parg0lf

Hi Gringo, I have run the mbar.exe once and re-booted PC in normal mode. I was not sure which mode to re-boot in so I tried normal. PC was still giving the same message "The installed service.........". So I re-booted again and am running mbar.exe again as indicated in the instructions. One question though when I start mbar, it wants to update to the latest version but I have to skip this step since I don't have any network connection. Is this okay or does this cause issues? On the first scan it did find 6 infected files that it cleaned up. So looks like we are making some headway. I will report back after the second scan completes.

Gringo, I have the USB drive plugged in with Farbar loaded on it, re-started PC, when BIOS screen come sup I press F12 to get to Boot Menu. I can then choose which disk to book from USB, hard drive, CD-ROM, etc. I selected USB drive, and then I get the same message "NTLDR is missing Press any key to restart". I can press as many keys as I want and the PC will not restart, I have to press the power button to turn the PC off and then start it up again. What should I try now?

Gringo, I just tried to re-boot with USB drive plugged with Farbar loaded on it, and when the BIOS screen came up I tapped F8 several times, but then a screen came up and says NTLDR is missing Press any key to restart. When I press a key nothing happens. On the BIOS screen there is an option to press F12 for the Boot menu. Should I try this instead?

Gringo, My USB drives on my PC do not work. Can I do put Farbar on a CD and run it from there? Also I don't fully understand the instruction you gave. Am I supposed to run FarBar and then put in the Windows Vista Installation disk and run it?? Please confirm.

Hi Gringo, I am now able to get back into this post, so someone at Malwarebytes must have fixed the link. OK so I have run the OTL.exe and below is the report. OTL logfile created on: 12/4/2012 7:23:36 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brian\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 76.52% Memory free 6.74 Gb Paging File | 6.39 Gb Available in Paging File | 94.82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455.71 Gb Total Space | 189.67 Gb Free Space | 41.62% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 3.88 Gb Free Space | 38.83% Space Free | Partition Type: NTFS Drive E: | 698.81 Mb Total Space | 479.77 Mb Free Space | 68.65% Space Free | Partition Type: UDF Computer Name: HOWELL-PC | User Name: Brian | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Brian\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll () ========== Services (SafeList) ========== SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs) SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (ncprwsnt) -- C:\Program Files\WatchGuard\Mobile VPN\NCPRWSNT.EXE (NCP Engineering GmbH) SRV - (rwsrsu) -- C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ncpclcfg) -- C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe (NCP engineering GmbH) SRV - (NcpSec) -- C:\Program Files\WatchGuard\Mobile VPN\NCPSEC.EXE () ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Brian\AppData\Local\Temp\catchme.sys File not found DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.) DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software) DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (ncplelhp) -- C:\Windows\System32\drivers\ncplelhp.sys (NCP Engineering GmbH) DRV - (ncpfilt) -- C:\Windows\System32\drivers\ncplelhp.sys (NCP Engineering GmbH) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6E5A0F38-B2C6-255B-77D0-4164A6763109}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://portal.wowway.net/ IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903 IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portal.wowway.net/ IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\SearchScopes,Backup.Old.DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4} IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\SearchScopes\{6E5A0F38-B2C6-255B-77D0-4164A6763109}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll File not found FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Michelle\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Brian\AppData\Local\Roblox\Versions\version-3ebe0cca16b6421c\\NPRobloxProxy.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/28 18:09:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/17 03:05:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/28 18:09:05 | 000,000,000 | ---D | M] [2010/07/16 20:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions [2010/07/16 20:34:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com ========== Chrome ========== CHR - default_search_provider: Web Search () CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com/ CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Wajam (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Unity Player (Enabled) = C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Brian\AppData\Local\Roblox\Versions\version-7abe764230c5492d\\NPRobloxProxy.dll CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Michelle\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Shop to Win) - {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - C:\Program Files\Shop to Win 28\Shop to Win 28.dll File not found O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Shop to Win) - {EE146ACC-D881-1414-2148-B1D008B47ADB} - C:\Program Files\Shop to Win 27\Shop to Win 27.dll File not found O3 - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-3893912771-293447690-4005701847-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EBEBF83-F912-464C-9D2A-920FA57F7B44}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\sacore - No CLSID value found O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c87cdb82-0fd2-11de-9de2-02004e435049}\Shell - "" = AutoRun O33 - MountPoints2\{c87cdb82-0fd2-11de-9de2-02004e435049}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\{fb11bee2-7792-11de-9fa1-02004e435049}\Shell\AutoRun\command - "" = J:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/12/04 07:21:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe [2012/12/03 20:22:18 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/12/03 18:21:06 | 003,177,840 | ---- | C] (McAfee, Inc.) -- C:\Users\Brian\Desktop\MCPR.exe [2012/12/02 20:27:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe [2012/12/02 20:27:12 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe [2012/12/02 17:17:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/12/02 17:17:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/12/02 17:17:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/12/02 17:10:06 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/12/02 17:09:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/12/02 17:09:15 | 005,009,299 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe [2012/12/02 15:57:40 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\RK_Quarantine [2012/12/01 21:20:31 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes [2012/12/01 21:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/01 21:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/01 21:20:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/12/01 21:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/11/30 22:01:39 | 000,398,752 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\unhide.exe [2012/11/30 22:01:38 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\iExplore.exe [2012/11/30 22:01:37 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Brian\Desktop\dds.scr [2012/11/30 22:01:12 | 001,754,528 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\rkill.com [2012/11/27 22:05:24 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/11/14 21:57:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/11/14 21:49:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012/11/14 21:49:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012/11/14 21:49:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012/11/14 21:49:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012/11/14 21:49:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012/11/14 21:49:19 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012/11/14 21:49:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012/11/14 21:49:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012/11/14 06:57:59 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012/11/14 06:57:38 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012/11/10 17:06:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/11/10 17:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2009/01/01 20:57:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Brian\AppData\Roaming\pcouffin.sys [2008/11/17 20:37:27 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Brian\AppData\Roaming\DataSafeDotNet.exe ========== Files - Modified Within 30 Days ========== [2012/12/04 07:17:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Desktop\OTL.exe [2012/12/03 20:11:01 | 000,642,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/12/03 20:11:01 | 000,119,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/12/03 20:06:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/03 17:56:32 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/03 17:56:32 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/03 09:44:58 | 003,177,840 | ---- | M] (McAfee, Inc.) -- C:\Users\Brian\Desktop\MCPR.exe [2012/12/02 20:19:56 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Brian\Desktop\aswMBR.exe [2012/12/02 20:19:07 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Brian\Desktop\tdsskiller.exe [2012/12/02 17:06:00 | 005,009,299 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\ComboFix.exe [2012/12/02 15:37:46 | 000,752,128 | ---- | M] () -- C:\Users\Brian\Desktop\RogueKiller.exe [2012/12/02 15:37:28 | 000,533,705 | ---- | M] () -- C:\Users\Brian\Desktop\adwcleaner.exe [2012/12/02 15:37:12 | 000,856,731 | ---- | M] () -- C:\Users\Brian\Desktop\SecurityCheck.exe [2012/12/02 06:52:58 | 000,270,936 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/12/01 21:20:13 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/01 21:16:15 | 000,045,056 | ---- | M] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/12/01 21:11:53 | 000,001,356 | ---- | M] () -- C:\Users\Brian\AppData\Local\d3d9caps.dat [2012/11/29 13:10:22 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Brian\Desktop\dds.scr [2012/11/29 13:05:04 | 000,398,752 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\unhide.exe [2012/11/29 12:50:14 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\iExplore.exe [2012/11/29 12:49:16 | 001,754,528 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Brian\Desktop\rkill.com [2012/11/27 12:34:49 | 000,000,550 | ---- | M] () -- C:\Windows\Brownie.ini [2012/11/25 08:50:12 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI [2012/11/18 21:39:59 | 000,141,285 | ---- | M] () -- C:\Users\Brian\Documents\USaccountManager_2012.pdf [2012/11/10 17:06:32 | 000,001,763 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/11/08 17:55:28 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012/11/08 17:55:28 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/12/02 17:17:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/12/02 17:17:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/12/02 17:17:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/12/02 17:17:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/12/02 17:17:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/12/02 15:42:55 | 000,856,731 | ---- | C] () -- C:\Users\Brian\Desktop\SecurityCheck.exe [2012/12/02 15:42:54 | 000,752,128 | ---- | C] () -- C:\Users\Brian\Desktop\RogueKiller.exe [2012/12/02 15:42:52 | 000,533,705 | ---- | C] () -- C:\Users\Brian\Desktop\adwcleaner.exe [2012/12/01 21:20:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/18 21:39:59 | 000,141,285 | ---- | C] () -- C:\Users\Brian\Documents\USaccountManager_2012.pdf [2012/11/10 17:06:32 | 000,001,763 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/07/31 18:43:23 | 000,000,093 | ---- | C] () -- C:\Users\Brian\AppData\Local\fusioncache.dat [2011/07/23 18:42:51 | 000,001,356 | ---- | C] () -- C:\Users\Brian\AppData\Local\d3d9caps.dat [2011/06/24 20:24:31 | 000,031,261 | ---- | C] () -- C:\Windows\HL-5370DW.INI [2010/04/24 10:11:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009/11/27 21:29:55 | 000,027,503 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\UserTile.png [2009/02/10 20:46:22 | 000,000,105 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\AVSMediaPlayer.m3u [2009/01/01 20:57:02 | 000,087,608 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\inst.exe [2009/01/01 20:57:02 | 000,007,887 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\pcouffin.cat [2009/01/01 20:57:02 | 000,001,144 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\pcouffin.inf [2008/09/12 20:32:53 | 000,045,056 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\Windows\$NtUninstallKB35192$] -> -> Unknown point type ========== Alternate Data Streams ========== @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:661DFA1C < End of report > I also have the Extra.txt report available if you need it for review. PC is still in safe state, running in safe mode with networking and I am still getting the message "the installed service does not exist as an installed device". Look forward to your feedback and thanks for your assistance with this issue.

