59:06.0131 1024 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
14:59:06.0131 1024 pciide - ok
14:59:06.0162 1024 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
14:59:06.0162 1024 pcmcia - ok
14:59:06.0240 1024 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:59:06.0272 1024 PEAUTH - ok
14:59:06.0334 1024 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
14:59:06.0381 1024 pla - ok
14:59:06.0412 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
14:59:06.0412 1024 PNRPAutoReg - ok
14:59:06.0459 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
14:59:06.0459 1024 PNRPsvc - ok
14:59:06.0506 1024 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:59:06.0521 1024 PolicyAgent - ok
14:59:06.0537 1024 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:59:06.0537 1024 PptpMiniport - ok
14:59:06.0568 1024 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
14:59:06.0568 1024 Processor - ok
14:59:06.0615 1024 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
14:59:06.0630 1024 ProfSvc - ok
14:59:06.0646 1024 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
14:59:06.0646 1024 ProtectedStorage - ok
14:59:06.0708 1024 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
14:59:06.0708 1024 PSched - ok
14:59:06.0786 1024 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
14:59:06.0833 1024 ql2300 - ok
14:59:06.0849 1024 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
14:59:06.0849 1024 ql40xx - ok
14:59:06.0880 1024 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:59:06.0880 1024 QWAVEdrv - ok
14:59:06.0911 1024 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:59:06.0911 1024 RasAcd - ok
14:59:06.0958 1024 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
14:59:06.0958 1024 RasAuto - ok
14:59:06.0989 1024 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:59:07.0005 1024 Rasl2tp - ok
14:59:07.0036 1024 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
14:59:07.0052 1024 RasMan - ok
14:59:07.0098 1024 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:59:07.0098 1024 RasPppoe - ok
14:59:07.0145 1024 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:59:07.0145 1024 RasSstp - ok
14:59:07.0192 1024 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:59:07.0192 1024 rdbss - ok
14:59:07.0223 1024 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:59:07.0223 1024 RDPCDD - ok
14:59:07.0254 1024 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
14:59:07.0254 1024 rdpdr - ok
14:59:07.0254 1024 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:59:07.0270 1024 RDPENCDD - ok
14:59:07.0332 1024 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:59:07.0332 1024 RDPWD - ok
14:59:07.0410 1024 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:59:07.0426 1024 RemoteAccess - ok
14:59:07.0488 1024 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:59:07.0504 1024 RemoteRegistry - ok
14:59:07.0551 1024 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
14:59:07.0551 1024 RpcLocator - ok
14:59:07.0613 1024 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\Windows\system32\rpcnet.exe
14:59:07.0613 1024 rpcnet - ok
14:59:07.0676 1024 [ 11CF31E0D86D71D7D0CF5A5DA86EBFF2 ] rpcnetp C:\Windows\System32\rpcnetp.exe
14:59:07.0676 1024 rpcnetp - ok
14:59:07.0707 1024 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
14:59:07.0707 1024 RpcSs - ok
14:59:07.0738 1024 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:59:07.0754 1024 rspndr - ok
14:59:07.0816 1024 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
14:59:07.0832 1024 RTL8169 - ok
14:59:07.0878 1024 [ 661AF6A63DFF9F23B1DC3FB7B3E7A917 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
14:59:07.0878 1024 RTL8187B - ok
14:59:07.0941 1024 [ 68180821FEDEBB2B373D83A2D8E4E16A ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
14:59:07.0941 1024 RTSTOR - ok
14:59:07.0972 1024 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
14:59:07.0972 1024 SamSs - ok
14:59:08.0003 1024 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:59:08.0003 1024 sbp2port - ok
14:59:08.0050 1024 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:59:08.0050 1024 SCardSvr - ok
14:59:08.0128 1024 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
14:59:08.0159 1024 Schedule - ok
14:59:08.0175 1024 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
14:59:08.0175 1024 SCPolicySvc - ok
14:59:08.0206 1024 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:59:08.0206 1024 SDRSVC - ok
14:59:08.0237 1024 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:59:08.0237 1024 secdrv - ok
14:59:08.0268 1024 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:59:08.0268 1024 Serenum - ok
14:59:08.0284 1024 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
14:59:08.0300 1024 Serial - ok
14:59:08.0331 1024 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
14:59:08.0331 1024 sermouse - ok
14:59:08.0362 1024 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:59:08.0362 1024 sffdisk - ok
14:59:08.0409 1024 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:59:08.0409 1024 sffp_mmc - ok
14:59:08.0424 1024 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:59:08.0424 1024 sffp_sd - ok
14:59:08.0440 1024 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
14:59:08.0440 1024 sfloppy - ok
14:59:08.0518 1024 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:59:08.0518 1024 ShellHWDetection - ok
14:59:08.0549 1024 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
