Duncann

The specified service does not exist as an installed service

28 posts in this topic

I am having trouble with my laptop and yours is the only site I have found with a resolution. Specifically a post by the same name as this dated Sep 12 2012 by Hemi425. He was helped by a Mr. post_offline.pngMaurice Naggar . There were several warnings by Mr. Nagger not to follow those instructions on my own but to Post a new topic. So Mr. Nagger if you are out there Please Help.

First the stats and info;

Gateway laptop model 1625, circa 2008

OS- microsoft vista service pack 2 build 6002

Pro- AMD turion 64 X2 mobile technology

Ram- 2Gb

HD- ? 220 Gb

Video card- ? Supposed to be ATI based

Sound card- ?

AV- until now I have been using McAfee internet security

(part of my problem is that device manager does not work)

The back story;

About 3 weeks ago while surfing the web I got a virus. Specificaly Zeroaccess Trojan that Mcafee was good enough to tell me about. My first indication was a pop-up from McAfee stating that it was there and in order to fix the problem I would need to reboot. I rebooted only to have the same msg. occure over and over I couldn't even ignore it. Well long story short after talking with Mcafee for an hour they said they could help me for a modest $90.00 fee. I was angry and decided to go it alone. I found instructions on how to remove the virus on-line at McAfee's own web site and folowed them to the letter. The last instruction given was to run the Bootrec /fixmbr command from the recovery console command prompt. I did this and rebooted my machine. Well no more virus pop-ups... Also no more internet conection, no sound, No device manager, almost nothing works in controll panel Most of my programs either fail to start or give me the following msg, "The specified service does not exist as an installed service". Explorerer will allow me to veiw and work with my files but will hang sometimes for a min in between every mouse click, and it takes almost 6 min to boot the machine. Windows boots but that is about all.

I have tried all the usuall chanels for support. My vendor gateway has very little help for a model this old. Thinking that this was virus related I originally sought help at the viruses and malware forum of Computer help Forums, where a very nice guy named superdave was helping me. And I am affraid I stumped Dave. He had me run both the fixmbr and the fixboot commands again. We ran the windows startup repair utility as well as several cleanup and malware removal tools (from safemode which is the only place they will run) The logs of which are available if needed. Finally He sugested I format and reload windows. Which I'd be only to happy to do, I had intended to all along but I can't because of this issue. Thats annother story suffice to say that is issue 2 which I may also need help with... I am sorry for the length of this post if anyone could help me I would sincerely appreciate it!

I will post DDS logs here;

(please note all my scans are from safe mode. They will not work any other way. Also I have no access to the internet on the problem machine so all files are transfered using a flash drive.)

.

DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL

Internet Explorer: 9.0.8112.16421

Run by Owner at 23:04:58 on 2012-10-07

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1917.1607 [GMT -4:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.myfairpoint.net/fairpoint/portal/index.aspx/

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: netflix.com

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B512CDF3-308A-4F41-82BD-75D11C1878E6} : DhcpNameServer = 192.168.1.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll

.

============= SERVICES / DRIVERS ===============

.

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-11-12 60480]

.

=============== Created Last 30 ================

.

2012-10-01 19:44:32 -------- d-----w- C:\GRC

2012-09-30 04:24:48 -------- d-----w- c:\program files\CCleaner

2012-09-30 03:16:01 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-30 03:16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-14 00:59:43 -------- d-----w- c:\users\owner\appdata\roaming\McAfee

2012-09-09 17:45:10 -------- d-----w- c:\users\owner\appdata\roaming\progeSOFT

2012-09-09 17:44:40 -------- d-----w- c:\programdata\progeSOFT

2012-09-09 17:43:34 69632 ----a-w- c:\windows\system32\temp.002

2012-09-09 17:43:33 77878 ----a-w- c:\windows\system32\temp.001

2012-09-09 17:43:33 266293 ----a-w- c:\windows\system32\temp.000

2012-09-09 17:43:29 2134016 ----a-w- c:\windows\system32\cdintf251.dll

2012-09-09 17:43:01 89360 ----a-w- c:\windows\system32\vb5db.dll

2012-09-09 17:42:58 339968 ----a-w- c:\windows\system32\Slide.ocx

2012-09-09 17:42:58 274432 ----a-w- c:\windows\system32\DwgThumbnail.ocx

2012-09-09 17:42:45 503808 ----a-w- c:\windows\system32\msvcp71.dll

2012-09-09 17:42:45 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-09-09 17:42:44 61440 ----a-w- c:\windows\system32\wintab32.dll

2012-09-09 17:42:44 1060864 ----a-w- c:\windows\system32\mfc71.dll

2012-09-09 17:42:42 368912 ----a-w- c:\windows\system32\vbar332.dll

2012-09-09 17:42:42 140288 ----a-w- c:\windows\system32\COMDLG32.OCX

2012-09-09 17:42:42 -------- d-----w- c:\program files\progeSOFT

.

==================== Find3M ====================

.

2012-10-08 01:04:37 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2012-10-08 01:04:35 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-10-08 00:19:57 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2012-09-14 00:25:23 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-14 00:25:23 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

.

============= FINISH: 23:07:03.40 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 10/5/2011 11:26:11 AM

System Uptime: 10/7/2012 11:03:32 PM (0 hours ago)

.

Motherboard: Gateway | |

Processor: AMD Turion™ 64 X2 Mobile Technology TL-60 | Socket M2/S1G1 | 1995/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 222 GiB total, 162.616 GiB free.

D: is FIXED (NTFS) - 11 GiB total, 5.213 GiB free.

E: is CDROM ()

G: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.2

Amazon MP3 Downloader 1.0.15

ATI Catalyst Install Manager

Camera Assistant Software for Gateway

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center HydraVision Full

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Civilization III Complete Edition

Forge of Freedom

Garmin Training Center

Garmin USB Drivers

Guns of August

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Malwarebytes Anti-Malware version 1.65.0.1400

McAfee Internet Security

McAfee Virtual Technician

Medieval II Total War

Medieval II Total War : Kingdoms : Americas

Medieval II Total War : Kingdoms : Britannia

Medieval II Total War : Kingdoms : Crusades

Medieval II Total War : Kingdoms : Teutonic

Microsoft .NET Framework 1.1

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual J# .NET Redistributable Package 1.1

OBDwiz

Power2Go 5.0

progeCAD 2009 Smart! ENG

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

Realtek USB 2.0 Card Reader

REALTEK USB Wireless LAN Driver

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Shared C Run-time for x86

Sid Meier's Civilization 4 Complete

Sid Meier's Civilization IV Colonization

Skins

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

.

==== Event Viewer Messages From Past Week ========

.

9/30/2012 6:23:54 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

10/7/2012 9:37:01 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

10/7/2012 9:06:01 PM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting.

10/7/2012 9:05:33 PM, Error: Service Control Manager [7024] - The ReadyBoost service terminated with service-specific error 0 (0x0).

10/7/2012 9:05:33 PM, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified.

10/7/2012 9:05:33 PM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified.

10/7/2012 9:05:33 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: Operation aborted

10/7/2012 9:05:33 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.

10/7/2012 9:05:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

10/7/2012 9:05:33 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

10/7/2012 9:01:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

10/7/2012 9:01:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

10/7/2012 11:06:11 PM, Error: Microsoft-Windows-TBS [16392] - An error occurred while starting the TBS. The error code was 0x8007000d.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfewfpk NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6

10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Tablet PC Input Service service depends the following service: PlugPlay. This service might not be installed.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/7/2012 11:05:33 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/7/2012 11:05:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/7/2012 11:04:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}

10/7/2012 11:04:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/7/2012 11:04:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/7/2012 10:24:42 PM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.

10/1/2012 6:17:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6

10/1/2012 3:44:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello Duncann and welcome to MalwareBytes forums.

Wow, long story. Keep in mind that this may be beyond a good fix, given the previous "fixes".

Do tell me if you have the Vista operating system DVD.

Also, keep in mind, this type of problem takes, usually, much more than 1, or 2, or even 3 sessions of back-and-forth.

Let me suggest, if you're an MBAM customer, you contact the consumer help desk here.

If you do that, please let me know.

Do this batch run and advise me after it is completed.

Windows services

This will be a batch-fix .

  • Press the Windows-key on keyboard.
  • In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    sc stop msiserver
    sc config msiserver start= manual
    sc start msiserver
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= delayed-auto
    sc config bits start= delayed-auto
    sc config wuauserv start= delayed-auto
    sc config sdrsvc start= manual
    sc config vss start= auto
    sc config eventlog start= auto
    sc start mpsdrv
    sc start mpssvc
    shutdown -r -t 1
    del %0


  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  • Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows.

As much as possible, have Windows Vista in normal mode ! ! !

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Share this post


Link to post
Share on other sites

Hello Maurice,

Thank you so much for responding. :) As i said I have seen this error talked about alot but your conversation with hemi425 was the only one resolved so I have high hopes. If we can just get my services back up so I can execute my recovery program I would be happy. I am assuming that a virus "root kit" or not can't survive a full format ?

Do tell me if you have the Vista operating system DVD.

I do. It was they only way I can access the Recovery console where I ran the bootrec commands both originally and later with Superdave. It will not allow me to do a factory reset however.

Let me suggest, if you're an MBAM customer, you contact the consumer help desk here.

If you do that, please let me know

I am not a "paying customer" but I have recently downloaded and used their shareware version. Superdave had me run it and it did remove at least some part of "Zeroaccess"

I downloaded and moved the files to the infected machine but neither one would run in Normal mode. Same message "Specified service not an installed service" I ran both the batch fix and RSIT from safe mode. Batch fix ran but paused very briefly and I thought I saw a message saying could not run in safe enviornment but it continued and rebooted the system. No change.

RSIT ran ok here are the logs:

BTW would you rather I attach or copy/paste these logs

Again thank you so much for responding.

log.txt

info.txt

Share this post


Link to post
Share on other sites

Note, always Copy and Paste the logs/reports inside main-body of reply box. Do NOT attach.

Given your report of ZeroAccess: Be advised :excl:

Backdoor trojan warning:ZeroAccess / Sirefef

This system has some serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Let me know what you decide.

IF you decide to still go forward, do this:

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt i_arrow-l.gif

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Share this post


Link to post
Share on other sites

Hi Maurice,

I read everything in your block text, I don't know if my passwords and login info are safe. The only ones I am concerned about are my online banking and I don't believe those are saved on the PC and I havn't been to that site since I got the Trojan. In fact I havn't been anywhere with that machine since it all came apart. It says that my wireless network adapter is not installed. Also as soon as I noticed the problem,(Trojan Detected) I turned off the switch for the wireless reciever and I have only turned it back on a few times briefly to see if it was working. In spite of this do you think my data has been compromised?

Let me know what you decide.

I do intend to wipe the hard drive and install fresh. Unfortunately with Gateway I need thier recovery center to do that. . At some point I lost it. I think because I installed a clean copy of windows some months ago for another problem. Anyway I can't install "Gateway Recovery Center" until I get back at least some functionality to the machine. If we can just get those services back I think I can do it. It would mean reloading from the recovery partition of my Hard Drive however, Can this "back door Trojan" stick around after a factory recovery from the recovery partition? (I do have a disk with Programs and drivers as well, but I don't believe it was intended for a full recovery)

I downloaded and ran FRST here is the log;

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012

Ran by SYSTEM at 09-10-2012 14:01:39

Running from G:\

Windows Vista ™ Home Premium Service Pack 1 (X86) OS Language: English(US)

The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [766536 2012-09-07] (Malwarebytes Corporation)

HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [279584 2012-08-24] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [200816 2012-06-22] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [168368 2012-06-22] (McAfee, Inc.)