This is the continuance of a forum post between myself and Gringo. Hi Gringo, I am unable to open the previous post that you and I were using, so I had to start a new one. Hi Gringo, I tried to Uninstall McAfee through Add/Remove program with Windows running in normal mode and I got the same message as I did in safe mode. I tried to copy over the MCPR.exe program you recommended, but I in Normal mode Windows would not allow me to copy over the file, so I re-booted the PC in safe mode and was then able to copy MCPR.exe to my desktop. I ran MCPR as administrator, but at the end of the run it gave me an error message stating “Incomplete Uninstallation”. Below I have attached a few pages from the report from that run. The total report is several hundred pages in length, and too large to post, unless I do it as an attachment. MCAFEE CLEANUP December 03, 2012 18:22:01 INFO Silent mode activated. INFO Cleanup will be scheduled and run. INFO Product MFP to be removed from system. INFO Product APPSTATS to be removed from system. INFO Product Auth to be removed from system. INFO Product EMproxy to be removed from system. INFO Product FWdiver to be removed from system. INFO Product McSvcHost to be removed from system. INFO Product HW to be removed from system. INFO Product MAS to be removed from system. INFO Product MAT to be removed from system. INFO Product MBK to be removed from system. INFO Product MCPR to be removed from system. INFO Product McProxy to be removed from system. INFO Product VUL to be removed from system. INFO Product MHN to be removed from system. INFO Product MNA to be removed from system. INFO Product MOBK to be removed from system. INFO Product MPFP to be removed from system. INFO Product MPFPCU to be removed from system. INFO Product MPS to be removed from system. INFO Product SHRED to be removed from system. INFO Product MPSCU to be removed from system. INFO Product MQC to be removed from system. INFO Product MQCCU to be removed from system. INFO Product MSAD to be removed from system. INFO Product MSHR to be removed from system. INFO Product MSK to be removed from system. INFO Product MSKCU to be removed from system. INFO Product MWL to be removed from system. INFO Product NMC to be removed from system. INFO Product RedirSvc to be removed from system. INFO Product VS to be removed from system. INFO Product MSC to be removed from system. ERROR Internal Error. Failed to establish trust. INFO Task Scheduler service started. MCAFEE CLEANUP December 03, 2012 18:22:03 INFO Silent mode activated. INFO Cleanup operations will run. INFO Product MFP to be removed from system. INFO Product APPSTATS to be removed from system. INFO Product Auth to be removed from system. INFO Product EMproxy to be removed from system. INFO Product FWdiver to be removed from system. INFO Product McSvcHost to be removed from system. INFO Product HW to be removed from system. INFO Product MAS to be removed from system. INFO Product MAT to be removed from system. INFO Product MBK to be removed from system. INFO Product MCPR to be removed from system. INFO Product McProxy to be removed from system. INFO Product VUL to be removed from system. INFO Product MHN to be removed from system. INFO Product MNA to be removed from system. INFO Product MOBK to be removed from system. INFO Product MPFP to be removed from system. INFO Product MPFPCU to be removed from system. INFO Product MPS to be removed from system. INFO Product SHRED to be removed from system. INFO Product MPSCU to be removed from system. INFO Product MQC to be removed from system. INFO Product MQCCU to be removed from system. INFO Product MSAD to be removed from system. INFO Product MSHR to be removed from system. INFO Product MSK to be removed from system. INFO Product MSKCU to be removed from system. INFO Product MWL to be removed from system. INFO Product NMC to be removed from system. INFO Product RedirSvc to be removed from system. INFO Product VS to be removed from system. INFO Product MSC to be removed from system. ERROR Internal Error. Failed to establish trust. PASS EnablePrivilege(TRUE) returns: 1 PASS Register(C:\Windows\system32\jscript.dll) returns: 1 PASS Register(C:\Windows\system32\vbscript.dll) returns: 1 PASS Register(C:\Windows\system32\jscript9.dll) returns: 1 PASS UnRegisterBHO() returns: 1 INFO Removing product MFP... INFO Running command... PASS Command line command successful INFO Running command... PASS Command line command successful INFO Removing registry keys... PASS HKEY_LOCAL_MACHINE\SOFTWARE\Internet Content Filter removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Internet Content Filter does not exist PASS HKEY_USERS\.DEFAULT\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-19\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-20\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-21-3893912771-293447690-4005701847-1000_Classes\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-18\SOFTWARE\Internet Content Filter does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ICF does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fpUpdateSvc does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A96FA488-2856-437F-8EAC-1FD67F0EE32C} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A96FA488-2856-437F-8EAC-1FD67F0EE32C} does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfeicfcore does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfeicfupdate does not exist INFO Removing files... PASS C:\Users\Public\Desktop\Set up Family Protection.lnk does not exist PASS %USERPROFILE%\Desktop\Set up Family Protection.lnk does not exist After further checking on my PC it does appear that McAfee was removed, as it does not exist in my Program Files directory. Looking forward to your next recommendation of steps to take. The PC is still in the same state, running in safe mode and I continue to get the same message saying that the specified service does not exist as an installed service for my network connection and from any program I try to open.