14:59:08.0549 1024 sisagp - ok
14:59:08.0580 1024 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
14:59:08.0580 1024 SiSRaid2 - ok
14:59:08.0612 1024 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
14:59:08.0612 1024 SiSRaid4 - ok
14:59:08.0736 1024 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
14:59:08.0830 1024 slsvc - ok
14:59:08.0877 1024 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:59:08.0877 1024 Smb - ok
14:59:08.0939 1024 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:59:08.0939 1024 SNMPTRAP - ok
14:59:08.0955 1024 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
14:59:08.0955 1024 spldr - ok
14:59:08.0986 1024 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
14:59:09.0002 1024 Spooler - ok
14:59:09.0048 1024 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
14:59:09.0064 1024 srv - ok
14:59:09.0095 1024 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:59:09.0111 1024 srv2 - ok
14:59:09.0126 1024 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:59:09.0126 1024 srvnet - ok
14:59:09.0158 1024 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:59:09.0173 1024 SSDPSRV - ok
14:59:09.0251 1024 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:59:09.0251 1024 SstpSvc - ok
14:59:09.0345 1024 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
14:59:09.0360 1024 stisvc - ok
14:59:09.0392 1024 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
14:59:09.0392 1024 swenum - ok
14:59:09.0438 1024 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
14:59:09.0438 1024 swprv - ok
14:59:09.0485 1024 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
14:59:09.0485 1024 Symc8xx - ok
14:59:09.0501 1024 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
14:59:09.0516 1024 Sym_hi - ok
14:59:09.0532 1024 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
14:59:09.0532 1024 Sym_u3 - ok
14:59:09.0563 1024 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:59:09.0579 1024 TabletInputService - ok
14:59:09.0641 1024 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:59:09.0657 1024 TapiSrv - ok
14:59:09.0688 1024 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
14:59:09.0704 1024 TBS - ok
14:59:09.0766 1024 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:59:09.0797 1024 Tcpip - ok
14:59:09.0813 1024 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
14:59:09.0828 1024 Tcpip6 - ok
14:59:09.0875 1024 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:59:09.0891 1024 tcpipreg - ok
14:59:09.0922 1024 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:59:09.0938 1024 TDPIPE - ok
14:59:09.0953 1024 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:59:09.0953 1024 TDTCP - ok
14:59:10.0031 1024 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:59:10.0031 1024 tdx - ok
14:59:10.0047 1024 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
14:59:10.0047 1024 TermDD - ok
14:59:10.0125 1024 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
14:59:10.0140 1024 TermService - ok
14:59:10.0172 1024 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
14:59:10.0172 1024 Themes - ok
14:59:10.0187 1024 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
14:59:10.0187 1024 THREADORDER - ok
14:59:10.0218 1024 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
14:59:10.0218 1024 TrkWks - ok
14:59:10.0312 1024 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:59:10.0328 1024 TrustedInstaller - ok
14:59:10.0374 1024 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:59:10.0406 1024 tssecsrv - ok
14:59:10.0452 1024 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
14:59:10.0452 1024 tunmp - ok
14:59:10.0515 1024 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:59:10.0515 1024 tunnel - ok
14:59:10.0546 1024 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
14:59:10.0546 1024 uagp35 - ok
14:59:10.0577 1024 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:59:10.0577 1024 udfs - ok
14:59:10.0640 1024 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:59:10.0640 1024 UI0Detect - ok
14:59:10.0655 1024 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:59:10.0655 1024 uliagpkx - ok
14:59:10.0702 1024 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
14:59:10.0718 1024 uliahci - ok
14:59:10.0733 1024 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
14:59:10.0733 1024 UlSata - ok
14:59:10.0780 1024 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
14:59:10.0780 1024 ulsata2 - ok
14:59:10.0811 1024 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:59:10.0811 1024 umbus - ok
14:59:10.0858 1024 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:59:10.0858 1024 usbccgp - ok
14:59:10.0936 1024 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:59:10.0936 1024 usbcir - ok
14:59:10.0983 1024 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
14:59:10.0983 1024 usbehci - ok
14:59:11.0014 1024 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
14:59:11.0014 1024 usbhub - ok
14:59:11.0045 1024 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
14:59:11.0045 1024 usbohci - ok
14:59:11.0108 1024 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:59:11.0108 1024 usbprint - ok
14:59:11.0186 1024 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:59:11.0186 1024 usbscan - ok
14:59:11.0201 1024 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:59:11.0201 1024 USBSTOR - ok
14:59:11.0248 1024 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
14:59:11.0248 1024 usbuhci - ok