2 mfevtp; "C:\Windows\system32\mfevtps.exe" [166320 2012-06-22] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [168280 2012-05-11] (McAfee, Inc.)

2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2011-12-07] (Absolute Software Corp.)

2 rpcnetp; C:\Windows\System32\rpcnetp.exe [17408 2012-10-08] ()

2 WebClient; C:\Windows\System32\svchost.exe -k LocalService [21504 2008-01-20] (Microsoft Corporation)

2 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 2008-01-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-06-22] (McAfee, Inc.)

3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [57800 2009-10-22] (FTDI Ltd.)

3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)

3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [127992 2012-06-22] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [230224 2012-06-22] (McAfee, Inc.)

3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [61912 2012-06-22] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [360792 2012-06-22] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [554048 2012-06-22] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-06-22] (McAfee, Inc.)

1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-06-22] (McAfee, Inc.)

3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)

3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [350720 2010-03-31] (Realtek Semiconductor Corporation )

3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [11776 2007-05-23] (Chicony Electronics Co., Ltd.)

3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 MFE_RR; \??\C:\Users\Owner\AppData\Local\Temp\mfe_rr.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2012-10-09 14:01 - 2012-10-09 14:01 - 00000000 ____D C:\FRST

2012-10-08 17:04 - 2012-10-08 17:04 - 00000000 ____D C:\Program Files\trend micro

2012-10-08 17:03 - 2012-10-08 17:04 - 00000000 ____D C:\rsit

2012-10-08 16:34 - 2012-10-08 16:24 - 00781383 ____A C:\Users\Owner\Desktop\RSIT.exe

2012-10-01 11:44 - 2012-10-01 11:45 - 00000000 ____D C:\GRC

2012-10-01 10:43 - 2012-10-01 10:43 - 102055407 ____A C:\Windows\MEMORY.DMP

2012-10-01 10:43 - 2012-10-01 10:43 - 00134656 ____A C:\Windows\Minidump\Mini100112-01.dmp

2012-09-29 21:00 - 2012-09-29 21:00 - 00000789 ____A C:\AdwCleaner[R3].txt

2012-09-29 20:38 - 2012-09-29 20:39 - 00000730 ____A C:\AdwCleaner[R2].txt

2012-09-29 20:24 - 2012-09-29 20:24 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-09-29 20:24 - 2012-09-29 20:24 - 00000000 ____D C:\Program Files\CCleaner

2012-09-29 20:20 - 2012-09-29 18:54 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe

2012-09-29 20:20 - 2012-09-29 17:57 - 04758577 ___RA (Swearware) C:\Users\Owner\Desktop\ComboFix.exe

2012-09-29 20:20 - 2012-09-29 17:57 - 00881724 ____A C:\Users\Owner\Desktop\SecurityCheck.exe

2012-09-29 20:20 - 2012-09-29 17:47 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr

2012-09-29 19:35 - 2012-09-29 19:06 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe

2012-09-29 19:16 - 2012-09-29 19:16 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-29 19:16 - 2012-09-29 19:16 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-09-29 19:16 - 2012-09-07 13:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-09-29 19:12 - 2012-09-29 19:12 - 00000671 ____A C:\AdwCleaner[R1].txt

2012-09-28 14:17 - 2012-09-27 16:57 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup.exe

2012-09-28 14:15 - 2012-09-27 16:56 - 00513501 ____A C:\Users\Owner\Desktop\adwcleaner.exe

2012-09-21 15:23 - 2012-09-29 20:05 - 00059952 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT

2012-09-21 05:21 - 2012-09-21 05:22 - 00000000 ____D C:\Users\Owner\Documents\gateway

2012-09-15 06:05 - 2012-09-15 06:20 - 00000000 ____D C:\Users\Owner\Desktop\New Folder

2012-09-13 16:59 - 2012-09-13 16:59 - 00000000 ____D C:\Users\Owner\AppData\Roaming\McAfee

2012-09-09 09:45 - 2012-09-09 09:45 - 00000000 ____D C:\Users\Owner\AppData\Roaming\progeSOFT

2012-09-09 09:44 - 2012-09-09 09:44 - 00001936 ____A C:\Users\Public\Desktop\progeCAD 2009 Smart!.lnk

2012-09-09 09:44 - 2012-09-09 09:44 - 00000000 ____D C:\Users\All Users\progeSOFT

2012-09-09 09:43 - 2009-10-07 11:42 - 00089360 ____A (Microsoft Corporation) C:\Windows\System32\vb5db.dll

2012-09-09 09:43 - 2009-10-07 11:40 - 00266293 ____A (Microsoft Corporation) C:\Windows\System32\temp.000

2012-09-09 09:43 - 2009-10-07 11:40 - 00069632 ____A (Microsoft Corporation) C:\Windows\System32\temp.002

2012-09-09 09:43 - 2009-10-07 11:39 - 02134016 ____A (Amyuni Technologies

2012-09-09 09:43 - 2009-10-07 11:39 - 00077878 ____A (Microsoft Corporation) C:\Windows\System32\temp.001

2012-09-09 09:42 - 2012-09-09 09:42 - 00000000 ____D C:\Program Files\progeSOFT

2012-09-09 09:42 - 2009-10-07 11:42 - 01060864 ____A (Microsoft Corporation) C:\Windows\System32\mfc71.dll

2012-09-09 09:42 - 2009-10-07 11:42 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll

2012-09-09 09:42 - 2009-10-07 11:42 - 00348160 ____A (Microsoft Corporation) C:\Windows\System32\msvcr71.dll

2012-09-09 09:42 - 2009-10-07 11:42 - 00061440 ____A C:\Windows\System32\wintab32.dll

2012-09-09 09:42 - 2001-03-13 11:49 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\COMDLG32.OCX

2012-09-09 09:42 - 1999-11-08 09:45 - 00339968 ____A (Autodesk) C:\Windows\System32\Slide.ocx

2012-09-09 09:42 - 1999-07-21 13:25 - 00274432 ____A (Autodesk Developer Consulting Group) C:\Windows\System32\DwgThumbnail.ocx

2012-09-09 09:42 - 1998-04-24 20:00 - 00368912 ____A (Microsoft Corporation) C:\Windows\System32\vbar332.dll

2012-09-09 09:31 - 2012-09-09 09:39 - 101350261 ____A C:\Users\Owner\Downloads\progeCAD-2009-Smart-AutoCAD-Clone.exe

==================== 3 Months Modified Files ==================

2012-10-08 17:30 - 2011-10-05 03:35 - 00001356 ____A C:\Users\Owner\AppData\Local\d3d9caps.dat

2012-10-08 17:08 - 2012-06-11 05:16 - 00001735 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk

2012-10-08 17:01 - 2011-10-05 07:21 - 00017408 ____A C:\Windows\System32\rpcnetp.exe

2012-10-08 16:57 - 2006-11-02 05:01 - 00032642 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-10-08 16:57 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-08 16:57 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-08 16:57 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-08 16:55 - 2006-11-02 02:33 - 00716688 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-08 16:47 - 2011-10-05 07:52 - 00058288 ____A (Absolute Software Corp.) C:\Windows\System32\rpcnet.dll

2012-10-08 16:47 - 2011-10-05 07:22 - 00017408 ____A C:\Windows\System32\rpcnetp.dll

2012-10-08 16:24 - 2012-10-08 16:34 - 00781383 ____A C:\Users\Owner\Desktop\RSIT.exe

2012-10-01 10:43 - 2012-10-01 10:43 - 102055407 ____A C:\Windows\MEMORY.DMP

2012-10-01 10:43 - 2012-10-01 10:43 - 00134656 ____A C:\Windows\Minidump\Mini100112-01.dmp

2012-09-29 21:00 - 2012-09-29 21:00 - 00000789 ____A C:\AdwCleaner[R3].txt

2012-09-29 20:39 - 2012-09-29 20:38 - 00000730 ____A C:\AdwCleaner[R2].txt

2012-09-29 20:24 - 2012-09-29 20:24 - 00000804 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-09-29 20:05 - 2012-09-21 15:23 - 00059952 ____A C:\Windows\System32\GDIPFONTCACHEV1.DAT

2012-09-29 19:16 - 2012-09-29 19:16 - 00000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-09-29 19:12 - 2012-09-29 19:12 - 00000671 ____A C:\AdwCleaner[R1].txt

2012-09-29 19:06 - 2012-09-29 19:35 - 01678240 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe

2012-09-29 18:54 - 2012-09-29 20:20 - 04731392 ____A (AVAST Software) C:\Users\Owner\Desktop\aswMBR.exe

2012-09-29 17:57 - 2012-09-29 20:20 - 04758577 ___RA (Swearware) C:\Users\Owner\Desktop\ComboFix.exe

2012-09-29 17:57 - 2012-09-29 20:20 - 00881724 ____A C:\Users\Owner\Desktop\SecurityCheck.exe

2012-09-29 17:47 - 2012-09-29 20:20 - 00607260 ____R (Swearware) C:\Users\Owner\Desktop\dds.scr

2012-09-27 16:57 - 2012-09-28 14:17 - 10523968 ____A (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup.exe

2012-09-27 16:56 - 2012-09-28 14:15 - 00513501 ____A C:\Users\Owner\Desktop\adwcleaner.exe

2012-09-21 15:58 - 2006-11-02 04:47 - 00264840 ____A C:\Windows\System32\FNTCACHE.DAT

2012-09-13 16:25 - 2012-04-18 05:36 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-09-13 16:25 - 2011-10-26 06:46 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-09-09 09:44 - 2012-09-09 09:44 - 00001936 ____A C:\Users\Public\Desktop\progeCAD 2009 Smart!.lnk

2012-09-09 09:39 - 2012-09-09 09:31 - 101350261 ____A C:\Users\Owner\Downloads\progeCAD-2009-Smart-AutoCAD-Clone.exe

2012-09-07 13:04 - 2012-09-29 19:16 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-24 03:28 - 2012-07-24 03:28 - 00001675 ____A C:\Users\Owner\Desktop\Guns of August (Quick Start).lnk

ZeroAccess:

C:\$Recycle.Bin\S-1-5-21-3537287095-3571365832-2134347009-1000\$0aa21280e1fc7d5237c7009ab6215ffc

ZeroAccess:

C:\$Recycle.Bin\S-1-5-18\$0aa21280e1fc7d5237c7009ab6215ffc

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

==================== Memory info ===========================

Percentage of memory in use: 21%

Total physical RAM: 1917.38 MB

Available physical RAM: 1510.14 MB

Total Pagefile: 1765.2 MB

Available Pagefile: 1581.35 MB

Total Virtual: 2047.88 MB

Available Virtual: 1974.31 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:221.84 GB) (Free:162.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (RECOVERY) (Fixed) (Total:11.04 GB) (Free:5.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]

3 Drive e: (ENU_HOME_PREM_32BIT_SP1.CMD) (CDROM) (Total:2.94 GB) (Free:0 GB) CDFS

5 Drive g: () (Removable) (Total:1.86 GB) (Free:1.74 GB) FAT

6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ---------- ------- ------- --- ---

Disk 0 Online 233 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 Online 1944 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 11 GB 32 KB

Partition 2 Primary 222 GB 11 GB

=========================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D RECOVERY NTFS Partition 11 GB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 222 GB Healthy

=========================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1908 MB 65 KB

=========================================================

Disk: 2

Partition 1

Type : 06

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 G FAT Removable 1908 MB Healthy

=========================================================

Last Boot: 2012-10-08 17:20

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

I would urge you, using a clean computer, to change ALL your passwords/logins. It is quite possible for the attacker, using the backdoor trojans, to have lifted your passwords and personal information. That's why I suggest you also cover your bank and credit accounts.