This is a continuance of a forum post where user “Gringo” was helping me with a malware issue on my Dell desktop PC running Windows Vista 32 bit. Hi Gringo, I tried to Uninstall McAfee through Add/Remove program with Windows running in normal mode and I got the same message as I did in safe mode. I tried to copy over the MCPR.exe program you recommeded, but I in Normal mode Windows would not allow me to copy over the file, so I re-booted the PC in safe mode and wasa then able to copy MCPR.exe to my desktop. I ran MCPR as administrator, but at the end of the run it gave me an error message stating “Incomplete Uninstallation”. Below I have attached a few pages from the report from that run. The total report is several hundred pages in length, and too large to post, unless I do it as an attachment. MCAFEE CLEANUP December 03, 2012 18:22:01 INFO Silent mode activated. INFO Cleanup will be scheduled and run. INFO Product MFP to be removed from system. INFO Product APPSTATS to be removed from system. INFO Product Auth to be removed from system. INFO Product EMproxy to be removed from system. INFO Product FWdiver to be removed from system. INFO Product McSvcHost to be removed from system. INFO Product HW to be removed from system. INFO Product MAS to be removed from system. INFO Product MAT to be removed from system. INFO Product MBK to be removed from system. INFO Product MCPR to be removed from system. INFO Product McProxy to be removed from system. INFO Product VUL to be removed from system. INFO Product MHN to be removed from system. INFO Product MNA to be removed from system. INFO Product MOBK to be removed from system. INFO Product MPFP to be removed from system. INFO Product MPFPCU to be removed from system. INFO Product MPS to be removed from system. INFO Product SHRED to be removed from system. INFO Product MPSCU to be removed from system. INFO Product MQC to be removed from system. INFO Product MQCCU to be removed from system. INFO Product MSAD to be removed from system. INFO Product MSHR to be removed from system. INFO Product MSK to be removed from system. INFO Product MSKCU to be removed from system. INFO Product MWL to be removed from system. INFO Product NMC to be removed from system. INFO Product RedirSvc to be removed from system. INFO Product VS to be removed from system. INFO Product MSC to be removed from system. ERROR Internal Error. Failed to establish trust. INFO Task Scheduler service started. MCAFEE CLEANUP December 03, 2012 18:22:03 INFO Silent mode activated. INFO Cleanup operations will run. INFO Product MFP to be removed from system. INFO Product APPSTATS to be removed from system. INFO Product Auth to be removed from system. INFO Product EMproxy to be removed from system. INFO Product FWdiver to be removed from system. INFO Product McSvcHost to be removed from system. INFO Product HW to be removed from system. INFO Product MAS to be removed from system. INFO Product MAT to be removed from system. INFO Product MBK to be removed from system. INFO Product MCPR to be removed from system. INFO Product McProxy to be removed from system. INFO Product VUL to be removed from system. INFO Product MHN to be removed from system. INFO Product MNA to be removed from system. INFO Product MOBK to be removed from system. INFO Product MPFP to be removed from system. INFO Product MPFPCU to be removed from system. INFO Product MPS to be removed from system. INFO Product SHRED to be removed from system. INFO Product MPSCU to be removed from system. INFO Product MQC to be removed from system. INFO Product MQCCU to be removed from system. INFO Product MSAD to be removed from system. INFO Product MSHR to be removed from system. INFO Product MSK to be removed from system. INFO Product MSKCU to be removed from system. INFO Product MWL to be removed from system. INFO Product NMC to be removed from system. INFO Product RedirSvc to be removed from system. INFO Product VS to be removed from system. INFO Product MSC to be removed from system. ERROR Internal Error. Failed to establish trust. PASS EnablePrivilege(TRUE) returns: 1 PASS Register(C:\Windows\system32\jscript.dll) returns: 1 PASS Register(C:\Windows\system32\vbscript.dll) returns: 1 PASS Register(C:\Windows\system32\jscript9.dll) returns: 1 PASS UnRegisterBHO() returns: 1 INFO Removing product MFP... INFO Running command... PASS Command line command successful INFO Running command... PASS Command line command successful INFO Removing registry keys... PASS HKEY_LOCAL_MACHINE\SOFTWARE\Internet Content Filter removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Internet Content Filter does not exist PASS HKEY_USERS\.DEFAULT\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-19\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-20\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-21-3893912771-293447690-4005701847-1000\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-21-3893912771-293447690-4005701847-1000_Classes\SOFTWARE\Internet Content Filter does not exist PASS HKEY_USERS\S-1-5-18\SOFTWARE\Internet Content Filter does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ICF does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fpUpdateSvc does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A96FA488-2856-437F-8EAC-1FD67F0EE32C} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A96FA488-2856-437F-8EAC-1FD67F0EE32C} does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfeicfcore does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mfeicfupdate does not exist INFO Removing files... PASS C:\Users\Public\Desktop\Set up Family Protection.lnk does not exist PASS %USERPROFILE%\Desktop\Set up Family Protection.lnk does not exist PASS C:\Users\Public\Desktop\Configure McAfee Family Protection.lnk does not exist PASS %USERPROFILE%\Desktop\Configure McAfee Family Protection.lnk does not exist PASS C:\Users\Public\Desktop\Configure Family Protection.lnk does not exist PASS %USERPROFILE%\Desktop\Configure Family Protection.lnk does not exist PASS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection\Remove Family Protection.lnk does not exist PASS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection\Set up Family Protection.lnk does not exist PASS C:\Windows\System32\ICF.dll does not exist PASS C:\Windows\System32\seinst.dll does not exist PASS C:\Windows\sysnative\ICF.dll does not exist PASS C:\Windows\sysnative\seinst.dll does not exist PASS C:\Windows\sediag.exe does not exist PASS C:\Windows\serecat.exe does not exist PASS C:\Windows\serecat.exe does not exist INFO Removing directory... PASS C:\Program Files\Internet Content Filter does not exist INFO Removing directory... PASS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection does not exist INFO Removing directory... PASS \Application Data\McAfee\MCLOGS\CoreTech\mfp does not exist INFO Removing directory... PASS C:\Program Files\InstallShield Installation Information\{A96FA488-2856-437F-8EAC-1FD67F0EE32C} does not exist INFO Removing directory... PASS C:\ProgramData\Internet Content Filter does not exist PASS Product MFP successfully removed. INFO Removing product APPSTATS... INFO Running command... PASS Command line command successful INFO Running command... PASS Command line command successful INFO Removing registry keys... PASS HKLM\SYSTEM\CurrentControlSet\services\MfeASKM does not exist PASS HKLM\SYSTEM\CurrentControlSet\services\MfeASUM does not exist PASS HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_MFEASKM does not exist INFO Removing directory... PASS %ProgramW6432%\McAfee\AppStats does not exist INFO Removing directory... PASS C:\Program Files\McAfee\AppStats does not exist INFO Removing user profile directories... PASS C:\Users\Brian\Application Data\McAfee\AppStats does not exist PASS C:\Users\Default\Application Data\McAfee\AppStats does not exist PASS C:\Users\Michelle\Application Data\McAfee\AppStats does not exist PASS C:\Users\Public\Application Data\McAfee\AppStats does not exist PASS Product APPSTATS successfully removed. INFO Removing product Auth... INFO Removing files... PASS C:\Program Files\Common Files\McAfee\Auth\authIE32.inf does not exist PASS C:\Program Files\Common Files\McAfee\Auth\authIE64.inf does not exist PASS C:\Program Files\Common Files\McAfee\Auth\AuthIE32.dll does not exist PASS C:\Program Files\Common Files\McAfee\Auth\AuthIE64.dll does not exist INFO Removing files... PASS C:\Program Files\Common Files\McAfee\Auth\authFF.inf does not exist PASS C:\Program Files\Common Files\McAfee\Auth\npAuthFF.dll does not exist INFO Removing files... PASS C:\Program Files\Common Files\McAfee\Auth\authmain.inf does not exist PASS C:\Program Files\Common Files\McAfee\Auth\authcore.inf does not exist PASS C:\Program Files\Common Files\McAfee\Auth\AuthCore.exe does not exist INFO Removing directory... PASS C:\Program Files\Common Files\McAfee\Auth does not exist INFO Removing directory... PASS C:\ProgramData\McAfee\Auth does not exist INFO Removing directory... PASS C:\ProgramData\McAfee\WinCore\persist.mtk removed successfully PASS C:\ProgramData\McAfee\WinCore removed successfully INFO Removing registry keys... PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\iemcdata.DLL does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2603D10A-A956-4EA4-882B-9D015723EE02} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\InprocServer32 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\ProgID does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\Programmable does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\TypeLib does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548}\VersionIndependentProgID does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{837703DD-F645-4D7D-8F9A-E98418A5F9C9} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{837703DD-F645-4D7D-8F9A-E98418A5F9C9}\ProxyStubClsid does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{837703DD-F645-4D7D-8F9A-E98418A5F9C9}\ProxyStubClsid32 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{837703DD-F645-4D7D-8F9A-E98418A5F9C9}\TypeLib does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo\CLSID does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo\CurVer does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo.1 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\McData.McAfeeInfo.1\CLSID does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\0 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\0\win32 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\0\win64 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\FLAGS does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D328159B-0C40-47D0-876A-1F8DC4F6854B}\1.0\HELPDIR does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\AUTHCORE does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\AUTHFF does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\AUTHIE32 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\AUTHIE64 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/info does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/info\MimeTypes does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/info\MimeTypes\application/mcafeeinfo does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/info\Suffixes does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8289682C-1A2C-4039-B9DC-F2A6C006F0EF} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{58BAF6D6-6F7F-4601-A1B0-A137ECB95548} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Auth does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Auth does not exist PASS Product Auth successfully removed. INFO Removing product EMproxy... INFO Removing files... PASS C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe does not exist PASS C:\Program Files\Common Files\McAfee\EmProxy\emproxy.inf does not exist PASS C:\Program Files\Common Files\McAfee\EmProxy\emprxres.dll does not exist PASS C:\Program Files\Common Files\McAfee\EmProxy\emprxres.inf does not exist PASS C:\Program Files\Common Files\McAfee\EmProxy\emprxyps.dll does not exist PASS C:\Program Files\Common Files\McAfee\EmProxy\emtray.exe does not exist