14:59:11.0295 1024 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
14:59:11.0295 1024 usbvideo - ok
14:59:11.0326 1024 [ 7B8424BBAAFBC127C8F55AD6007D6D6B ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS
14:59:11.0326 1024 UVCFTR - ok
14:59:11.0373 1024 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
14:59:11.0373 1024 UxSms - ok
14:59:11.0420 1024 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
14:59:11.0435 1024 vds - ok
14:59:11.0466 1024 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:59:11.0466 1024 vga - ok
14:59:11.0482 1024 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
14:59:11.0482 1024 VgaSave - ok
14:59:11.0513 1024 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
14:59:11.0513 1024 viaagp - ok
14:59:11.0544 1024 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
14:59:11.0544 1024 ViaC7 - ok
14:59:11.0560 1024 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
14:59:11.0560 1024 viaide - ok
14:59:11.0591 1024 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:59:11.0591 1024 volmgr - ok
14:59:11.0669 1024 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:59:11.0669 1024 volmgrx - ok
14:59:11.0732 1024 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:59:11.0747 1024 volsnap - ok
14:59:11.0794 1024 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
14:59:11.0794 1024 vsmraid - ok
14:59:11.0841 1024 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
14:59:11.0872 1024 VSS - ok
14:59:11.0919 1024 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
14:59:11.0934 1024 W32Time - ok
14:59:11.0966 1024 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
14:59:11.0966 1024 WacomPen - ok
14:59:12.0012 1024 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
14:59:12.0012 1024 Wanarp - ok
14:59:12.0012 1024 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:59:12.0028 1024 Wanarpv6 - ok
14:59:12.0044 1024 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
14:59:12.0044 1024 Wd - ok
14:59:12.0090 1024 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:59:12.0106 1024 Wdf01000 - ok
14:59:12.0137 1024 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:59:12.0137 1024 WdiServiceHost - ok
14:59:12.0153 1024 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:59:12.0153 1024 WdiSystemHost - ok
14:59:12.0215 1024 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:59:12.0215 1024 Wecsvc - ok
14:59:12.0231 1024 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:59:12.0246 1024 wercplsupport - ok
14:59:12.0262 1024 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
14:59:12.0262 1024 WerSvc - ok
14:59:12.0371 1024 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:59:12.0387 1024 Winmgmt - ok
14:59:12.0465 1024 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
14:59:12.0543 1024 WinRM - ok
14:59:12.0605 1024 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
14:59:12.0621 1024 Wlansvc - ok
14:59:12.0652 1024 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
14:59:12.0652 1024 WmiAcpi - ok
14:59:12.0714 1024 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:59:12.0730 1024 wmiApSrv - ok
14:59:12.0824 1024 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
14:59:12.0855 1024 WMPNetworkSvc - ok
14:59:12.0917 1024 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:59:12.0933 1024 WPCSvc - ok
14:59:13.0042 1024 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
14:59:13.0058 1024 WpdUsb - ok
14:59:13.0214 1024 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:59:13.0229 1024 WPFFontCache_v0400 - ok
14:59:13.0323 1024 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:59:13.0354 1024 ws2ifsl - ok
14:59:13.0385 1024 WSearch - ok
14:59:13.0432 1024 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:59:13.0463 1024 WUDFRd - ok
14:59:13.0494 1024 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:59:13.0510 1024 wudfsvc - ok
14:59:13.0557 1024 ================ Scan global ===============================
14:59:13.0619 1024 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
14:59:13.0697 1024 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:59:13.0806 1024 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
14:59:13.0869 1024 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
14:59:13.0869 1024 [Global] - ok
14:59:13.0900 1024 ================ Scan MBR ==================================
14:59:13.0931 1024 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
14:59:15.0273 1024 \Device\Harddisk0\DR0 - ok
14:59:15.0288 1024 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk1\DR1
14:59:15.0288 1024 \Device\Harddisk1\DR1 - ok
14:59:15.0288 1024 ================ Scan VBR ==================================
14:59:15.0320 1024 [ 570BF47E461EAFF2B1B82C1A7A6F870E ] \Device\Harddisk0\DR0\Partition1
14:59:15.0320 1024 \Device\Harddisk0\DR0\Partition1 - ok
14:59:15.0382 1024 [ 1E9C0BA18D156E64011492099A1DCE16 ] \Device\Harddisk0\DR0\Partition2
14:59:15.0398 1024 \Device\Harddisk0\DR0\Partition2 - ok
14:59:15.0413 1024 [ C7D35E39758639961CC01BFC9E071CD3 ] \Device\Harddisk1\DR1\Partition1
14:59:15.0413 1024 \Device\Harddisk1\DR1\Partition1 - ok
14:59:15.0413 1024 ============================================================
14:59:15.0413 1024 Scan finished
14:59:15.0413 1024 ============================================================
14:59:15.0429 1000 Detected object count: 0
14:59:15.0429 1000 Actual detected object count: 0
14:59:36.0348 1416 Deinitialize success