It's not typical for the infection to get into the factory recovery partition. On the actual process to do the factory restore, check with Gateway on the exact procedure.

While I am helping you here, it is important that you follow my guidance, and that you do NOT run tools/ or fixes/ or changes on your own, without first checking with me first.

It seems you had already run aswMBR, Adwcleaner, and Combofix on your own.

Please carefully follow this procedure :excl:

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on this system. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Share this post


Link to post
Share on other sites

Hi Dave,

I will change those passwords.

While I am helping you here, it is important that you follow my guidance, and that you do NOT run tools/ or fixes/ or changes on your own, without first checking with me first.

It seems you had already run aswMBR, Adwcleaner, and Combofix on your own.

I have not run those programs since I started with you. As I mentioned in my first post, SuperDave (Computer hope forums) had me run several cleaning and diagnostic programs. I realize that you are helping me out of the goodness in your heart. and I appreciate it. I will follow your lead.

I ran FRST with the script here is the log;

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-10 20:53:59 Run:1

Running from G:\

==============================================

Could not move C:\$Recycle.Bin\S-1-5-21-3537287095-3571365832-2134347009-1000\$0aa21280e1fc7d5237c7009ab6215ffc.

Could not move C:\$Recycle.Bin\S-1-5-18\$0aa21280e1fc7d5237c7009ab6215ffc.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

Hello Duncann,

Start the pc into normal mode Windows. {fresh start}

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT by doing a Right-Click on it & select Run As Admisnistrator

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Show all files:

  • Click the Start button, and then click Computer.
  • On the Organize menu, click Folder and Search Options.
  • Click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
  2. Click on START>All Programs>Malwarebytes' Anti-Malware>Tools>Malwarebytes Anti-Malware Chameleon
    On Windows 7, press Windows-key, then start typing in text box
Malwarebytes[code] then select/click [b]Malwarebytes Anti-Malware Chameleon[/b]
Once the Help file opens, click on a [b]Chameleon[/b] button (starting with #1)
If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
You should see a black Command-prompt-window that remains open and says [b]MBAM-chameleon ver. 1.6[/b] at the top
Press any key to continue as it says in the window {space-bar will do}
If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
Have infinite patience during this process
Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
Once the update completes and it says your database is updated, click on [b]OK[/b] button so that process can continue :excl:
Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
Once the scan is complete, click on [b]Show Results[/b] and remove any threats that are found by clicking [b]Remove Selected[/b]
If prompted to restart your computer to complete the removal process, click [b]Yes[/b] :excl:
If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
After your computer restarts, open [b]Malwarebytes Anti-Malware[/b] and perform one last Quick scan to verify that there are no remaining threats

Reply with copy of the MBAM scan log for review.

Share this post


Link to post
Share on other sites

Hi maurice,

Well I had problems in normal mode. (Surprise) I was able to install ERUNT in safe mode and back up the registry. I ran Chameleon From there as well and MBAM but MBAM found nothing. I rebooted into normal mode and tried to run chameleon again but nothing. It did run but I tried all 12 options and no Command box appeared. MBAM will not run in normal mode either.

Here is the log for what its worth;

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.07.13

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Owner :: DUNCAN-PC [administrator]

10/11/2012 9:19:54 PM

mbam-log-2012-10-11 (21-19-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 198107

Time elapsed: 3 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

ID: 10   Posted (edited)

Restart the system {fresh} and be sure it is in normal mode.

First

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.


  • Link 2
    Link 3
    Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
  • If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingc...opic308364.html

Next

Please follow my guidance. Ask if you have questions.

I am going to ask you to read very carefully. I am asking you to download to unique folder !!

Step 1. Close and save any open documents, and exit programs that you started.

Step 2. Download TDSSKiller.exe and SAVE it to a special folder

http://support.kaspe.../tdsskiller.exe

and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon

Step 3. Install the Chameleon driver by doing the following:

Press the Windows key + R and in the Run box, copy and paste the following command then press Enter. Copy All of the line from beginning to end {from the double-quote ...all the way to the last o ......ALL

"C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon" /o

A black DOS prompt will appear with a prompt to press any key to continue, please do.

Step 4

Please read carefully and follow these steps.

  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please Copy & Paste that log in reply.

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Hi Maurice'

Well I tried like hell to use normal mode. I just can't get these programs to run there. I get the same message "The specified service is not an installed service." Nothing works in normal mode!!! The list is endless it would be easier to list the things that do work. It would seem that some ini file/registry setting that loads all these services is not being loaded. I'm sorry, I spent 4 hrs trying all the different versions of RKill but each time after waiting I get "Specified service...bla bla" You seem to be urging me to use normal mode so I will try but in the end until we get those services back up I don't think anything will work there. If you don't want me to perform a task in safe mode please let me know otherwise I will try normal first then safe if that won't work

Anyway I gave in a ran Rkill in Safe mode and here are the results;

Rkill 2.4.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/12/2012 06:08:30 PM in x86 mode.

Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* DHCP Client (Dhcp) is not Running.

Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.

Startup Type set to: Automatic

* COM+ Event System (RpcSs) is not Running.

Startup Type set to: Automatic

* Windows Firewall Authorization Driver (mpsdrv) is not Running.

Startup Type set to: Manual

* Appinfo [Missing Service]

* BFE [Missing Service]

* BITS [Missing Service]

* Dnscache [Missing Service]

* IPBusEnum [Missing Service]

* iphlpsvc [Missing Service]

* MpsSvc [Missing Service]

* Netman [Missing Service]

* netprofm [Missing Service]

* nsi [Missing Service]

* PlugPlay [Missing Service]

* QWAVE [Missing Service]

* seclogon [Missing Service]

* SENS [Missing Service]

* SessionEnv [Missing Service]

* SLUINotify [Missing Service]

* SysMain [Missing Service]

* upnphost [Missing Service]

* wcncsvc [Missing Service]

* WcsPlugInService [Missing Service]

* WinDefend [Missing Service]

* WinHttpAutoProxySvc [Missing Service]

* wscsvc [Missing Service]

* wuauserv [Missing Service]

* SharedAccess [Missing ImagePath]

* WebClient [Missing Parameters Key]

* WPDBusEnum [Missing Parameters Key]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

::1 localhost

Program finished at: 10/12/2012 06:09:18 PM

Execution time: 0 hours(s), 0 minute(s), and 47 seconds(s)

As you can see a lot of missing services even for safe mode.

I did not continue with TDSSKiller I wanted to ask you if it ok to perform that task in safe mode if it won't work in Normal? (which it probaby won't.)

Also,

and be sure to SAVE it in this folder --> C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon
I do not have (x86) in this folder path in case it maters, ? But I am using a 32 bit system.

Share this post


Link to post
Share on other sites

I understand what you noted about Safe Mode with Networking. You may continue to use it for now.

But, a reminder, the pc has or had a ZeroAccess infection and surely knocked out some very important Windows services.

and remember my "backdoor trojan warning" from before. It may wind up at the point where you will need to do a system wipe and clean install of Vista + all your applications.

It looks as if you have a missing Windows service (one or more). Which may be a clue & confirmation that you do still have a malware infection and if so, that has to be hunted and corrected if possible.

Go to Start >> select Control Panel >> and go to Action Center or Security Center (as appropos)

What does it show for antivirus status?

What does it show for Firewall status ?

What does it show for Automatic Updates?

Did you or any other user of the system "disable any Windows services" ?

When was the last time you scanned your system with your antivirus program and security app (if you have another anti-malware) ?

NEXT: Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

From Start button, select RUN (or Win-key +R) and in the run-text-box type in MSCONFIG and press OK or Enter.

On Vista or Windows 7, press Windows-key on keybooard, and type in MSCONFIG

You should see the General tab. Click the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

Click on Services tab. To get it's display of services.

Keep a written list of any changes from my list of services below. That way you and I have a reference document.

Look at the bottom line Hide all Microsoft services

IF and only IF its is checkmarked, then un-check it.

the list of servies may be shown in non-alphabetical order, so ....

Look at the heading titled "Service". Click on it as needed so the list is sorted and top of list starts with the "A" services.

You can toggle as needed to get the desired order.

IF any of below services are NOT shown, don't panic & do not stop, just write down the info for me and proceed with the others !

Then using the scroll-bar scroll down the list

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

When done, press the Apply button, and the OK button.

You're likely to be prompted to Restart Windows, do so.

If not prompted, you do a Logoff and Restart of Windows.

Then report back here with details.

If any of the services are not shown, just let me know which.

NEXT:

Do your best to run the TDSSKILLER with Chameleon MBAM run as I outlined before ..... even in Safe Mode with Networking !

NEXT

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

Share this post


Link to post
Share on other sites

hi Maurice,

OK First things first, TDSSkiller;

I wasn't even able to copy the program to that folder in normal mode. It seems that along with most of my services administrator privliges is also not working. (I am admin for this computer) So back to safe mode... As I stated in last post ((x86) not in my folder path. So I copied program to chameleon folder then tried to run your command again (x86) no such folder. Altered command line to remove (x86) and ... No com window at all but up poped the folder Chameleon I ran TDSSKiller and it found nothing here is the log;

14:58:39.0814 1432 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

14:58:39.0845 1432 ============================================================

14:58:39.0845 1432 Current date / time: 2012/10/13 14:58:39.0845

14:58:39.0845 1432 SystemInfo:

14:58:39.0845 1432

14:58:39.0845 1432 OS Version: 6.0.6002 ServicePack: 2.0

14:58:39.0845 1432 Product type: Workstation

14:58:39.0845 1432 ComputerName: DUNCAN-PC

14:58:39.0845 1432 UserName: Owner

14:58:39.0845 1432 Windows directory: C:\Windows

14:58:39.0845 1432 System windows directory: C:\Windows

14:58:39.0845 1432 Processor architecture: Intel x86

14:58:39.0845 1432 Number of processors: 2

14:58:39.0845 1432 Page size: 0x1000

14:58:39.0845 1432 Boot type: Safe boot with network

14:58:39.0845 1432 ============================================================

14:58:41.0093 1432 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

14:58:41.0093 1432 Drive \Device\Harddisk1\DR1 - Size: 0x797D1A00 (1.90 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:58:41.0093 1432 ============================================================

14:58:41.0093 1432 \Device\Harddisk0\DR0:

14:58:41.0093 1432 MBR partitions:

14:58:41.0093 1432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1613C22

14:58:41.0093 1432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1613C61, BlocksNum 0x1BBB0920

14:58:41.0093 1432 \Device\Harddisk1\DR1:

14:58:41.0093 1432 MBR partitions:

14:58:41.0093 1432 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x3B9D3F

14:58:41.0093 1432 ============================================================

14:58:41.0140 1432 C: <-> \Device\Harddisk0\DR0\Partition2

14:58:41.0171 1432 D: <-> \Device\Harddisk0\DR0\Partition1

14:58:41.0171 1432 ============================================================

14:58:41.0171 1432 Initialize success

14:58:41.0171 1432 ============================================================

14:58:53.0355 1024 ============================================================

14:58:53.0355 1024 Scan started

14:58:53.0355 1024 Mode: Manual;