PASS C:\Program Files\Common Files\McAfee\EmProxy\emtray.inf does not exist PASS C:\Program Files\Common Files\McAfee\EmProxy\emtray.inf does not exist INFO Removing registry keys... PASS HKCR\AppID\{046a85cb-74fd-4569-b65c-42f698d27951} does not exist PASS HKCR\AppID\emproxy.exe does not exist PASS HKCR\AppID\emtray.exe does not exist PASS HKCR\CLSID\{291E562F-0605-4797-95A2-1AEC25893F1E} does not exist PASS HKCR\CLSID\{396EA20D-1AAB-4f12-9675-BC6218B404FD} does not exist PASS HKCR\CLSID\{b3326110-966a-4609-b3ca-c98a2a8016d9} does not exist PASS HKCR\Interface\{08BB9069-FD2E-476F-A525-3A75EA28D7D0} does not exist PASS HKCR\Interface\{291E562F-0605-4797-95A2-1AEC25893F1E} does not exist PASS HKCR\Interface\{70E1E130-4524-4C15-881F-CE7CFF5DB6CA} does not exist PASS HKCR\Interface\{BDCF65C8-ABF3-4693-B7FC-B3D3EF27A419} does not exist PASS HKCR\Interface\{D5975961-7AB0-4038-AF7F-8831AB84D8A0} does not exist PASS HKCR\TypeLib\{58911211-8773-4A30-B532-88A446900BA6} does not exist PASS HKLM\SOFTWARE\McAfee\EmProxy does not exist PASS HKLM\SOFTWARE\McAfee\SharedPackages\EmProxy does not exist PASS HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_EMPROXY does not exist PASS HKLM\SYSTEM\CurrentControlSet\Services\Emproxy does not exist PASS HKLM\SYSTEM\CurrentControlSet\Services\Emproxy does not exist PASS Product EMproxy successfully removed. INFO Removing product FWdiver... PASS Product FWdiver successfully removed. INFO Removing product McSvcHost... PASS Product McSvcHost successfully removed. INFO Removing product HW... INFO Removing registry keys... PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\HWAPI.EXE does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{02FCCD7B-1F18-458D-B1C3-B6AEB20124FD} removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07AA2658-7A1A-47e5-B01A-701DC9EECD6F} removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CE809D3-1D8B-4321-9F89-3F49CEA8B15C} removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231727DB-4A5A-4c85-B844-64E3A30BE7A3} removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36C29AB6-FF73-4f74-A2D1-C5C09B54E5C9} removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6021CE48-B556-4f11-BC68-A647F056F8CC} removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85DADE1D-E53C-4E3A-8514-19FFB6B00423} removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0EBB878-FDC0-4514-AEE9-F68E4337E7D2} removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB49CFE3-C775-48f1-B0C6-BEBABF84EFF9} removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatch removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatch.1 removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppDetails removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppDetails.1 removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppEntry removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppEntry.1 removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchFirewallSettings removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchFirewallSettings.1 removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchServerQuery removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchServerQuery.1 removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSettings removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSettings.1 removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSharedPerms removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSharedPerms.1 removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchVersion removed successfully PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchVersion.1 removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HackerWatch removed successfully PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\HWAPI removed successfully PASS HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McAfee Hackerwatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee HackerWatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McAfee HackerWatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McAfee HackerWatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McAfee HackerWatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist INFO Removing directory... PASS C:\Program Files\Common Files\McAfee\Hackerwatch\HWAPI.dll removed successfully PASS C:\Program Files\Common Files\McAfee\Hackerwatch\hwapi.inf removed successfully PASS C:\Program Files\Common Files\McAfee\Hackerwatch\hwupdchk.exe removed successfully PASS C:\Program Files\Common Files\McAfee\Hackerwatch removed successfully INFO Removing directory... PASS %USERPROFILE%\AppData\Roaming\McAfee\Hackerwatch does not exist INFO Removing directory if empty... PASS Attempt to remove directory C:\Program Files\Common Files\McAfee (if empty) on next reboot INFO Removing registry keys... PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\HWAPI.EXE does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{02FCCD7B-1F18-458D-B1C3-B6AEB20124FD} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07AA2658-7A1A-47e5-B01A-701DC9EECD6F} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CE809D3-1D8B-4321-9F89-3F49CEA8B15C} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{231727DB-4A5A-4c85-B844-64E3A30BE7A3} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36C29AB6-FF73-4f74-A2D1-C5C09B54E5C9} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6021CE48-B556-4f11-BC68-A647F056F8CC} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85DADE1D-E53C-4E3A-8514-19FFB6B00423} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A0EBB878-FDC0-4514-AEE9-F68E4337E7D2} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB49CFE3-C775-48f1-B0C6-BEBABF84EFF9} does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatch does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatch.1 does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppDetails does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppDetails.1 does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppEntry does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchAppEntry.1 does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchFirewallSettings does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchFirewallSettings.1 does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchServerQuery does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchServerQuery.1 does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSettings does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSettings.1 does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSharedPerms does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchSharedPerms.1 does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchVersion does not exist PASS HKEY_CLASSES_ROOT\McHackerWatchLib.McHackerWatchVersion.1 does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\HackerWatch does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\SharedPackages\HWAPI does not exist PASS HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\McAfee Hackerwatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McAfee HackerWatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McAfee HackerWatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\McAfee HackerWatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\McAfee HackerWatch Service does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist PASS HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCAFEE_HACKERWATCH_SERVICE does not exist INFO Removing directory... PASS C:\Program Files\Common Files\McAfee\Hackerwatch does not exist INFO Removing directory... PASS %USERPROFILE%\AppData\Roaming\McAfee\Hackerwatch does not exist PASS Product HW successfully removed. INFO Removing product MAS... INFO Removing file... PASS C:\ProgramData\McAfee\AntiSpyware\Data\SpyData.dat does not exist INFO Removing file... PASS C:\ProgramData\McAfee\AntiSpyware\Data\Mss.dat does not exist INFO Removing file... PASS C:\ProgramData\McAfee\AntiSpyware\Data does not exist INFO Removing file... PASS C:\ProgramData\McAfee\AntiSpyware does not exist INFO Removing directory... PASS C:\ProgramData\McAfee\AntiSpyware does not exist INFO Removing directory... PASS C:\Program Files\Common Files\McAfee\AntiSpyware does not exist INFO Removing directory... PASS C:\Program Files\McAfee\McAfee AntiSpyware does not exist INFO Removing directory if empty... PASS Attempt to remove directory C:\ProgramData\McAfee (if empty) on next reboot INFO Removing directory if empty... PASS Attempt to remove directory C:\Program Files\Common Files\McAfee (if empty) on next reboot INFO Removing directory if empty... PASS Attempt to remove directory C:\Program Files\McAfee (if empty) on next reboot INFO Removing files... PASS C:\Program Files\McAfee.com\Agent\app\mas.adf does not exist PASS C:\Program Files\McAfee.com\Agent\Custom_Uninstall\masreg.inf does not exist PASS C:\Program Files\McAfee.com\Agent\Uninst\masrem.ui does not exist PASS C:\ProgramData\McAfee.com\Agent\RegWiz\RegApp\mas.ini does not exist PASS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee AntiSpyware.lnk does not exist PASS C:\$RECYCLE.BIN\Desktop\McAfee AntiSpyware.lnk does not exist PASS C:\Windows\Tasks\McAfee AntiSpyware.job does not exist PASS C:\Windows\Tasks\McAfee AntiSpyware.job does not exist INFO Removing registry keys... PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{57AB088E-64D3-4fe5-951B-324F78F8053B} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{716B6046-3784-4bc0-94AB-EA18030F1116} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00D9A576-478A-4da3-8F4D-9D24550D7BFB} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{157D0CD0-F262-4480-9795-F30BC0CF7FED} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3A5D0518-2D84-4c2e-9079-F3C126EFA309} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3FF95E5B-1F32-4e2a-973C-9859C404F76D} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761BAB59-3E81-4607-B277-E49DDF398A8D} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9869C047-651A-46c4-8262-331DE168FD50} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEC54580-F435-4858-8F61-6E2657482078} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F29EE164-DF52-4b69-A11C-635695BE0B45} does not exist PASS HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2A0229A-C4CA-4789-B606-973D24DCDD1C} does not exist -- Again this is only a few pages of the report the total report is several hundred pages in length. I have re-booted the PC in safe mode with networking again, and am ready to follow your next suggestion. Shall I try to run ComboFix at this time?

Gringo, just to clarify the instructions above, I did try to remove McAfee using Add/Remove programs without success, while my PC is in safe mode. Shall I re-boot my PC and try to remove McAfee with PC in Normal mode? Please clarify. Also once I run the MCPR.exe, and re-boot my PC, should I start in Normal mode or safe mode with networking?

Gringo, just tried to uninstall and it will not allow me to do this. The message I get is "An error occurred while trying to uninstall McAfee Security Center. It may have already been uninstalled." I know this it was not uninstalled because I can still open it from my desktop and enable/disable the firewall. Any suggestions?

Gringo, The last time I tried to run ComboFix, It warned me that my Antivirus was still running. I tried to disable McAfee Security Center version 11.6, but I am now wondering if I am able to completely disable this in Safe mode. Many of the options in Security Center don't allow me to change anything. I am able to disable the firewall in Security Center, but that's about it. Any suggestions on how to proceed?

It says I cannot find ComboFix. Is there some place else I can find the info you want to see?

Gringo, by the way I forgot to mention that I am running in safe mode with networking, but still no network access, because of the message mentioned before. I have re-started my PC (from on of the scans you had me run),but I always force it to start in safe mode with networking. I will await your direction on next steps.