#14 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 13 October 2012 - 04:54 PM

Now to your last post;

Go to Start >> select Control Panel >> and go to Action Center or Security Center (as appropos)

What does it show for antivirus status?
What does it show for Firewall status ?
What does it show for Automatic Updates?


Security center is not working in normal mode But I can tell you that my antivirus is disabled. Windows firewall has been disabled as I use the firewall in McAfee and Windows update has been set to manual for a long time now. I run update every month or so. The last time was about a week before this happened.


Did you or any other user of the system "disable any Windows services" ?


I do remember trying to get McAfee completely shut down from MSconfig but I only shut them down I did not alter the way in which they loaded and they have since returned. I am the only user of this computer. So the answer is No.

When was the last time you scanned your system with your antivirus program and security app (if you have another anti-malware) ?


About a week before this meltdown I tried to run a scan and the computer locked up. After I got the warning about ZeroAcess I was able to run a scan as part of McAfee's online instructions (which included the "bootrec fixmbr" command) and it ran all the way through but found nothing. It was durring this time when I realized nothing was working in normal mode.

NEXT: Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!..... ....Click the General tab. It should have Normal startup selected (in the radio-box=selection)
IF it does not, then you click on Normal startup.


To begin "MSconfig" will not run in normal mode. Under safe mode it was not set to normal start up because a long time ago I started using it to disable unwanted start up options so it has been set to selective start-up for years. However the load system services check box is checked and I have never tried to permenantly disable a service as I have no idea what most of them do. Especially the microsoft services. While in Safe mode I selected normal start-up and rebooted... No change in normal mode except a bunch of programs I had disabled came back and some gave me error msgs on start-up

NEXT: Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!


OK I went one step further I opened computer managment and checked those results as well...

To begin everything listed under MSconfig was checked there were only 3 on your list missing Window firewall, and windows update (probably as I stated I don't use them) and RPC end point mapper(?)

However the only service running was windows management intrumentation. Some of these won't run in safe mode anyway. (I know from prior experiments that windows installer won't run in safe mode)

Below is the list you included and below each entry is what I found in order shown left to right on MSConfig \ and then Comp management.