14:58:53.0355 1024 ============================================================

14:58:54.0431 1024 ================ Scan system memory ========================

14:58:54.0431 1024 System memory - ok

14:58:54.0447 1024 ================ Scan services =============================

14:58:54.0650 1024 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

14:58:54.0650 1024 ACPI - ok

14:58:54.0743 1024 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

14:58:54.0790 1024 adp94xx - ok

14:58:54.0868 1024 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

14:58:54.0899 1024 adpahci - ok

14:58:54.0962 1024 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

14:58:54.0962 1024 adpu160m - ok

14:58:55.0024 1024 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

14:58:55.0055 1024 adpu320 - ok

14:58:55.0164 1024 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

14:58:55.0180 1024 AeLookupSvc - ok

14:58:55.0258 1024 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

14:58:55.0258 1024 AFD - ok

14:58:55.0289 1024 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe

14:58:55.0289 1024 AgereModemAudio - ok

14:58:55.0367 1024 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

14:58:55.0398 1024 AgereSoftModem - ok

14:58:55.0523 1024 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

14:58:55.0523 1024 agp440 - ok

14:58:55.0570 1024 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

14:58:55.0570 1024 aic78xx - ok

14:58:55.0601 1024 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

14:58:55.0601 1024 ALG - ok

14:58:55.0617 1024 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

14:58:55.0617 1024 aliide - ok

14:58:55.0632 1024 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

14:58:55.0648 1024 amdagp - ok

14:58:55.0679 1024 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

14:58:55.0679 1024 amdide - ok

14:58:55.0710 1024 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

14:58:55.0710 1024 AmdK7 - ok

14:58:55.0742 1024 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

14:58:55.0757 1024 AmdK8 - ok

14:58:55.0788 1024 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

14:58:55.0788 1024 arc - ok

14:58:55.0835 1024 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

14:58:55.0851 1024 arcsas - ok

14:58:55.0991 1024 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

14:58:55.0991 1024 aspnet_state - ok

14:58:56.0054 1024 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

14:58:56.0054 1024 AsyncMac - ok

14:58:56.0116 1024 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

14:58:56.0116 1024 atapi - ok

14:58:56.0225 1024 [ 86ACB6A60C50E99EB8E68710D5A12654 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

14:58:56.0256 1024 Ati External Event Utility - ok

14:58:56.0459 1024 [ 7DB96C2801A78513BDC133C25D07929E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

14:58:56.0584 1024 atikmdag - ok

14:58:56.0646 1024 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

14:58:56.0646 1024 AtiPcie - ok

14:58:56.0740 1024 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:58:56.0756 1024 AudioEndpointBuilder - ok

14:58:56.0787 1024 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

14:58:56.0802 1024 Audiosrv - ok

14:58:56.0865 1024 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

14:58:56.0865 1024 Beep - ok

14:58:56.0896 1024 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

14:58:56.0896 1024 blbdrive - ok

14:58:57.0005 1024 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

14:58:57.0005 1024 bowser - ok

14:58:57.0052 1024 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

14:58:57.0052 1024 BrFiltLo - ok

14:58:57.0052 1024 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

14:58:57.0052 1024 BrFiltUp - ok

14:58:57.0114 1024 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

14:58:57.0114 1024 Browser - ok

14:58:57.0146 1024 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

14:58:57.0146 1024 Brserid - ok

14:58:57.0177 1024 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

14:58:57.0177 1024 BrSerWdm - ok

14:58:57.0208 1024 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

14:58:57.0208 1024 BrUsbMdm - ok

14:58:57.0224 1024 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

14:58:57.0224 1024 BrUsbSer - ok

14:58:57.0286 1024 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

14:58:57.0286 1024 BTHMODEM - ok

14:58:57.0317 1024 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

14:58:57.0333 1024 cdfs - ok

14:58:57.0364 1024 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

14:58:57.0364 1024 cdrom - ok

14:58:57.0426 1024 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

14:58:57.0442 1024 CertPropSvc - ok

14:58:57.0504 1024 [ 958C33D0715D1496684D2E5E329748E8 ] cfwids C:\Windows\system32\drivers\cfwids.sys

14:58:57.0504 1024 cfwids - ok

14:58:57.0536 1024 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

14:58:57.0536 1024 circlass - ok

14:58:57.0598 1024 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

14:58:57.0614 1024 CLFS - ok

14:58:57.0676 1024 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:58:57.0707 1024 clr_optimization_v2.0.50727_32 - ok

14:58:57.0801 1024 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:58:57.0832 1024 clr_optimization_v4.0.30319_32 - ok

14:58:57.0910 1024 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

14:58:57.0910 1024 CmBatt - ok

14:58:57.0941 1024 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

14:58:57.0941 1024 cmdide - ok

14:58:57.0988 1024 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

14:58:57.0988 1024 Compbatt - ok

14:58:58.0019 1024 COMSysApp - ok

14:58:58.0050 1024 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

14:58:58.0050 1024 crcdisk - ok

14:58:58.0082 1024 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

14:58:58.0082 1024 Crusoe - ok

14:58:58.0160 1024 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll

14:58:58.0160 1024 CryptSvc - ok

14:58:58.0238 1024 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

14:58:58.0284 1024 DcomLaunch - ok

14:58:58.0300 1024 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

14:58:58.0316 1024 DfsC - ok

14:58:58.0440 1024 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

14:58:58.0503 1024 DFSR - ok

14:58:58.0596 1024 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

14:58:58.0596 1024 Dhcp - ok

14:58:58.0674 1024 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

14:58:58.0674 1024 disk - ok

14:58:58.0721 1024 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

14:58:58.0737 1024 dot3svc - ok

14:58:58.0799 1024 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

14:58:58.0799 1024 DPS - ok

14:58:58.0846 1024 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

14:58:58.0846 1024 drmkaud - ok

14:58:58.0924 1024 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

14:58:58.0940 1024 DXGKrnl - ok

14:58:59.0049 1024 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

14:58:59.0049 1024 E1G60 - ok

14:58:59.0096 1024 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

14:58:59.0096 1024 EapHost - ok

14:58:59.0158 1024 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

14:58:59.0174 1024 Ecache - ok

14:58:59.0220 1024 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

14:58:59.0236 1024 ehRecvr - ok

14:58:59.0236 1024 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

14:58:59.0236 1024 ehSched - ok

14:58:59.0252 1024 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

14:58:59.0252 1024 ehstart - ok

14:58:59.0314 1024 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

14:58:59.0314 1024 elxstor - ok

14:58:59.0392 1024 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

14:58:59.0408 1024 EMDMgmt - ok

14:58:59.0470 1024 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

14:58:59.0470 1024 ErrDev - ok

14:58:59.0595 1024 esgiguard - ok

14:58:59.0642 1024 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

14:58:59.0657 1024 EventSystem - ok

14:58:59.0720 1024 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

14:58:59.0735 1024 exfat - ok

14:58:59.0766 1024 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

14:58:59.0782 1024 fastfat - ok

14:58:59.0813 1024 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

14:58:59.0813 1024 fdc - ok

14:58:59.0860 1024 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

14:58:59.0860 1024 fdPHost - ok

14:58:59.0860 1024 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

14:58:59.0876 1024 FDResPub - ok

14:58:59.0938 1024 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

14:58:59.0938 1024 FileInfo - ok

14:58:59.0954 1024 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

14:58:59.0954 1024 Filetrace - ok

14:59:00.0000 1024 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

14:59:00.0000 1024 flpydisk - ok

14:59:00.0063 1024 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

14:59:00.0063 1024 FltMgr - ok

14:59:00.0125 1024 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

14:59:00.0141 1024 FontCache3.0.0.0 - ok

14:59:00.0172 1024 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

14:59:00.0172 1024 Fs_Rec - ok

14:59:00.0266 1024 [ B7AA8283EC551D3A3B924E520E0621A7 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys

14:59:00.0266 1024 FTDIBUS - ok

14:59:00.0328 1024 [ 596D31583CE332B5514520D74837F434 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys

14:59:00.0344 1024 FTSER2K - ok

14:59:00.0375 1024 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

14:59:00.0375 1024 gagp30kx - ok

14:59:00.0437 1024 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

14:59:00.0453 1024 gpsvc - ok

14:59:00.0562 1024 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

14:59:00.0562 1024 HdAudAddService - ok

14:59:00.0640 1024 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

14:59:00.0656 1024 HDAudBus - ok

14:59:00.0687 1024 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

14:59:00.0687 1024 HidBth - ok

14:59:00.0687 1024 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

14:59:00.0702 1024 HidIr - ok

14:59:00.0734 1024 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll

14:59:00.0734 1024 hidserv - ok

14:59:00.0780 1024 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

14:59:00.0780 1024 HidUsb - ok

14:59:00.0874 1024 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

14:59:00.0874 1024 HipShieldK - ok

14:59:00.0936 1024 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

14:59:00.0936 1024 hkmsvc - ok

14:59:00.0968 1024 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

14:59:00.0968 1024 HpCISSs - ok

14:59:01.0030 1024 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

14:59:01.0030 1024 HTTP - ok

14:59:01.0092 1024 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

14:59:01.0092 1024 i2omp - ok

14:59:01.0155 1024 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

14:59:01.0155 1024 i8042prt - ok

14:59:01.0170 1024 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

14:59:01.0170 1024 iaStorV - ok

14:59:01.0295 1024 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

14:59:01.0326 1024 idsvc - ok

14:59:01.0358 1024 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

14:59:01.0358 1024 iirsp - ok

14:59:01.0404 1024 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

14:59:01.0420 1024 IKEEXT - ok

14:59:01.0467 1024 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

14:59:01.0467 1024 intelide - ok

14:59:01.0498 1024 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

14:59:01.0498 1024 intelppm - ok

14:59:01.0514 1024 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:59:01.0514 1024 IpFilterDriver - ok

14:59:01.0514 1024 IpInIp - ok

14:59:01.0529 1024 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

14:59:01.0529 1024 IPMIDRV - ok

14:59:01.0592 1024 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

14:59:01.0592 1024 IPNAT - ok

14:59:01.0607 1024 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

14:59:01.0623 1024 IRENUM - ok

14:59:01.0685 1024 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

14:59:01.0685 1024 isapnp - ok

14:59:01.0732 1024 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

14:59:01.0732 1024 iScsiPrt - ok

14:59:01.0763 1024 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

14:59:01.0763 1024 iteatapi - ok

14:59:01.0779 1024 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

14:59:01.0779 1024 iteraid - ok

14:59:01.0826 1024 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

14:59:01.0826 1024 kbdclass - ok

14:59:01.0841 1024 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

14:59:01.0841 1024 kbdhid - ok

14:59:01.0872 1024 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

14:59:01.0872 1024 KeyIso - ok

14:59:01.0935 1024 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

14:59:01.0935 1024 KSecDD - ok

14:59:02.0028 1024 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

14:59:02.0028 1024 KtmRm - ok

14:59:02.0091 1024 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll

14:59:02.0106 1024 LanmanServer - ok

14:59:02.0169 1024 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:59:02.0169 1024 LanmanWorkstation - ok