Gringo, Here are the reports from the two scans you recommended: TDSSKiller report: 20:27:26.0094 1544 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:27:26.0281 1544 ============================================================ 20:27:26.0281 1544 Current date / time: 2012/12/02 20:27:26.0281 20:27:26.0281 1544 SystemInfo: 20:27:26.0281 1544 20:27:26.0281 1544 OS Version: 6.0.6002 ServicePack: 2.0 20:27:26.0281 1544 Product type: Workstation 20:27:26.0281 1544 ComputerName: HOWELL-PC 20:27:26.0281 1544 UserName: Brian 20:27:26.0281 1544 Windows directory: C:\Windows 20:27:26.0281 1544 System windows directory: C:\Windows 20:27:26.0281 1544 Processor architecture: Intel x86 20:27:26.0281 1544 Number of processors: 4 20:27:26.0281 1544 Page size: 0x1000 20:27:26.0281 1544 Boot type: Safe boot with network 20:27:26.0281 1544 ============================================================ 20:27:27.0763 1544 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:27:27.0794 1544 ============================================================ 20:27:27.0794 1544 \Device\Harddisk0\DR0: 20:27:27.0794 1544 MBR partitions: 20:27:27.0794 1544 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000 20:27:27.0794 1544 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x38F6A000 20:27:27.0794 1544 ============================================================ 20:27:27.0825 1544 C: <-> \Device\Harddisk0\DR0\Partition2 20:27:27.0841 1544 D: <-> \Device\Harddisk0\DR0\Partition1 20:27:27.0841 1544 ============================================================ 20:27:27.0841 1544 Initialize success 20:27:27.0841 1544 ============================================================ 20:27:30.0087 1540 ============================================================ 20:27:30.0087 1540 Scan started 20:27:30.0087 1540 Mode: Manual; 20:27:30.0087 1540 ============================================================ 20:27:31.0117 1540 ================ Scan system memory ======================== 20:27:31.0117 1540 System memory - ok 20:27:31.0117 1540 ================ Scan services ============================= 20:27:31.0273 1540 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 20:27:31.0273 1540 ACDaemon - ok 20:27:31.0398 1540 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 20:27:31.0398 1540 ACPI - ok 20:27:31.0445 1540 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:27:31.0445 1540 adp94xx - ok 20:27:31.0476 1540 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:27:31.0476 1540 adpahci - ok 20:27:31.0491 1540 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 20:27:31.0491 1540 adpu160m - ok 20:27:31.0507 1540 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:27:31.0507 1540 adpu320 - ok 20:27:31.0538 1540 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:27:31.0538 1540 AeLookupSvc - ok 20:27:31.0601 1540 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys 20:27:31.0601 1540 Afc - ok 20:27:31.0679 1540 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 20:27:31.0679 1540 AFD - ok 20:27:31.0710 1540 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:27:31.0710 1540 agp440 - ok 20:27:31.0725 1540 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 20:27:31.0725 1540 aic78xx - ok 20:27:31.0741 1540 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 20:27:31.0757 1540 ALG - ok 20:27:31.0757 1540 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 20:27:31.0757 1540 aliide - ok 20:27:31.0772 1540 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 20:27:31.0772 1540 amdagp - ok 20:27:31.0788 1540 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 20:27:31.0788 1540 amdide - ok 20:27:31.0803 1540 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 20:27:31.0803 1540 AmdK7 - ok 20:27:31.0819 1540 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:27:31.0819 1540 AmdK8 - ok 20:27:31.0928 1540 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:27:31.0928 1540 Apple Mobile Device - ok 20:27:31.0975 1540 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 20:27:31.0975 1540 arc - ok 20:27:32.0006 1540 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:27:32.0006 1540 arcsas - ok 20:27:32.0100 1540 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:27:32.0100 1540 aspnet_state - ok 20:27:32.0115 1540 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:27:32.0115 1540 AsyncMac - ok 20:27:32.0162 1540 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys 20:27:32.0162 1540 atapi - ok 20:27:32.0209 1540 [ C797D9EE6AEB9DBC01FC00B14216E02F ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 20:27:32.0225 1540 Ati External Event Utility - ok 20:27:32.0318 1540 [ E615E3C567FBD10121723EFF09D26B00 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:27:32.0365 1540 atikmdag - ok 20:27:32.0427 1540 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:27:32.0427 1540 AudioEndpointBuilder - ok 20:27:32.0427 1540 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 20:27:32.0427 1540 Audiosrv - ok 20:27:32.0459 1540 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 20:27:32.0459 1540 Beep - ok 20:27:32.0521 1540 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 20:27:32.0583 1540 BITS - ok 20:27:32.0599 1540 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 20:27:32.0615 1540 blbdrive - ok 20:27:32.0693 1540 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:27:32.0693 1540 Bonjour Service - ok 20:27:32.0724 1540 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:27:32.0724 1540 bowser - ok 20:27:32.0755 1540 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 20:27:32.0755 1540 BrFiltLo - ok 20:27:32.0771 1540 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 20:27:32.0771 1540 BrFiltUp - ok 20:27:32.0771 1540 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 20:27:32.0771 1540 Browser - ok 20:27:32.0802 1540 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 20:27:32.0802 1540 Brserid - ok 20:27:32.0817 1540 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 20:27:32.0817 1540 BrSerWdm - ok 20:27:32.0833 1540 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 20:27:32.0833 1540 BrUsbMdm - ok 20:27:32.0849 1540 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 20:27:32.0849 1540 BrUsbSer - ok 20:27:32.0880 1540 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:27:32.0880 1540 BTHMODEM - ok 20:27:32.0927 1540 [ 248DFA5762DDE38DFDDBBD44149E9D7A ] BVRPMPR5 C:\Windows\system32\drivers\BVRPMPR5.SYS 20:27:32.0927 1540 BVRPMPR5 - ok 20:27:33.0098 1540 catchme - ok 20:27:33.0176 1540 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:27:33.0176 1540 cdfs - ok 20:27:33.0207 1540 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:27:33.0207 1540 cdrom - ok 20:27:33.0254 1540 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 20:27:33.0254 1540 CertPropSvc - ok 20:27:33.0301 1540 [ B1055457196E7EC9A9B65D4FAE5A4A53 ] cfwids C:\Windows\system32\drivers\cfwids.sys 20:27:33.0301 1540 cfwids - ok 20:27:33.0317 1540 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 20:27:33.0317 1540 circlass - ok 20:27:33.0348 1540 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 20:27:33.0363 1540 CLFS - ok 20:27:33.0410 1540 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:27:33.0426 1540 clr_optimization_v2.0.50727_32 - ok 20:27:33.0519 1540 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:27:33.0613 1540 clr_optimization_v4.0.30319_32 - ok 20:27:33.0629 1540 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:27:33.0629 1540 cmdide - ok 20:27:33.0644 1540 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:27:33.0644 1540 Compbatt - ok 20:27:33.0644 1540 COMSysApp - ok 20:27:33.0660 1540 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:27:33.0660 1540 crcdisk - ok 20:27:33.0707 1540 [ 0C629820AAD9C90E456B221C94D640CA ] Creative Labs Licensing Service C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe 20:27:33.0707 1540 Creative Labs Licensing Service - ok 20:27:33.0769 1540 [ 3C8B6609712F4FF78E521F6DCFC4032B ] Creative Service for CDROM Access C:\Windows\system32\CTsvcCDA.exe 20:27:33.0769 1540 Creative Service for CDROM Access - ok 20:27:33.0785 1540 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 20:27:33.0785 1540 Crusoe - ok 20:27:33.0847 1540 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:27:33.0847 1540 CryptSvc - ok 20:27:33.0909 1540 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:27:33.0909 1540 DcomLaunch - ok 20:27:33.0972 1540 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:27:33.0972 1540 DfsC - ok 20:27:34.0065 1540 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 20:27:34.0112 1540 DFSR - ok 20:27:34.0143 1540 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 20:27:34.0143 1540 Dhcp - ok 20:27:34.0159 1540 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 20:27:34.0159 1540 disk - ok 20:27:34.0253 1540 [ 13511564CAC5A005255765E322C16967 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe 20:27:34.0253 1540 DockLoginService - ok 20:27:34.0299 1540 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:27:34.0299 1540 dot3svc - ok 20:27:34.0346 1540 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 20:27:34.0362 1540 Dot4 - ok 20:27:34.0377 1540 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 20:27:34.0377 1540 Dot4Print - ok 20:27:34.0409 1540 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 20:27:34.0409 1540 dot4usb - ok 20:27:34.0440 1540 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 20:27:34.0440 1540 DPS - ok 20:27:34.0455 1540 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:27:34.0455 1540 drmkaud - ok 20:27:34.0518 1540 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:27:34.0518 1540 DXGKrnl - ok 20:27:34.0565 1540 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys 20:27:34.0565 1540 e1express - ok 20:27:34.0596 1540 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 20:27:34.0596 1540 