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.
Checked, Stopped, \comp mgmt Status:No status shown, start-up: automatic

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.
checked, stopped \comp mgmt Status:No status shown, start-up: manual


Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.
checked, stopped Status:No status shown, start-up: automatic

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.
checked, stopped Status:No status shown, start-up: manual

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.
Not shown

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.
Not shown

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.
checked, running Status:started, start-up: automatic

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.
checked, stopped Status:No status shown, start-up: manual

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.
Not shown

In general most every service is stopped but loaded automatically. Does this mean the are disabled or have the run their course and shut down? Or because I am stuck in safe mode? I know there are a bunch of services not running in normal mode. But why? Is there a list out there for min services for windows to run? It seems like there is a tleast one critical service that almost everything calls for that is not there.

NEXT:Do your best to run the TDSSKILLER with Chameleon MBAM run as I outlined before ..... even in Safe Mode with Networking !

See prior post.

I ran FSS;
Normal mode; "specified service is not an installed service"!!!!!!!!!!!!!!!!!!!
Safe mode;

Farbar Service Scanner Version: 07-10-2012
Ran by Owner (administrator) on 13-10-2012 at 17:37:35
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Network
****************************************************************
Internet Services:
============
Dnscache Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.
Nsi Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.
MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Auto. The default start type is 3.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
PlugPlay Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****


Well maybe we are getting somewhere? Or is this because its in safe mode?

As far as doing a clean install, I would love to but as I've said I can't run my recovery for that untill I get these services back. I don't care about anything on this machine. But the last time I tried to do a factory install without going through "Gateway recovery center" I had to have a tech guy fix it and I still don't have some of the original programs and features to this day.

#15 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 14 October 2012 - 09:18 AM

As I noted before

On the actual process to do the factory restore, check with Gateway on the exact procedure.

If you have not done that, get going on it. The number of missing services is way too much & the system has a ZEROACCESS backdoor infection !

The usual way to do a OEM factory restore is by pressing a specific function key at pc-startup (check with your OEM) and it would start the process from a hidden partition on your HDD. ALT+F10 keys for Gateway
REF http://support.gatew...15910su12.shtml

It is past time to nuke, pave, wipe the Windows partition and do a factory restore.

It looks like at least 9 windows services are awol.


Download and SAVE the following registry files to either your DESKTOP or to a unique folder

http://download.blee...ta/Dnscache.reg

http://download.blee...s/vista/nsi.reg

http://download.blee...ista/MpsSvc.reg

http://download.blee...s/vista/BFE.reg

http://download.blee...ista/wscsvc.reg

http://download.blee...ta/wuauserv.reg

http://download.blee.../vista/BITS.reg

http://download.blee...a/WinDefend.reg

http://download.blee...haredAccess.reg

One by one, for each reg file, do a Right-click on it and then select MERGE.

When that's done, Logoff and restart the system fresh. IF at all possible, we need to be in Windows normal mode.
IF and only if normal mode is not steady, next best is Safe mode with Networking ..... not plain safe mode.

Do this batch run and advise me after it is completed.

Windows services
This will be a batch-fix .
  • Press the Windows-key on keyboard.
  • In the Posted Image box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    sc stop msiserver
    sc config msiserver start= manual
    sc start msiserver
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= delayed-auto
    sc config bits start= delayed-auto
    sc config wuauserv start= delayed-auto
    sc config sdrsvc start= manual
    sc config vss start= auto
    sc config eventlog start= auto
    sc start mpsdrv
    sc start mpssvc
    shutdown -r -t 1
    del %0
  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the Posted Image box, type in Fix.bat.
  • Press Posted Image.
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose Posted Image.
  • Press Yes if prompted by User Account Control.
This procedure will do its tasks and then it will Restart Windows.

When Windows is reloaded and ready, do a new run of FSS.exe and copy and paste back here the new FSS.txt

Please download Listparts
Run the tool, click Scan and post the log (Result.txt) it makes.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#16 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 14 October 2012 - 08:56 PM

Hi Maurice,

Quote

On the actual process to do the factory restore, check with Gateway on the exact procedure.
If you have not done that, get going on it. The number of missing services is way too much & the system has a ZEROACCESS backdoor infection !