14:59:02.0216 1024 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

14:59:02.0216 1024 lltdio - ok

14:59:02.0247 1024 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

14:59:02.0247 1024 lltdsvc - ok

14:59:02.0294 1024 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

14:59:02.0294 1024 lmhosts - ok

14:59:02.0325 1024 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

14:59:02.0325 1024 LSI_FC - ok

14:59:02.0356 1024 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

14:59:02.0372 1024 LSI_SAS - ok

14:59:02.0403 1024 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

14:59:02.0403 1024 LSI_SCSI - ok

14:59:02.0465 1024 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

14:59:02.0465 1024 luafv - ok

14:59:02.0559 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

14:59:02.0559 1024 McMPFSvc - ok

14:59:02.0590 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

14:59:02.0590 1024 mcmscsvc - ok

14:59:02.0606 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

14:59:02.0606 1024 McNaiAnn - ok

14:59:02.0621 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

14:59:02.0621 1024 McNASvc - ok

14:59:02.0762 1024 [ F2424960B82DFCED4FB08596D3EF100A ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

14:59:02.0762 1024 McODS - ok

14:59:02.0762 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

14:59:02.0777 1024 McProxy - ok

14:59:02.0840 1024 [ 6A78931E71218F38B2B4665D2BA79789 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

14:59:02.0840 1024 McShield - ok

14:59:02.0871 1024 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

14:59:02.0871 1024 Mcx2Svc - ok

14:59:02.0902 1024 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

14:59:02.0902 1024 megasas - ok

14:59:02.0949 1024 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

14:59:02.0949 1024 MegaSR - ok

14:59:02.0996 1024 [ 38995E33939DCA02BEED384C37A0BABB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

14:59:02.0996 1024 mfeapfk - ok

14:59:03.0089 1024 [ ACB64C134E0FA7124FE67A8CC5F02833 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

14:59:03.0105 1024 mfeavfk - ok

14:59:03.0152 1024 [ FB331E460DBAE41B7CBDD72E690D6DA3 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys

14:59:03.0152 1024 mfebopk - ok

14:59:03.0183 1024 [ 8421EF9F71E0595BE68B5D913ED0FE78 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

14:59:03.0198 1024 mfefire - ok

14:59:03.0261 1024 [ 53891A53ACF0D43088E899DDD7209ACC ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

14:59:03.0261 1024 mfefirek - ok

14:59:03.0323 1024 [ 2F70286021B917F6D69C32C5DB8CD288 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

14:59:03.0339 1024 mfehidk - ok

14:59:03.0354 1024 [ 9171F3CA5DDD1D6A590B295F90E1E3BB ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

14:59:03.0370 1024 mferkdet - ok

14:59:03.0401 1024 [ 958E4A10C7C2C80714882542934C6912 ] mfevtp C:\Windows\system32\mfevtps.exe

14:59:03.0401 1024 mfevtp - ok

14:59:03.0432 1024 [ 07A474725D2DC08759496F58164795CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

14:59:03.0432 1024 mfewfpk - ok

14:59:03.0557 1024 MFE_RR - ok

14:59:03.0588 1024 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

14:59:03.0588 1024 MMCSS - ok

14:59:03.0604 1024 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

14:59:03.0604 1024 Modem - ok

14:59:03.0666 1024 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

14:59:03.0666 1024 monitor - ok

14:59:03.0682 1024 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

14:59:03.0682 1024 mouclass - ok

14:59:03.0698 1024 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

14:59:03.0698 1024 mouhid - ok

14:59:03.0729 1024 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

14:59:03.0729 1024 MountMgr - ok

14:59:03.0760 1024 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

14:59:03.0760 1024 mpio - ok

14:59:03.0822 1024 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

14:59:03.0822 1024 mpsdrv - ok

14:59:03.0854 1024 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

14:59:03.0854 1024 Mraid35x - ok

14:59:03.0916 1024 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

14:59:03.0916 1024 MRxDAV - ok

14:59:03.0963 1024 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

14:59:03.0963 1024 mrxsmb - ok

14:59:03.0978 1024 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:59:03.0978 1024 mrxsmb10 - ok

14:59:03.0978 1024 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:59:03.0978 1024 mrxsmb20 - ok

14:59:04.0010 1024 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys

14:59:04.0010 1024 msahci - ok

14:59:04.0056 1024 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

14:59:04.0056 1024 msdsm - ok

14:59:04.0088 1024 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

14:59:04.0088 1024 MSDTC - ok

14:59:04.0150 1024 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

14:59:04.0150 1024 Msfs - ok

14:59:04.0212 1024 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

14:59:04.0212 1024 msisadrv - ok

14:59:04.0244 1024 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

14:59:04.0244 1024 MSiSCSI - ok

14:59:04.0275 1024 msiserver - ok

14:59:04.0290 1024 [ 7047A47C4476ED8865CACF811A709BA9 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

14:59:04.0290 1024 MSK80Service - ok

14:59:04.0337 1024 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

14:59:04.0337 1024 MSKSSRV - ok

14:59:04.0400 1024 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

14:59:04.0400 1024 MSPCLOCK - ok

14:59:04.0415 1024 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

14:59:04.0415 1024 MSPQM - ok

14:59:04.0431 1024 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

14:59:04.0431 1024 MsRPC - ok

14:59:04.0478 1024 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

14:59:04.0478 1024 mssmbios - ok

14:59:04.0524 1024 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

14:59:04.0524 1024 MSTEE - ok

14:59:04.0556 1024 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

14:59:04.0556 1024 Mup - ok

14:59:04.0602 1024 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

14:59:04.0602 1024 napagent - ok

14:59:04.0665 1024 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

14:59:04.0665 1024 NativeWifiP - ok

14:59:04.0680 1024 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

14:59:04.0696 1024 NDIS - ok

14:59:04.0727 1024 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

14:59:04.0727 1024 NdisTapi - ok

14:59:04.0743 1024 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

14:59:04.0758 1024 Ndisuio - ok

14:59:04.0836 1024 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

14:59:04.0836 1024 NdisWan - ok

14:59:04.0852 1024 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

14:59:04.0852 1024 NDProxy - ok

14:59:04.0899 1024 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

14:59:04.0899 1024 NetBIOS - ok

14:59:04.0930 1024 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

14:59:04.0946 1024 netbt - ok

14:59:05.0008 1024 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

14:59:05.0008 1024 Netlogon - ok

14:59:05.0039 1024 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:59:05.0039 1024 NetTcpPortSharing - ok

14:59:05.0055 1024 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

14:59:05.0055 1024 nfrd960 - ok

14:59:05.0102 1024 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

14:59:05.0102 1024 NlaSvc - ok

14:59:05.0148 1024 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

14:59:05.0148 1024 Npfs - ok

14:59:05.0164 1024 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

14:59:05.0164 1024 nsiproxy - ok

14:59:05.0258 1024 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

14:59:05.0289 1024 Ntfs - ok

14:59:05.0304 1024 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

14:59:05.0304 1024 ntrigdigi - ok

14:59:05.0382 1024 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

14:59:05.0382 1024 NuidFltr - ok

14:59:05.0398 1024 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

14:59:05.0398 1024 Null - ok

14:59:05.0445 1024 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

14:59:05.0445 1024 nvraid - ok

14:59:05.0476 1024 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

14:59:05.0476 1024 nvstor - ok

14:59:05.0507 1024 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

14:59:05.0523 1024 nv_agp - ok

14:59:05.0523 1024 NwlnkFlt - ok

14:59:05.0523 1024 NwlnkFwd - ok

14:59:05.0663 1024 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

14:59:05.0679 1024 odserv - ok

14:59:05.0710 1024 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

14:59:05.0710 1024 ohci1394 - ok

14:59:05.0772 1024 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

14:59:05.0772 1024 ose - ok

14:59:05.0866 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

14:59:05.0882 1024 p2pimsvc - ok

14:59:05.0897 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

14:59:05.0897 1024 p2psvc - ok

14:59:05.0913 1024 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

14:59:05.0928 1024 Parport - ok

14:59:05.0975 1024 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

14:59:05.0975 1024 partmgr - ok

14:59:06.0006 1024 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

14:59:06.0006 1024 Parvdm - ok

14:59:06.0038 1024 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

14:59:06.0038 1024 PcaSvc - ok

14:59:06.0084 1024 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

14:59:06.0084 1024 pci - ok

14:59:06.0131 1024 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

14:59:06.0131 1024 pciide - ok

14:59:06.0162 1024 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

14:59:06.0162 1024 pcmcia - ok

14:59:06.0240 1024 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

14:59:06.0272 1024 PEAUTH - ok

14:59:06.0334 1024 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

14:59:06.0381 1024 pla - ok

14:59:06.0412 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

14:59:06.0412 1024 PNRPAutoReg - ok

14:59:06.0459 1024 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

14:59:06.0459 1024 PNRPsvc - ok

14:59:06.0506 1024 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

14:59:06.0521 1024 PolicyAgent - ok

14:59:06.0537 1024 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

14:59:06.0537 1024 PptpMiniport - ok

14:59:06.0568 1024 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys

14:59:06.0568 1024 Processor - ok

14:59:06.0615 1024 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

14:59:06.0630 1024 ProfSvc - ok

14:59:06.0646 1024 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

14:59:06.0646 1024 ProtectedStorage - ok

14:59:06.0708 1024 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

14:59:06.0708 1024 PSched - ok

14:59:06.0786 1024 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

14:59:06.0833 1024 ql2300 - ok

14:59:06.0849 1024 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

14:59:06.0849 1024 ql40xx - ok

14:59:06.0880 1024 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

14:59:06.0880 1024 QWAVEdrv - ok

14:59:06.0911 1024 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

14:59:06.0911 1024 RasAcd - ok

14:59:06.0958 1024 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

14:59:06.0958 1024 RasAuto - ok

14:59:06.0989 1024 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

14:59:07.0005 1024 Rasl2tp - ok

14:59:07.0036 1024 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

14:59:07.0052 1024 RasMan - ok

14:59:07.0098 1024 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

14:59:07.0098 1024 RasPppoe - ok

14:59:07.0145 1024 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

14:59:07.0145 1024 RasSstp - ok

14:59:07.0192 1024 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

14:59:07.0192 1024 rdbss - ok

14:59:07.0223 1024 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

14:59:07.0223 1024 RDPCDD - ok

14:59:07.0254 1024 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

14:59:07.0254 1024 rdpdr - ok

14:59:07.0254 1024 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

14:59:07.0270 1024 RDPENCDD - ok

14:59:07.0332 1024 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

14:59:07.0332 1024 RDPWD - ok

14:59:07.0410 1024 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

14:59:07.0426 1024 RemoteAccess - ok

14:59:07.0488 1024 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

14:59:07.0504 1024 RemoteRegistry - ok

14:59:07.0551 1024 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

14:59:07.0551 1024 RpcLocator - ok

14:59:07.0613 1024 [ 3297445BB9FD3E8363E7559010ED2AE7 ] rpcnet C:\Windows\system32\rpcnet.exe

14:59:07.0613 1024 rpcnet - ok

14:59:07.0676 1024 [ 11CF31E0D86D71D7D0CF5A5DA86EBFF2 ] rpcnetp C:\Windows\System32\rpcnetp.exe

14:59:07.0676 1024 rpcnetp - ok

14:59:07.0707 1024 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

14:59:07.0707 1024 RpcSs - ok

14:59:07.0738 1024 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

14:59:07.0754 1024 rspndr - ok

14:59:07.0816 1024 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys

14:59:07.0832 1024 RTL8169 - ok

14:59:07.0878 1024 [ 661AF6A63DFF9F23B1DC3FB7B3E7A917 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys

14:59:07.0878 1024 RTL8187B - ok

14:59:07.0941 1024 [ 68180821FEDEBB2B373D83A2D8E4E16A ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS

14:59:07.0941 1024 RTSTOR - ok

14:59:07.0972 1024 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

14:59:07.0972 1024 SamSs - ok

14:59:08.0003 1024 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

14:59:08.0003 1024 sbp2port - ok

14:59:08.0050 1024 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

14:59:08.0050 1024 SCardSvr - ok

14:59:08.0128 1024 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

14:59:08.0159 1024 Schedule - ok

14:59:08.0175 1024 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

14:59:08.0175 1024 SCPolicySvc - ok

14:59:08.0206 1024 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

14:59:08.0206 1024 SDRSVC - ok

14:59:08.0237 1024 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

14:59:08.0237 1024 secdrv - ok

14:59:08.0268 1024 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

14:59:08.0268 1024 Serenum - ok

14:59:08.0284 1024 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

14:59:08.0300 1024 Serial - ok

14:59:08.0331 1024 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

14:59:08.0331 1024 sermouse - ok

14:59:08.0362 1024 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

14:59:08.0362 1024 sffdisk - ok

14:59:08.0409 1024 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

14:59:08.0409 1024 sffp_mmc - ok

14:59:08.0424 1024 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

14:59:08.0424 1024 sffp_sd - ok

14:59:08.0440 1024 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

14:59:08.0440 1024 sfloppy - ok

14:59:08.0518 1024 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:59:08.0518 1024 ShellHWDetection - ok

14:59:08.0549 1024 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

14:59:08.0549 1024 sisagp - ok

14:59:08.0580 1024 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

14:59:08.0580 1024 SiSRaid2 - ok

14:59:08.0612 1024 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

14:59:08.0612 1024 SiSRaid4 - ok

14:59:08.0736 1024 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

14:59:08.0830 1024 slsvc - ok

14:59:08.0877 1024 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

14:59:08.0877 1024 Smb - ok

14:59:08.0939 1024 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

14:59:08.0939 1024 SNMPTRAP - ok

14:59:08.0955 1024 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

14:59:08.0955 1024 spldr - ok

14:59:08.0986 1024 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

14:59:09.0002 1024 Spooler - ok

14:59:09.0048 1024 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

14:59:09.0064 1024 srv - ok

14:59:09.0095 1024 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

14:59:09.0111 1024 srv2 - ok

14:59:09.0126 1024 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

14:59:09.0126 1024 srvnet - ok

14:59:09.0158 1024 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

14:59:09.0173 1024 SSDPSRV - ok

14:59:09.0251 1024 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

14:59:09.0251 1024 SstpSvc - ok

14:59:09.0345 1024 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

14:59:09.0360 1024 stisvc - ok

14:59:09.0392 1024 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

14:59:09.0392 1024 swenum - ok

14:59:09.0438 1024 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

14:59:09.0438 1024 swprv - ok

14:59:09.0485 1024 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

14:59:09.0485 1024 Symc8xx - ok

14:59:09.0501 1024 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

14:59:09.0516 1024 Sym_hi - ok

14:59:09.0532 1024 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

14:59:09.0532 1024 Sym_u3 - ok

14:59:09.0563 1024 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:59:09.0579 1024 TabletInputService - ok

14:59:09.0641 1024 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

14:59:09.0657 1024 TapiSrv - ok

14:59:09.0688 1024 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

14:59:09.0704 1024 TBS - ok

14:59:09.0766 1024 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

14:59:09.0797 1024 Tcpip - ok

14:59:09.0813 1024 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

14:59:09.0828 1024 Tcpip6 - ok

14:59:09.0875 1024 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

14:59:09.0891 1024 tcpipreg - ok

14:59:09.0922 1024 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

14:59:09.0938 1024 TDPIPE - ok

14:59:09.0953 1024 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

14:59:09.0953 1024 TDTCP - ok

14:59:10.0031 1024 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

14:59:10.0031 1024 tdx - ok

14:59:10.0047 1024 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

14:59:10.0047 1024 TermDD - ok

14:59:10.0125 1024 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

14:59:10.0140 1024 TermService - ok

14:59:10.0172 1024 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

14:59:10.0172 1024 Themes - ok

14:59:10.0187 1024 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

14:59:10.0187 1024 THREADORDER - ok

14:59:10.0218 1024 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

14:59:10.0218 1024 TrkWks - ok

14:59:10.0312 1024 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:59:10.0328 1024 TrustedInstaller - ok

14:59:10.0374 1024 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

14:59:10.0406 1024 tssecsrv - ok

14:59:10.0452 1024 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

14:59:10.0452 1024 tunmp - ok

14:59:10.0515 1024 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

14:59:10.0515 1024 tunnel - ok

14:59:10.0546 1024 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

14:59:10.0546 1024 uagp35 - ok

14:59:10.0577 1024 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

14:59:10.0577 1024 udfs - ok

14:59:10.0640 1024 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

14:59:10.0640 1024 UI0Detect - ok

14:59:10.0655 1024 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

14:59:10.0655 1024 uliagpkx - ok

14:59:10.0702 1024 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

14:59:10.0718 1024 uliahci - ok

14:59:10.0733 1024 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

14:59:10.0733 1024 UlSata - ok

14:59:10.0780 1024 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

14:59:10.0780 1024 ulsata2 - ok

14:59:10.0811 1024 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

14:59:10.0811 1024 umbus - ok

14:59:10.0858 1024 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

14:59:10.0858 1024 usbccgp - ok

14:59:10.0936 1024 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

14:59:10.0936 1024 usbcir - ok

14:59:10.0983 1024 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

14:59:10.0983 1024 usbehci - ok

14:59:11.0014 1024 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

14:59:11.0014 1024 usbhub - ok

14:59:11.0045 1024 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

14:59:11.0045 1024 usbohci - ok

14:59:11.0108 1024 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

14:59:11.0108 1024 usbprint - ok

14:59:11.0186 1024 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

14:59:11.0186 1024 usbscan - ok

14:59:11.0201 1024 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:59:11.0201 1024 USBSTOR - ok

14:59:11.0248 1024 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

14:59:11.0248 1024 usbuhci - ok

14:59:11.0295 1024 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

14:59:11.0295 1024 usbvideo - ok

14:59:11.0326 1024 [ 7B8424BBAAFBC127C8F55AD6007D6D6B ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS

14:59:11.0326 1024 UVCFTR - ok

14:59:11.0373 1024 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

14:59:11.0373 1024 UxSms - ok

14:59:11.0420 1024 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

14:59:11.0435 1024 vds - ok

14:59:11.0466 1024 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

14:59:11.0466 1024 vga - ok

14:59:11.0482 1024 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

14:59:11.0482 1024 VgaSave - ok

14:59:11.0513 1024 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

14:59:11.0513 1024 viaagp - ok

14:59:11.0544 1024 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

14:59:11.0544 1024 ViaC7 - ok

14:59:11.0560 1024 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

14:59:11.0560 1024 viaide - ok

14:59:11.0591 1024 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

14:59:11.0591 1024 volmgr - ok

14:59:11.0669 1024 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

14:59:11.0669 1024 volmgrx - ok

14:59:11.0732 1024 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

14:59:11.0747 1024 volsnap - ok

14:59:11.0794 1024 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

14:59:11.0794 1024 vsmraid - ok

14:59:11.0841 1024 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

14:59:11.0872 1024 VSS - ok

14:59:11.0919 1024 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

14:59:11.0934 1024 W32Time - ok

14:59:11.0966 1024 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

14:59:11.0966 1024 WacomPen - ok

14:59:12.0012 1024 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

14:59:12.0012 1024 Wanarp - ok

14:59:12.0012 1024 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

14:59:12.0028 1024 Wanarpv6 - ok

14:59:12.0044 1024 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

14:59:12.0044 1024 Wd - ok

14:59:12.0090 1024 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

14:59:12.0106 1024 Wdf01000 - ok

14:59:12.0137 1024 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

14:59:12.0137 1024 WdiServiceHost - ok

14:59:12.0153 1024 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

14:59:12.0153 1024 WdiSystemHost - ok

14:59:12.0215 1024 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

14:59:12.0215 1024 Wecsvc - ok

14:59:12.0231 1024 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

14:59:12.0246 1024 wercplsupport - ok

14:59:12.0262 1024 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

14:59:12.0262 1024 WerSvc - ok

14:59:12.0371 1024 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

14:59:12.0387 1024 Winmgmt - ok

14:59:12.0465 1024 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

14:59:12.0543 1024 WinRM - ok

14:59:12.0605 1024 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

14:59:12.0621 1024 Wlansvc - ok

14:59:12.0652 1024 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

14:59:12.0652 1024 WmiAcpi - ok

14:59:12.0714 1024 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:59:12.0730 1024 wmiApSrv - ok

14:59:12.0824 1024 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

14:59:12.0855 1024 WMPNetworkSvc - ok

14:59:12.0917 1024 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:59:12.0933 1024 WPCSvc - ok

14:59:13.0042 1024 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

14:59:13.0058 1024 WpdUsb - ok

14:59:13.0214 1024 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

14:59:13.0229 1024 WPFFontCache_v0400 - ok

14:59:13.0323 1024 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:59:13.0354 1024 ws2ifsl - ok

14:59:13.0385 1024 WSearch - ok

14:59:13.0432 1024 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

14:59:13.0463 1024 WUDFRd - ok

14:59:13.0494 1024 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:59:13.0510 1024 wudfsvc - ok

14:59:13.0557 1024 ================ Scan global ===============================

14:59:13.0619 1024 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

14:59:13.0697 1024 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

14:59:13.0806 1024 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

14:59:13.0869 1024 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

14:59:13.0869 1024 [Global] - ok

14:59:13.0900 1024 ================ Scan MBR ==================================

14:59:13.0931 1024 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

14:59:15.0273 1024 \Device\Harddisk0\DR0 - ok

14:59:15.0288 1024 [ 06449E7C4AF0550B77E260798769AA40 ] \Device\Harddisk1\DR1

14:59:15.0288 1024 \Device\Harddisk1\DR1 - ok

14:59:15.0288 1024 ================ Scan VBR ==================================

14:59:15.0320 1024 [ 570BF47E461EAFF2B1B82C1A7A6F870E ] \Device\Harddisk0\DR0\Partition1

14:59:15.0320 1024 \Device\Harddisk0\DR0\Partition1 - ok

14:59:15.0382 1024 [ 1E9C0BA18D156E64011492099A1DCE16 ] \Device\Harddisk0\DR0\Partition2

14:59:15.0398 1024 \Device\Harddisk0\DR0\Partition2 - ok

14:59:15.0413 1024 [ C7D35E39758639961CC01BFC9E071CD3 ] \Device\Harddisk1\DR1\Partition1

14:59:15.0413 1024 \Device\Harddisk1\DR1\Partition1 - ok

14:59:15.0413 1024 ============================================================

14:59:15.0413 1024 Scan finished

14:59:15.0413 1024 ============================================================

14:59:15.0429 1000 Detected object count: 0

14:59:15.0429 1000 Actual detected object count: 0

14:59:36.0348 1416 Deinitialize success

Share this post


Link to post
Share on other sites

Now to your last post;

Go to Start >> select Control Panel >> and go to Action Center or Security Center (as appropos)

What does it show for antivirus status?

What does it show for Firewall status ?

What does it show for Automatic Updates?

Security center is not working in normal mode But I can tell you that my antivirus is disabled. Windows firewall has been disabled as I use the firewall in McAfee and Windows update has been set to manual for a long time now. I run update every month or so. The last time was about a week before this happened.

Did you or any other user of the system "disable any Windows services" ?

I do remember trying to get McAfee completely shut down from MSconfig but I only shut them down I did not alter the way in which they loaded and they have since returned. I am the only user of this computer. So the answer is No.