E1G60 - ok 20:27:34.0627 1540 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 20:27:34.0627 1540 EapHost - ok 20:27:34.0689 1540 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 20:27:34.0689 1540 Ecache - ok 20:27:34.0721 1540 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:27:34.0721 1540 ehRecvr - ok 20:27:34.0736 1540 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 20:27:34.0736 1540 ehSched - ok 20:27:34.0752 1540 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 20:27:34.0752 1540 ehstart - ok 20:27:34.0783 1540 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:27:34.0799 1540 elxstor - ok 20:27:34.0845 1540 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 20:27:34.0861 1540 EMDMgmt - ok 20:27:34.0877 1540 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:27:34.0877 1540 ErrDev - ok 20:27:34.0939 1540 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 20:27:34.0939 1540 EventSystem - ok 20:27:34.0986 1540 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 20:27:34.0986 1540 exfat - ok 20:27:35.0001 1540 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:27:35.0001 1540 fastfat - ok 20:27:35.0017 1540 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:27:35.0017 1540 fdc - ok 20:27:35.0033 1540 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 20:27:35.0033 1540 fdPHost - ok 20:27:35.0048 1540 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 20:27:35.0048 1540 FDResPub - ok 20:27:35.0048 1540 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:27:35.0064 1540 FileInfo - ok 20:27:35.0079 1540 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:27:35.0079 1540 Filetrace - ok 20:27:35.0079 1540 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:27:35.0079 1540 flpydisk - ok 20:27:35.0126 1540 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:27:35.0126 1540 FltMgr - ok 20:27:35.0189 1540 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:27:35.0189 1540 FontCache3.0.0.0 - ok 20:27:35.0204 1540 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:27:35.0204 1540 Fs_Rec - ok 20:27:35.0235 1540 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:27:35.0235 1540 gagp30kx - ok 20:27:35.0282 1540 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:27:35.0282 1540 GEARAspiWDM - ok 20:27:35.0329 1540 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 20:27:35.0329 1540 GoogleDesktopManager-051210-111108 - ok 20:27:35.0391 1540 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 20:27:35.0407 1540 gpsvc - ok 20:27:35.0469 1540 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:27:35.0469 1540 HDAudBus - ok 20:27:35.0485 1540 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:27:35.0485 1540 HidBth - ok 20:27:35.0501 1540 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 20:27:35.0516 1540 HidIr - ok 20:27:35.0516 1540 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll 20:27:35.0516 1540 hidserv - ok 20:27:35.0563 1540 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:27:35.0563 1540 HidUsb - ok 20:27:35.0625 1540 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys 20:27:35.0641 1540 HipShieldK - ok 20:27:35.0672 1540 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:27:35.0672 1540 hkmsvc - ok 20:27:35.0703 1540 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 20:27:35.0703 1540 HpCISSs - ok 20:27:35.0750 1540 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:27:35.0750 1540 HTTP - ok 20:27:35.0766 1540 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 20:27:35.0766 1540 i2omp - ok 20:27:35.0797 1540 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:27:35.0797 1540 i8042prt - ok 20:27:35.0844 1540 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys 20:27:35.0844 1540 iaStor - ok 20:27:35.0875 1540 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 20:27:35.0875 1540 iaStorV - ok 20:27:35.0984 1540 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:27:35.0984 1540 IDriverT - ok 20:27:36.0062 1540 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:27:36.0062 1540 idsvc - ok 20:27:36.0078 1540 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:27:36.0078 1540 iirsp - ok 20:27:36.0140 1540 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 20:27:36.0140 1540 IKEEXT - ok 20:27:36.0203 1540 [ 4EAE74C8BCBCA309A5D7CBAD7E231427 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 20:27:36.0234 1540 IntcAzAudAddService - ok 20:27:36.0265 1540 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\DRIVERS\intelide.sys 20:27:36.0265 1540 intelide - ok 20:27:36.0296 1540 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:27:36.0296 1540 intelppm - ok 20:27:36.0312 1540 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:27:36.0312 1540 IpFilterDriver - ok 20:27:36.0312 1540 IpInIp - ok 20:27:36.0343 1540 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 20:27:36.0343 1540 IPMIDRV - ok 20:27:36.0359 1540 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 20:27:36.0359 1540 IPNAT - ok 20:27:36.0421 1540 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:27:36.0437 1540 iPod Service - ok 20:27:36.0452 1540 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:27:36.0452 1540 IRENUM - ok 20:27:36.0468 1540 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:27:36.0468 1540 isapnp - ok 20:27:36.0530 1540 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 20:27:36.0530 1540 iScsiPrt - ok 20:27:36.0546 1540 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 20:27:36.0546 1540 iteatapi - ok 20:27:36.0561 1540 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 20:27:36.0561 1540 iteraid - ok 20:27:36.0593 1540 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:27:36.0593 1540 kbdclass - ok 20:27:36.0639 1540 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:27:36.0639 1540 kbdhid - ok 20:27:36.0671 1540 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 20:27:36.0671 1540 KeyIso - ok 20:27:36.0733 1540 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:27:36.0733 1540 KSecDD - ok 20:27:36.0749 1540 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 20:27:36.0764 1540 KtmRm - ok 20:27:36.0811 1540 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll 20:27:36.0827 1540 LanmanServer - ok 20:27:36.0889 1540 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:27:36.0889 1540 LanmanWorkstation - ok 20:27:36.0983 1540 [ A0F7DC0080E4F97DC97DE08B699E231B ] LBTServ C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe 20:27:36.0983 1540 LBTServ - ok 20:27:37.0014 1540 [ 24E0DDB99AECCF86BB37702611761459 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 20:27:37.0014 1540 LHidFilt - ok 20:27:37.0045 1540 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:27:37.0045 1540 lltdio - ok 20:27:37.0061 1540 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:27:37.0076 1540 lltdsvc - ok 20:27:37.0092 1540 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:27:37.0092 1540 lmhosts - ok 20:27:37.0107 1540 [ D58B330D318361A66A9FE60D7C9B4951 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 20:27:37.0107 1540 LMouFilt - ok 20:27:37.0123 1540 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:27:37.0123 1540 LSI_FC - ok 20:27:37.0123 1540 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:27:37.0123 1540 LSI_SAS - ok 20:27:37.0139 1540 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:27:37.0139 1540 LSI_SCSI - ok 20:27:37.0170 1540 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 20:27:37.0170 1540 luafv - ok 20:27:37.0263 1540 [ 6C3D154FFF0A97A6C3D9F78D60C41655 ] McAfee SiteAdvisor Service C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 20:27:37.0263 1540 McAfee SiteAdvisor Service - ok 20:27:37.0373 1540 [ 8575512AE3D52A9E57E9E517C1DF09E8 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.287\McCHSvc.exe 20:27:37.0388 1540 McComponentHostService - ok 20:27:37.0466 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 20:27:37.0466 1540 McMPFSvc - ok 20:27:37.0482 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:27:37.0482 1540 mcmscsvc - ok 20:27:37.0482 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:27:37.0482 1540 McNaiAnn - ok 20:27:37.0497 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:27:37.0497 1540 McNASvc - ok 20:27:37.0560 1540 [ E63BF12007702D6AC5037AF1E0C6B1C9 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe 20:27:37.0575 1540 McODS - ok 20:27:37.0575 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 20:27:37.0575 1540 McProxy - ok 20:27:37.0638 1540 [ 381D3CEA75F8BAA8DAAB39BE1487C339 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 20:27:37.0653 1540 McShield - ok 20:27:37.0669 1540 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:27:37.0669 1540 Mcx2Svc - ok 20:27:37.0700 1540 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 20:27:37.0700 1540 megasas - ok 20:27:37.0731 1540 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 20:27:37.0731 1540 MegaSR - ok 20:27:37.0794 1540 [ EBD0E304B8FA3B4CAE564DE4F3E2938C ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys 20:27:37.0794 1540 mfeapfk - ok 20:27:37.0825 1540 [ 1C02357D120C86F6FCDE1310AEA0F859 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys 20:27:37.0825 1540 mfeavfk - ok 20:27:37.0872 1540 [ FAAFF1D9A5624F2EEB7FA74919CCE947 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys 20:27:37.0872 1540 mfebopk - ok 20:27:37.0919 1540 [ 90E6BF80BA485BD3A4D66EE2EF9CCD87 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 20:27:37.0919 1540 mfefire - ok 20:27:37.0965 1540 [ 0D71E107B63FE8923D4694117882B2A3 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys 20:27:37.0965 1540 mfefirek - ok 20:27:37.0997 1540 [ 2BDEE93EA2DE3D643219B76153A6FAC3 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys 20:27:37.0997 1540 mfehidk - ok 20:27:38.0043 1540 [ FC293834A4F45F90EC41DC843AEFA9F9 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys 20:27:38.0043 1540 mferkdet - ok 20:27:38.0059 1540 [ 41FE2F288E05A6C8AB85DD56770FFBAD ] mferkdk C:\Windows\system32\drivers\mferkdk.sys 20:27:38.0059 1540 mferkdk - ok 20:27:38.0106 1540 [ 096B52EA918AA909BA5903D79E129005 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys 20:27:38.0106 1540 mfesmfk - ok 20:27:38.0168 1540 [ 00E9EFFF461D979BAF3A92F12C0820CE ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe 20:27:38.0168 1540 mfevtp - ok 20:27:38.0199 1540 [ 54709BEEAB611909981EDD1A7A3EFA31 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys 20:27:38.0199 1540 mfewfpk - ok 20:27:38.0215 1540 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 20:27:38.0215 1540 MMCSS - ok 20:27:38.0246 1540 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 20:27:38.0246 1540 Modem - ok 20:27:38.0262 1540 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:27:38.0262 1540 monitor - ok 20:27:38.0262 1540 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:27:38.0262 1540 mouclass - ok 20:27:38.0293 1540 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:27:38.0293 1540 mouhid - ok 20:27:38.0293 1540 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 20:27:38.0293 1540 MountMgr - ok 20:27:38.0324 1540 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 20:27:38.0324 1540 mpio - ok 20:27:38.0355 1540 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:27:38.0355 1540 mpsdrv - ok 20:27:38.0371 1540 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 20:27:38.0371 1540 Mraid35x - ok 20:27:38.0387 1540 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:27:38.0387 1540 MRxDAV - ok 20:27:38.0449 1540 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:27:38.0449 1540 mrxsmb - ok 20:27:38.0496 1540 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:27:38.0496 1540 mrxsmb10 - ok 20:27:38.0511 1540 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:27:38.0511 1540 mrxsmb20 - ok 20:27:38.0527 1540 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys 20:27:38.0527 1540 msahci - ok 20:27:38.0543 1540 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:27:38.0543 1540 msdsm - ok 20:27:38.0558 1540 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 20:27:38.0558 1540 MSDTC - ok 20:27:38.0589 1540 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:27:38.0589 1540 Msfs - ok 20:27:38.0605 1540 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:27:38.0605 1540 msisadrv - ok 20:27:38.0636 1540 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:27:38.0636 1540 MSiSCSI - ok 20:27:38.0636 1540 msiserver - ok 20:27:38.0683 1540 [ ECAB006AC6136F1307E140B633CDB8C2 ] MSK80Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe 20:27:38.0683 1540 MSK80Service - ok 20:27:38.0699 1540 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:27:38.0699 1540 MSKSSRV - ok 20:27:38.0730 1540 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:27:38.0730 1540 MSPCLOCK - ok 20:27:38.0745 1540 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:27:38.0745 1540 MSPQM - ok 20:27:38.0792 1540 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:27:38.0792 1540 MsRPC - ok 20:27:38.0823 1540 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:27:38.0823 1540 mssmbios - ok 20:27:38.0823 1540 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:27:38.0823 1540 MSTEE - ok 20:27:38.0870 1540 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 20:27:38.0870 1540 Mup - ok 20:27:38.0917 1540 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 20:27:38.0933 1540 napagent - ok 20:27:38.0979 1540 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:27:38.0979 1540 NativeWifiP - ok 20:27:39.0057 1540 [ F2A143338C59FE9890DF883B5843CBA6 ] ncpclcfg C:\Program Files\WatchGuard\Mobile VPN\ncpclcfg.exe 20:27:39.0057 1540 ncpclcfg - ok 20:27:39.0104 1540 [ 4D974271DE42C9729400DD46B5791CC1 ] ncpfilt C:\Windows\system32\DRIVERS\ncplelhp.sys 20:27:39.0104 1540 ncpfilt - ok 20:27:39.0104 1540 [ 4D974271DE42C9729400DD46B5791CC1 ] ncplelhp C:\Windows\system32\DRIVERS\ncplelhp.sys 20:27:39.0104 1540 ncplelhp - ok 20:27:39.0167 1540 [ 8D119647A5B67E5E61F6C2274CD6AA3D ] ncprwsnt C:\Program Files\WatchGuard\Mobile VPN\ncprwsnt.exe 20:27:39.0182 1540 ncprwsnt - ok 20:27:39.0229 1540 [ AA221303E918469462FF3539483102F4 ] NcpSec C:\Program Files\WatchGuard\Mobile VPN\ncpsec.exe 20:27:39.0229 1540 NcpSec - ok 20:27:39.0276 1540 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:27:39.0291 1540 NDIS - ok 20:27:39.0307 1540 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:27:39.0307 1540 NdisTapi - ok 20:27:39.0307 1540 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:27:39.0307 1540 Ndisuio - ok 20:27:39.0369 1540 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:27:39.0369 1540 NdisWan - ok 20:27:39.0385 1540 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:27:39.0385 1540 NDProxy - ok 20:27:39.0385 1540 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:27:39.0385 1540 NetBIOS - ok 20:27:39.0432 1540 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 20:27:39.0447 1540 netbt - ok 20:27:39.0447 1540 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 20:27:39.0447 1540 Netlogon - ok 20:27:39.0494 1540 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:27:39.0494 1540 NetTcpPortSharing - ok 20:27:39.0525 1540 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:27:39.0525 1540 nfrd960 - ok 20:27:39.0541 1540 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:27:39.0557 1540 NlaSvc - ok 20:27:39.0588 1540 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:27:39.0588 1540 Npfs - ok 20:27:39.0588 1540 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:27:39.0588 1540 nsiproxy - ok 20:27:39.0650 1540 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:27:39.0681 1540 Ntfs - ok 20:27:39.0697 1540 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 20:27:39.0697 1540 ntrigdigi - ok 20:27:39.0697 1540 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 20:27:39.0697 1540 Null - ok 20:27:39.0713 1540 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:27:39.0728 1540 nvraid - ok 20:27:39.0744 1540 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:27:39.0744 1540 nvstor - ok 20:27:39.0759 1540 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:27:39.0759 1540 nv_agp - ok 20:27:39.0759 1540 NwlnkFlt - ok 20:27:39.0759 1540 NwlnkFwd - ok 20:27:39.0853 1540 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 20:27:39.0869 1540 odserv - ok 20:27:39.0900 1540 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:27:39.0900 1540 ohci1394 - ok 20:27:39.0947 1540 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:27:39.0947 1540 ose - ok 20:27:40.0025 1540 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 20:27:40.0025 1540 p2pimsvc - ok 20:27:40.0040 1540 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 20:27:40.0040 1540 p2psvc - ok 20:27:40.0056 1540 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 20:27:40.0056 1540 Parport - ok 20:27:40.0103 1540 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:27:40.0103 1540 partmgr - ok 20:27:40.0134 1540 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 20:27:40.0134 1540 Parvdm - ok 20:27:40.0149 1540 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 20:27:40.0149 1540 PcaSvc - ok 20:27:40.0196 1540 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 20:27:40.0196 1540 pci - ok 20:27:40.0243 1540 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys 20:27:40.0243 1540 pciide - ok 20:27:40.0259 1540 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:27:40.0259 1540 pcmcia - ok 20:27:40.0305 1540 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys 20:27:40.0305 1540 pcouffin - ok 20:27:40.0352 1540 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:27:40.0383 1540 PEAUTH - ok 20:27:40.0446 1540 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 20:27:40.0493 1540 pla - ok 20:27:40.0508 1540 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 20:27:40.0508 1540 PNRPAutoReg - ok 20:27:40.0539 1540 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 20:27:40.0555 1540 PNRPsvc - ok 20:27:40.0586 1540 [ D82AC5B7DA8FDCCDA1323836516405EC ] Point32 C:\Windows\system32\DRIVERS\point32k.sys 20:27:40.0586 1540 Point32 - ok 20:27:40.0633 1540 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:27:40.0633 1540 PolicyAgent - ok 20:27:40.0664 1540 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:27:40.0664 1540 PptpMiniport - ok 20:27:40.0680 1540 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 20:27:40.0680 1540 Processor - ok 20:27:40.0727 1540 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 20:27:40.0727 1540 ProfSvc - ok 20:27:40.0742 1540 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 20:27:40.0742 1540 ProtectedStorage - ok 20:27:40.0773 1540 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 20:27:40.0773 1540 PSched - ok 20:27:40.0820 1540 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys 20:27:40.0820 1540 PxHelp20 - ok 20:27:40.0867 1540 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:27:40.0883 1540 ql2300 - ok 20:27:40.0898 1540 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:27:40.0898 1540 ql40xx - ok 20:27:40.0914 1540 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:27:40.0914 1540 QWAVEdrv - ok 20:27:41.0007 1540 [ E615E3C567FBD10121723EFF09D26B00 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys 20:27:41.0023 1540 R300 - ok 20:27:41.0039 1540 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:27:41.0039 1540 RasAcd - ok 20:27:41.0054 1540 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 20:27:41.0054 1540 RasAuto - ok 20:27:41.0054 1540 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:27:41.0070 1540 Rasl2tp - ok 20:27:41.0101 1540 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 20:27:41.0117 1540 RasMan - ok 20:27:41.0148 1540 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:27:41.0148 1540 