Ok, I do know what it takes to reload my software, and what it takes is factory recovery program called "Gateway Recovery Center". This program is no longer on my C Drive and because of this it no longer shows up as an option under the "advanced boot options menu" (f10). I have found a copy with it's installation program on my D Drive. But I cannot install anything in normal operation mode - currently i do not have the service(s) it needs and it will not run in safe mode.

It is past time to nuke, pave, wipe the Windows partition and do a factory restore.


I could however install a clean copy of just Vista if you think that will help get my machine to just run normally. For some reason reinstalling just windows causes alot of issues with Gateway installed devices and is part of the reason why I no longer have "Gateway Recovery Center" installed on my C drive. Some programs that came installed on the machine do not reload after a windows clean install. As far as I know the only way for me to do a factory install using my D: Recovery Drive is to use this Gateway Recovery Center, and the only way to truly reset the machine to how it came from the factory. If you know of a different way to access the D Drive I would be happy to hear it.

I performed the registry fixes that you gave me and did have some progress, thank you. Still most services are not working in normal mode, I did notice some improved speed and windows update seem to be running although the internet is still down. I was able to run that batch file from normal mode. But that is the only thing that would run in normal mode. I still had to reboot into safe mode to run FSS and ListParts and the logs will follow.

It looks to me that according to FSS some of those services are back online even though they won't run in safe mode...? Also, I did some digging and it would appear that most of those services you were trying to restart require the RPC Service. It would seem that since most windows functions work in safe mode but not in normal mode that there is some common service loaded differently between the two, could it be this RPC Service? Which shows as started under safe mode?

Anyways, here are the logs ...

Farbar Service Scanner Version: 07-10-2012
Ran by Owner (administrator) on 14-10-2012 at 19:31:33
Running from "C:\Users\Owner\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Network
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Other errors
Yahoo IP is accessible.
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.
bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
VSS Service is not running. Checking service configuration:
The start type of VSS service is set to Auto. The default start type is 3.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
PlugPlay Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-01-20 22:24] - [2008-01-20 22:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

ListParts by Farbar Version: 14-10-2012
Ran by Owner (administrator) on 14-10-2012 at 21:03:55
Windows Vista (X86)
Running From: C:\Users\Owner\Desktop
Language: 0409
************************************************************
========================= Memory info ======================
Percentage of memory in use: 21%
Total physical RAM: 1917.38 MB
Available physical RAM: 1498.43 MB
Total Pagefile: 4077.27 MB
Available Pagefile: 3760.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.64 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:221.84 GB) (Free:162.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:11.04 GB) (Free:5.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.72 GB) FAT
DiskPart has encountered an error: The dependency service does not exist or has been marked for deletion.
See the System Event Log for more information.

Windows Boot Manager
--------------------
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {e23fcb56-ef6d-11e0-8ff4-e29c84b9fc51}
resumeobject {e23fcb57-ef6d-11e0-8ff4-e29c84b9fc51}
displayorder {e23fcb56-ef6d-11e0-8ff4-e29c84b9fc51}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
resume No
Windows Boot Loader
-------------------
identifier {0acdd9b1-fc19-11e0-a0fb-ba66e51c8955}
device partition=D:
path \Windows\system32\boot\winload.exe
description Windows ™ Code Name "Longhorn" Preinstallation Environment (recovered)
osdevice partition=D:
systemroot \Windows
detecthal Yes
winpe Yes
Windows Boot Loader
-------------------
identifier {e23fcb56-ef6d-11e0-8ff4-e29c84b9fc51}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice partition=C:
systemroot \Windows
resumeobject {e23fcb57-ef6d-11e0-8ff4-e29c84b9fc51}
nx OptIn
Resume from Hibernate
---------------------
identifier {e23fcb57-ef6d-11e0-8ff4-e29c84b9fc51}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes
Windows Legacy OS Loader
------------------------
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device partition=C:
path \ntldr
description Earlier Version of Windows
EMS Settings
------------
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes
Debugger Settings
-----------------
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}
Global Settings
---------------
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}
Boot Loader Settings
--------------------
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Resume Loader Settings
----------------------
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

****** End Of Log ******

#17 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 15 October 2012 - 07:37 AM

Please do this:
1. Open Internet Explorer.
2. Click "Tools," and then click "Internet Options."
3. Click "Connections," and then click "LAN Settings."
4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.
5. Make sure Proxy servers block is not selected (not checkmarked).
6. Apply changes & OK

Step 2
Using Internet Explorer (only!) go to http://support.microsoft.com/kb/923737
[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],
run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

Step 3
Please copy/paste the lines in bold below to Notepad:

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset resetlog.log
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Double-click flush.bat file to run it. Your computer will reboot.