When was the last time you scanned your system with your antivirus program and security app (if you have another anti-malware) ?

About a week before this meltdown I tried to run a scan and the computer locked up. After I got the warning about ZeroAcess I was able to run a scan as part of McAfee's online instructions (which included the "bootrec fixmbr" command) and it ran all the way through but found nothing. It was durring this time when I realized nothing was working in normal mode.

NEXT: Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!..... ....Click the General tab. It should have Normal startup selected (in the radio-box=selection)

IF it does not, then you click on Normal startup.

To begin "MSconfig" will not run in normal mode. Under safe mode it was not set to normal start up because a long time ago I started using it to disable unwanted start up options so it has been set to selective start-up for years. However the load system services check box is checked and I have never tried to permenantly disable a service as I have no idea what most of them do. Especially the microsoft services. While in Safe mode I selected normal start-up and rebooted... No change in normal mode except a bunch of programs I had disabled came back and some gave me error msgs on start-up

NEXT: Check for missing or disabled Windows services, by doing the following, and post detailed results when done !!

OK I went one step further I opened computer managment and checked those results as well...

To begin everything listed under MSconfig was checked there were only 3 on your list missing Window firewall, and windows update (probably as I stated I don't use them) and RPC end point mapper(?)

However the only service running was windows management intrumentation. Some of these won't run in safe mode anyway. (I know from prior experiments that windows installer won't run in safe mode)

Below is the list you included and below each entry is what I found in order shown left to right on MSConfig \ and then Comp management.

Look for COM+ Event System. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

Checked, Stopped, \comp mgmt Status:No status shown, start-up: automatic

Look for COM+ System Application. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

checked, stopped \comp mgmt Status:No status shown, start-up: manual

Look for Ipsec Policy Agent. Is it shown? Is it checked? If not, click on that checkbox to checkmark.

checked, stopped Status:No status shown, start-up: automatic

Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

checked, stopped Status:No status shown, start-up: manual

Look for RPC Endpoint Mapper. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Not shown

Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Not shown

Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

checked, running Status:started, start-up: automatic

Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

checked, stopped Status:No status shown, start-up: manual

Look for Windows Update. Is it shown ? Is it checked? If not, click on that checkbox to checkmark.

Not shown

In general most every service is stopped but loaded automatically. Does this mean the are disabled or have the run their course and shut down? Or because I am stuck in safe mode? I know there are a bunch of services not running in normal mode. But why? Is there a list out there for min services for windows to run? It seems like there is a tleast one critical service that almost everything calls for that is not there.

NEXT:Do your best to run the TDSSKILLER with Chameleon MBAM run as I outlined before ..... even in Safe Mode with Networking !

See prior post.

I ran FSS;

Normal mode; "specified service is not an installed service"!!!!!!!!!!!!!!!!!!!

Safe mode;

Farbar Service Scanner Version: 07-10-2012

Ran by Owner (administrator) on 13-10-2012 at 17:37:35

Running from "C:\Users\Owner\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Network

****************************************************************

Internet Services:

============

Dnscache Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.

Dhcp Service is not running. Checking service configuration:

The start type of Dhcp service is OK.

The ImagePath of Dhcp service is OK.

The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

Connection Status:

==============

Attempt to access Local Host IP returned error: Localhost is blocked: Other errors

LAN connected.

Attempt to access Google IP returned error: Other errors

Attempt to access Google.com returned error: Other errors

Attempt to access Yahoo IP returned error: Other errors

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

mpsdrv Service is not running. Checking service configuration:

The start type of mpsdrv service is OK.

The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is set to Auto. The default start type is 3.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

Other Services:

==============

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.

Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.

Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Well maybe we are getting somewhere? Or is this because its in safe mode?

As far as doing a clean install, I would love to but as I've said I can't run my recovery for that untill I get these services back. I don't care about anything on this machine. But the last time I tried to do a factory install without going through "Gateway recovery center" I had to have a tech guy fix it and I still don't have some of the original programs and features to this day.

Share this post


Link to post
Share on other sites

As I noted before

On the actual process to do the factory restore, check with Gateway on the exact procedure.

If you have not done that, get going on it. The number of missing services is way too much & the system has a ZEROACCESS backdoor infection !

The usual way to do a OEM factory restore is by pressing a specific function key at pc-startup (check with your OEM) and it would start the process from a hidden partition on your HDD. ALT+F10 keys for Gateway

REF http://support.gatew...15910su12.shtml

It is past time to nuke, pave, wipe the Windows partition and do a factory restore.

It looks like at least 9 windows services are awol.

Download and SAVE the following registry files to either your DESKTOP or to a unique folder

http://download.blee...ta/Dnscache.reg

http://download.blee...s/vista/nsi.reg

http://download.blee...ista/MpsSvc.reg

http://download.blee...s/vista/BFE.reg

http://download.blee...ista/wscsvc.reg

http://download.blee...ta/wuauserv.reg

http://download.blee.../vista/BITS.reg

http://download.blee...a/WinDefend.reg

http://download.blee...haredAccess.reg

One by one, for each reg file, do a Right-click on it and then select MERGE.

When that's done, Logoff and restart the system fresh. IF at all possible, we need to be in Windows normal mode.

IF and only if normal mode is not steady, next best is Safe mode with Networking ..... not plain safe mode.

Do this batch run and advise me after it is completed.

Windows services

This will be a batch-fix .

  • Press the Windows-key on keyboard.
  • In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  • Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    @Echo off
    sc stop msiserver
    sc config msiserver start= manual
    sc start msiserver
    sc config dcomlaunch start= auto
    sc config nsi start= auto
    sc config dhcp start= auto
    sc config rpcss start= auto
    sc config winmgmt start= auto
    sc config wscsvc start= delayed-auto
    sc config bits start= delayed-auto
    sc config wuauserv start= delayed-auto
    sc config sdrsvc start= manual
    sc config vss start= auto
    sc config eventlog start= auto
    sc start mpsdrv
    sc start mpssvc
    shutdown -r -t 1
    del %0


  • Select File -> Save AS.
  • Press the Desktop button on the left side of the save dialog.
  • In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  • Press 10-16-2011%204-36-39%20PM.png.
  • Close Notepad.
  • Right click Fix.bat on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  • Press Yes if prompted by User Account Control.

This procedure will do its tasks and then it will Restart Windows.

When Windows is reloaded and ready, do a new run of FSS.exe and copy and paste back here the new FSS.txt

Please download Listparts

Run the tool, click Scan and post the log (Result.txt) it makes.

Share this post


Link to post
Share on other sites

Hi Maurice,

Quote

On the actual process to do the factory restore, check with Gateway on the exact procedure.

If you have not done that, get going on it. The number of missing services is way too much & the system has a ZEROACCESS backdoor infection !

Ok, I do know what it takes to reload my software, and what it takes is factory recovery program called "Gateway Recovery Center". This program is no longer on my C Drive and because of this it no longer shows up as an option under the "advanced boot options menu" (f10). I have found a copy with it's installation program on my D Drive. But I cannot install anything in normal operation mode - currently i do not have the service(s) it needs and it will not run in safe mode.

It is past time to nuke, pave, wipe the Windows partition and do a factory restore.

I could however install a clean copy of just Vista if you think that will help get my machine to just run normally. For some reason reinstalling just windows causes alot of issues with Gateway installed devices and is part of the reason why I no longer have "Gateway Recovery Center" installed on my C drive. Some programs that came installed on the machine do not reload after a windows clean install. As far as I know the only way for me to do a factory install using my D: Recovery Drive is to use this Gateway Recovery Center, and the only way to truly reset the machine to how it came from the factory. If you know of a different way to access the D Drive I would be happy to hear it.

I performed the registry fixes that you gave me and did have some progress, thank you. Still most services are not working in normal mode, I did notice some improved speed and windows update seem to be running although the internet is still down. I was able to run that batch file from normal mode. But that is the only thing that would run in normal mode. I still had to reboot into safe mode to run FSS and ListParts and the logs will follow.

It looks to me that according to FSS some of those services are back online even though they won't run in safe mode...? Also, I did some digging and it would appear that most of those services you were trying to restart require the RPC Service. It would seem that since most windows functions work in safe mode but not in normal mode that there is some common service loaded differently between the two, could it be this RPC Service? Which shows as started under safe mode?

Anyways, here are the logs ...

Farbar Service Scanner Version: 07-10-2012

Ran by Owner (administrator) on 14-10-2012 at 19:31:33

Running from "C:\Users\Owner\Desktop"

Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

Boot Mode: Network

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Attempt to access Google.com returned error: Other errors

Yahoo IP is accessible.

Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:

=============

MpsSvc Service is not running. Checking service configuration:

The start type of MpsSvc service is OK.

The ImagePath of MpsSvc service is OK.

The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:

The start type of bfe service is OK.

The ImagePath of bfe service is OK.

The ServiceDll of bfe service is OK.

Firewall Disabled Policy:

==================

System Restore:

============

SDRSVC Service is not running. Checking service configuration:

The start type of SDRSVC service is OK.

The ImagePath of SDRSVC service is OK.

The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:

The start type of VSS service is set to Auto. The default start type is 3.

The ImagePath of VSS service is OK.

System Restore Disabled Policy:

========================

Security Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:

The start type of BITS service is OK.

The ImagePath of BITS service is OK.

The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:

The start type of EventSystem service is OK.

The ImagePath of EventSystem service is OK.

The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is OK.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:

Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

Other Services:

==============

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcsvc.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll

[2008-01-20 22:24] - [2008-01-20 22:24] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

ListParts by Farbar Version: 14-10-2012

Ran by Owner (administrator) on 14-10-2012 at 21:03:55

Windows Vista (X86)

Running From: C:\Users\Owner\Desktop

Language: 0409

************************************************************

========================= Memory info ======================

Percentage of memory in use: 21%

Total physical RAM: 1917.38 MB

Available physical RAM: 1498.43 MB

Total Pagefile: 4077.27 MB

Available Pagefile: 3760.8 MB

Total Virtual: 2047.88 MB

Available Virtual: 1983.64 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:221.84 GB) (Free:162.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (RECOVERY) (Fixed) (Total:11.04 GB) (Free:5.21 GB) NTFS ==>[system with boot components (obtained from reading drive)]

4 Drive g: () (Removable) (Total:1.86 GB) (Free:1.72 GB) FAT

DiskPart has encountered an error: The dependency service does not exist or has been marked for deletion.

See the System Event Log for more information.

Windows Boot Manager

--------------------

identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}

device partition=C:

path \bootmgr

description Windows Boot Manager

locale en-US

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

default {e23fcb56-ef6d-11e0-8ff4-e29c84b9fc51}

resumeobject {e23fcb57-ef6d-11e0-8ff4-e29c84b9fc51}

displayorder {e23fcb56-ef6d-11e0-8ff4-e29c84b9fc51}

toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}

timeout 30

resume No

Windows Boot Loader

-------------------

identifier {0acdd9b1-fc19-11e0-a0fb-ba66e51c8955}

device partition=D:

path \Windows\system32\boot\winload.exe

description Windows ™ Code Name "Longhorn" Preinstallation Environment (recovered)

osdevice partition=D:

systemroot \Windows

detecthal Yes

winpe Yes

Windows Boot Loader

-------------------

identifier {e23fcb56-ef6d-11e0-8ff4-e29c84b9fc51}

device partition=C:

path \Windows\system32\winload.exe

description Microsoft Windows Vista

locale en-US

inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

osdevice partition=C:

systemroot \Windows

resumeobject {e23fcb57-ef6d-11e0-8ff4-e29c84b9fc51}

nx OptIn

Resume from Hibernate

---------------------

identifier {e23fcb57-ef6d-11e0-8ff4-e29c84b9fc51}

device partition=C:

path \Windows\system32\winresume.exe

description Windows Resume Application

locale en-US

inherit {1afa9c49-16ab-4a5c-901b-212802da9460}

filedevice partition=C:

filepath \hiberfil.sys

pae Yes

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {b2721d73-1db4-4c62-bf78-c548a880142d}

device partition=C:

path \boot\memtest.exe

description Windows Memory Diagnostic

locale en-US

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

badmemoryaccess Yes

Windows Legacy OS Loader

------------------------

identifier {466f5a88-0af2-4f76-9038-095b170dc21c}

device partition=C:

path \ntldr

description Earlier Version of Windows

EMS Settings

------------

identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}

bootems Yes

Debugger Settings

-----------------

identifier {4636856e-540f-4170-a130-a84776f4c654}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Global Settings

---------------

identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

inherit {4636856e-540f-4170-a130-a84776f4c654}

{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}

{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Boot Loader Settings

--------------------

identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Resume Loader Settings

----------------------

identifier {1afa9c49-16ab-4a5c-901b-212802da9460}

inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

****** End Of Log ******

Share this post


Link to post
Share on other sites

Please do this:

1. Open Internet Explorer.

2. Click "Tools," and then click "Internet Options."

3. Click "Connections," and then click "LAN Settings."

4. Make sure the check boxes for "Automatically detect settings" and "Use automatic configuration script" are not selected.

5. Make sure Proxy servers block is not selected (not checkmarked).

6. Apply changes & OK

Step 2

Using Internet Explorer (only!) go to http://support.microsoft.com/kb/923737

[ignore any DOES NOT APPLY warning as well as the APPLIES TO section],

run the Fix It and then reboot.

Tip: For optimal results, enable the Delete personal settings option.

Step 3

Please copy/paste the lines in bold below to Notepad:

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset resetlog.log

shutdown -r -t 1

del %0

Save as flush.bat to your desktop.

Double-click flush.bat file to run it. Your computer will reboot.

Step 4

Use Internet Explorer (only) to do an online scan at ESET......

The scan may take an hour or two or three, but is wel worth the time.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/...c4.php?page=faq[*]Use of Internet Explorer for the online scan is preferred. If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log.

Share this post


Link to post
Share on other sites

Well we are making progress. When I first read your instructions I thought OK but niether IE or my web connection work in either safe or normal but I"ll try it.... Well I guess I have the internet back even though It still says "the specified service does not exist...bla bla" in the notification area of the task bar.

First I could not find a check box that said "proxy servers BLOCK" instead I have a box that says "Use a proxy server for your LAN" it was unchecked and I left it that way. Under that if checked there is another check box that says "Bypass Proxy server for local address" Also unchecked. Is this what you want?

Unfortunately It still seems that administrator privledges are offline or somehow screwed up. So right away I had trouble running the automatic IE reset. So I followed that page's onscreen instructions to do so manually and had no trouble.

I ran "Flush.bat" without incident from normal mode and it rebooted the computer.

I went to the ESET site and atempted to run the scan without much hope (since admin privledges are down) and this is what I got;

"The website wants to install the following add-on..."

clicked on install. Got;

"To display this webpage again the browser needs to resend the information you've previously submitted..."

Hit retry and cancell. Got;

"An add on for this website failed to run."

So what next boss? :)

Share this post


Link to post
Share on other sites

minor point,

It still says "the specified service does not exist...bla bla" in the notification area of the task bar.

As long as Windows is useable and it's in normal mode, disregard that prompt for the time being.

Yes, that is what I wanted for IE browser.

And you got to ESET website ok, right?

Seems to me, you have some settings in your IE browser that are getting in the way. ....ughhhh.....

Let's give this a whirl.

Internet Explorer, Tools >> Internet Options

click on ADVANCED tab

Look at the very bottom block .... Reset Internet Explorer settings

Click on Reset button

Press Apply button

Now Press Security Tab

Click the Trusted Sites icon

Click the Sites button

now type in to the Add box (at top)..... {You may COPY then Paste}

http://*.eset.com

and press the Add button

Press Close button

Press Appy button & OK button

Now, press Tools and hover the mouse over Pop-up Blocker

Make sure Pop-up blocker is NOT on

When done, try one more time the ESET Online scan as I had outlined.

Share this post


Link to post
Share on other sites

hi maurice,

Yes, that is what I wanted for IE browser.

And you got to ESET website ok, right?

Yes.

OK here we go

  • reset internet explorer. -done
  • Add ESET to my trusted sites list. -done, but I had to uncheck box that said "Require server verification"
  • turn off pop-up blocker. -done, it was on

Went to ESET and got the same results;

"The website wants to install the following add-on..."

clicked on install. Got;

"To display this webpage again the browser needs to resend the information you've previously submitted..."

Hit retry or cancel. Got;

"An add-on for this website failed to run."

end of story.

Any other ideas? It says on their webpage that you have to have admin privledges to run scaner. But I can't run anything in normal mode as administrator. I have been periodicaly trying various programs as we work through this just to see if they will run and "run as administrator" does not work. I am the admin for this computer at least thats what it says in Account control.

For instance; I am trying to install my "Gateway Recovery Center" (GRC) When I run the install program It does start but when I click on continue It says " The system administrator has set policies to prevent this installation". The file is an ".msi" file so there is no right click-Run as administrator option. Other programs like IE will run fine from a double click but not if you right click-run as admin. It says... ready..."The specified service does not ...bla bla bla"

Should I try it in safe mode?

Share this post


Link to post
Share on other sites

Please stick with normal mode.

Do as much as possible of the following:

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Do NOT press any Fix button.
  • Exit/Close RogueKiller

Step 2

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Step 3

Delete the prior copy of DDS that you have.

Download DDS and save it to your desktop from http://download.blee...om/sUBs/dds.com here

or http://download.blee...om/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Share this post


Link to post
Share on other sites

Hi Maurice,

I'm sorry but none of these things will work in Normal mode. We seem to have made some headway with those registry fixs but there are still several services not running. Do these programs require the windows installer program msiserver? I know that is not running. Do you think reinstalling windows would reset the registry and enable some of these progams to run? I think if the OS were running stabily I might still be able to get that Recovery Program installed and then do a factory restore.

Any way let me know what you think or if you want to run these programs in safe mode.

Share this post


Link to post
Share on other sites

Hi Duncann,

I believe I had asked that you contact Gateway support for the proper way to do a factory restore.

In my opinion, it needs to be done outside of Windows. There is either a factory-restore disc that the OEM provides at time of purchase, or, there is a Function key sequence used at pc-startup to do the factory restore from the hidden partition on the HDD.

We have tried so many things, that now it is becoming harder & harder to think of something we have not already tried. But beyond that, I had noted to you that way too many windows services were knocked out whereby by the integrity of this operating system is very obviously in doubt --- eg, untrustworthy.

A) If you have not already done so, BACKUP your documents/files to offline backup media (external drives, DVD/CD, or USB-flash-thumb drive)

and let me know.

B) Re-check with Gateway support on the procedure for factory restore.

C) Please download one of the following and run it:

http://download.blee...bit/FixExec.com

http://download.blee...bit/FixExec.pif

http://download.blee...bit/FixExec.scr

When FixExec has finished running it will create a log on your Windows desktop called FixExec.txt. This log will contain a list of the items that were repaired on your computer. Copy & Paste contents of FixExec.txt into next reply.

Then, as much as possible, in normal mode, do the 3 things I listed before.

Share this post


Link to post
Share on other sites

Hi maurice, Sorry I took so long to get back to you. But I have been busy...

I believe I had asked that you contact Gateway support for the proper way to do a factory restore.

In my opinion, it needs to be done outside of Windows. There is either a factory-restore disc that the OEM provides at time of purchase, or, there is a Function key sequence used at pc-startup to do the factory restore from the hidden partition on the HDD.

I have been to short on this in the past as it is a long story. Gateway has a propietary boot loader or boot manager they use for their recovery. I thought it was included with their "Gateway Recovery Center" (GRC) which was missing from my system. (I have since found out it is not.) This is why I have been so hot to get the windows"MSI" service running so I could install this program. If at anytime you reload windows from the system disk that ships with the computer you will loose GRC and the boot loader that comes with it. ( which I had years ago) You can get GRC back but not the bootloader. So as far as I can tell, from that point on your only opption to restore to "near" factory condition is to reinstall windows and then manually reinstall each factory program and driver from your disk or the recovery partition. Neither the disk or the recovery partition contain this boot loader program. AFAIK. (I don't Know what it looks like, let alone how to install or configure it) When you click on the factory restore button in GRC It reboots your system. Then it should boot up with the recovery process but mine just reboots windows as if I hadn't done anything.

So I reinstalled windows. I am sorry if this causes you problems. I realize that you didn't instruct me to do so but I just couldn't see continuing to check the system from safe mode. I felt like a stabil normal mode was a better option. So now I have a fully functional windows enviornment. It seems to be working ok with a few glitches. Is there any reason to continue? I know that the HDD has not been formated but I'm not sure how I can do that given my recovery options. The last time I tried to format and reload from My windows disk I got an error that "Bootmgr" was missing and I had to have a repair guy fix it. Can this Trojan still be lurking on the HDD?

If you have not already done so, BACKUP your documents/files to offline backup media (external drives, DVD/CD, or USB-flash-thumb drive)

and let me know.

Already done, weeks ago. But I have them saved on a flash drive that was connected to my still infected computer. Is that drive safe to reconnect?

If you decide that we should keep going I want to let you know where we are in terms of the reload. So far I have reinstalled windows, loaded the basic driver files for my sound, video, LAN, and WLAN. I have connected to the internet and downloaded Adobe Reader and run windows up-date once. I have not reinstalled McAfee as I am not sure I want to continue with that program and it is a bitch to get back off. I do have windows firewall running and I have only been to trusted sites and google.

If you think we should stop, Do you think it is safe to continue with this machine or should I try to find another way to format and reload the system? And could you please recomend a protection strategy for safer web browsing? Do you use both an antivirus and a malware program to protect your system? (i have not been able to do that because McAfee doesn't play well with others.) Is there anything else you would recomend?

Please let me know and regardless I want you to know I am very grateful for all your help. You are truely a gentleman.

sincerest thanks,

Duncan

PS sorry for all the spelling errors. If this forum has a spell checker I haven't found it :blush:

Share this post


Link to post
Share on other sites

ID: 25   Posted (edited)

If You have "reinstalled" Windows and it is working normally, no, there isn't a reason to continue.

IF McAfee came with the o.s., you should uninstall it and reboot.

And make sure to have an antivirus program installed and active.

If a/v cost is an issue, there are good free antivirus programs for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

I would suggest you get either MSE or Avira.

The sequence to use when switching antivirus is this:

1) Download AND SAVE the setup program of the new antivirus. (Have it handy).

2) Disconnect pc from internet

3) De-install the old antivirus

4) Make sure to Logoff and Restart Windows fresh.

5) Run setup of new antivirus

6) Logoff and Restart fresh

7) Reconnect to internet

7) start the new A-V, and do an Update run (to make sure it is all current)

Again, I emphasize that your system must have an antivirus program, and to not go without it.

In addition, I would highly recommend your purchase MalwareBytes' MBAM. It would have protected your system from getting infected by malware.

MBAM will complement the protection provided by antivirus. MBAM is not an antivirus app.

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.