Step 4
Use Internet Explorer (only) to do an online scan at ESET......
The scan may take an hour or two or three, but is wel worth the time.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:
{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}
  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology

    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.
    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here
    http://www.eset.com/...c4.php?page=faq
  • Use of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#18 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 15 October 2012 - 12:13 PM

Well we are making progress. When I first read your instructions I thought OK but niether IE or my web connection work in either safe or normal but I"ll try it.... Well I guess I have the internet back even though It still says "the specified service does not exist...bla bla" in the notification area of the task bar.

First I could not find a check box that said "proxy servers BLOCK" instead I have a box that says "Use a proxy server for your LAN" it was unchecked and I left it that way. Under that if checked there is another check box that says "Bypass Proxy server for local address" Also unchecked. Is this what you want?

Unfortunately It still seems that administrator privledges are offline or somehow screwed up. So right away I had trouble running the automatic IE reset. So I followed that page's onscreen instructions to do so manually and had no trouble.

I ran "Flush.bat" without incident from normal mode and it rebooted the computer.

I went to the ESET site and atempted to run the scan without much hope (since admin privledges are down) and this is what I got;


"The website wants to install the following add-on..."
clicked on install. Got;
"To display this webpage again the browser needs to resend the information you've previously submitted..."
Hit retry and cancell. Got;
"An add on for this website failed to run."

So what next boss? :)

#19 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 15 October 2012 - 01:44 PM

minor point,

It still says "the specified service does not exist...bla bla" in the notification area of the task bar.

As long as Windows is useable and it's in normal mode, disregard that prompt for the time being.

Yes, that is what I wanted for IE browser.
And you got to ESET website ok, right?

Seems to me, you have some settings in your IE browser that are getting in the way. ....ughhhh.....
Let's give this a whirl.
Internet Explorer, Tools >> Internet Options
click on ADVANCED tab
Look at the very bottom block .... Reset Internet Explorer settings
Click on Reset button
Press Apply button

Now Press Security Tab
Click the Trusted Sites icon
Click the Sites button

now type in to the Add box (at top)..... {You may COPY then Paste}
http://*.eset.com
and press the Add button
Press Close button
Press Appy button & OK button

Now, press Tools and hover the mouse over Pop-up Blocker
Make sure Pop-up blocker is NOT on

When done, try one more time the ESET Online scan as I had outlined.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#20 Duncann

Duncann

    New Member

  • Members
  • Pip
  • 14 posts
  • Gender:Male
  • Location:Maine

Posted 16 October 2012 - 01:30 PM

hi maurice,

Yes, that is what I wanted for IE browser.
And you got to ESET website ok, right?

Yes.

OK here we go
  • reset internet explorer. -done
  • Add ESET to my trusted sites list. -done, but I had to uncheck box that said "Require server verification"
  • turn off pop-up blocker. -done, it was on
Went to ESET and got the same results;

"The website wants to install the following add-on..."
clicked on install. Got;
"To display this webpage again the browser needs to resend the information you've previously submitted..."
Hit retry or cancel. Got;
"An add-on for this website failed to run."
end of story.

Any other ideas? It says on their webpage that you have to have admin privledges to run scaner. But I can't run anything in normal mode as administrator. I have been periodicaly trying various programs as we work through this just to see if they will run and "run as administrator" does not work. I am the admin for this computer at least thats what it says in Account control.
For instance; I am trying to install my "Gateway Recovery Center" (GRC) When I run the install program It does start but when I click on continue It says " The system administrator has set policies to prevent this installation". The file is an ".msi" file so there is no right click-Run as administrator option. Other programs like IE will run fine from a double click but not if you right click-run as admin. It says... ready..."The specified service does not ...bla bla bla"

Should I try it in safe mode?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users