RasPppoe - ok 20:27:41.0179 1540 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:27:41.0179 1540 RasSstp - ok 20:27:41.0226 1540 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:27:41.0226 1540 rdbss - ok 20:27:41.0226 1540 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:27:41.0226 1540 RDPCDD - ok 20:27:41.0257 1540 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 20:27:41.0257 1540 rdpdr - ok 20:27:41.0257 1540 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:27:41.0257 1540 RDPENCDD - ok 20:27:41.0319 1540 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:27:41.0319 1540 RDPWD - ok 20:27:41.0351 1540 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:27:41.0351 1540 RemoteAccess - ok 20:27:41.0397 1540 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:27:41.0397 1540 RemoteRegistry - ok 20:27:41.0413 1540 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 20:27:41.0413 1540 RpcLocator - ok 20:27:41.0429 1540 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 20:27:41.0429 1540 RpcSs - ok 20:27:41.0444 1540 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:27:41.0444 1540 rspndr - ok 20:27:41.0475 1540 [ 8D0BF5FBBFDB25F7F506DF54C2C593C6 ] rwsrsu C:\Program Files\WatchGuard\Mobile VPN\rwsrsu.exe 20:27:41.0491 1540 rwsrsu - ok 20:27:41.0491 1540 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 20:27:41.0491 1540 SamSs - ok 20:27:41.0522 1540 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:27:41.0522 1540 sbp2port - ok 20:27:41.0569 1540 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:27:41.0569 1540 SCardSvr - ok 20:27:41.0600 1540 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 20:27:41.0616 1540 Schedule - ok 20:27:41.0616 1540 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 20:27:41.0616 1540 SCPolicySvc - ok 20:27:41.0647 1540 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:27:41.0647 1540 SDRSVC - ok 20:27:41.0663 1540 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:27:41.0663 1540 secdrv - ok 20:27:41.0694 1540 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 20:27:41.0694 1540 seclogon - ok 20:27:41.0709 1540 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 20:27:41.0709 1540 Serenum - ok 20:27:41.0725 1540 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 20:27:41.0725 1540 Serial - ok 20:27:41.0725 1540 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:27:41.0725 1540 sermouse - ok 20:27:41.0741 1540 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:27:41.0741 1540 sffdisk - ok 20:27:41.0772 1540 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:27:41.0772 1540 sffp_mmc - ok 20:27:41.0787 1540 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:27:41.0787 1540 sffp_sd - ok 20:27:41.0803 1540 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:27:41.0803 1540 sfloppy - ok 20:27:41.0834 1540 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:27:41.0834 1540 SharedAccess - ok 20:27:41.0881 1540 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:27:41.0881 1540 ShellHWDetection - ok 20:27:41.0897 1540 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 20:27:41.0897 1540 sisagp - ok 20:27:41.0912 1540 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 20:27:41.0912 1540 SiSRaid2 - ok 20:27:41.0943 1540 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:27:41.0943 1540 SiSRaid4 - ok 20:27:42.0037 1540 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 20:27:42.0099 1540 slsvc - ok 20:27:42.0146 1540 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:27:42.0146 1540 Smb - ok 20:27:42.0162 1540 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:27:42.0162 1540 SNMPTRAP - ok 20:27:42.0177 1540 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 20:27:42.0177 1540 spldr - ok 20:27:42.0224 1540 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 20:27:42.0240 1540 Spooler - ok 20:27:42.0271 1540 sprtsvc_dellsupportcenter - ok 20:27:42.0302 1540 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 20:27:42.0318 1540 srv - ok 20:27:42.0365 1540 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:27:42.0365 1540 srv2 - ok 20:27:42.0365 1540 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:27:42.0380 1540 srvnet - ok 20:27:42.0396 1540 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:27:42.0396 1540 SSDPSRV - ok 20:27:42.0427 1540 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:27:42.0427 1540 SstpSvc - ok 20:27:42.0474 1540 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 20:27:42.0489 1540 stisvc - ok 20:27:42.0552 1540 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe 20:27:42.0552 1540 stllssvr - ok 20:27:42.0583 1540 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:27:42.0583 1540 swenum - ok 20:27:42.0614 1540 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 20:27:42.0630 1540 swprv - ok 20:27:42.0645 1540 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 20:27:42.0645 1540 Symc8xx - ok 20:27:42.0661 1540 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 20:27:42.0661 1540 Sym_hi - ok 20:27:42.0692 1540 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 20:27:42.0692 1540 Sym_u3 - ok 20:27:42.0723 1540 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:27:42.0723 1540 TabletInputService - ok 20:27:42.0755 1540 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:27:42.0770 1540 TapiSrv - ok 20:27:42.0801 1540 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 20:27:42.0801 1540 TBS - ok 20:27:42.0864 1540 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:27:42.0864 1540 Tcpip - ok 20:27:42.0895 1540 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 20:27:42.0911 1540 Tcpip6 - ok 20:27:42.0942 1540 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:27:42.0957 1540 tcpipreg - ok 20:27:42.0973 1540 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:27:42.0973 1540 TDPIPE - ok 20:27:42.0989 1540 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:27:42.0989 1540 TDTCP - ok 20:27:43.0020 1540 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:27:43.0020 1540 tdx - ok 20:27:43.0067 1540 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:27:43.0067 1540 TermDD - ok 20:27:43.0098 1540 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 20:27:43.0113 1540 TermService - ok 20:27:43.0129 1540 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 20:27:43.0129 1540 Themes - ok 20:27:43.0145 1540 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 20:27:43.0145 1540 THREADORDER - ok 20:27:43.0223 1540 [ 0407143F2BBC1A5DD5B518AC0704FCBF ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe 20:27:43.0223 1540 TomTomHOMEService - ok 20:27:43.0254 1540 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 20:27:43.0254 1540 TrkWks - ok 20:27:43.0316 1540 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:27:43.0316 1540 TrustedInstaller - ok 20:27:43.0332 1540 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:27:43.0332 1540 tssecsrv - ok 20:27:43.0363 1540 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 20:27:43.0363 1540 tunmp - ok 20:27:43.0394 1540 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:27:43.0410 1540 tunnel - ok 20:27:43.0410 1540 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:27:43.0410 1540 uagp35 - ok 20:27:43.0457 1540 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:27:43.0457 1540 udfs - ok 20:27:43.0488 1540 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:27:43.0488 1540 UI0Detect - ok 20:27:43.0503 1540 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:27:43.0503 1540 uliagpkx - ok 20:27:43.0535 1540 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 20:27:43.0535 1540 uliahci - ok 20:27:43.0566 1540 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 20:27:43.0566 1540 UlSata - ok 20:27:43.0581 1540 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 20:27:43.0581 1540 ulsata2 - ok 20:27:43.0613 1540 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:27:43.0613 1540 umbus - ok 20:27:43.0659 1540 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 20:27:43.0659 1540 USBAAPL - ok 20:27:43.0706 1540 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:27:43.0706 1540 usbccgp - ok 20:27:43.0722 1540 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:27:43.0722 1540 usbcir - ok 20:27:43.0753 1540 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 20:27:43.0753 1540 usbehci - ok 20:27:43.0753 1540 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:27:43.0753 1540 usbhub - ok 20:27:43.0784 1540 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:27:43.0784 1540 usbohci - ok 20:27:43.0815 1540 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:27:43.0815 1540 usbprint - ok 20:27:43.0847 1540 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:27:43.0847 1540 usbscan - ok 20:27:43.0893 1540 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:27:43.0893 1540 USBSTOR - ok 20:27:43.0893 1540 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 20:27:43.0893 1540 usbuhci - ok 20:27:43.0940 1540 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 20:27:43.0940 1540 UxSms - ok 20:27:43.0987 1540 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 20:27:43.0987 1540 vds - ok 20:27:44.0018 1540 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:27:44.0018 1540 vga - ok 20:27:44.0049 1540 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 20:27:44.0049 1540 VgaSave - ok 20:27:44.0065 1540 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 20:27:44.0065 1540 viaagp - ok 20:27:44.0081 1540 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 20:27:44.0081 1540 ViaC7 - ok 20:27:44.0096 1540 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 20:27:44.0096 1540 viaide - ok 20:27:44.0112 1540 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:27:44.0112 1540 volmgr - ok 20:27:44.0174 1540 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:27:44.0174 1540 volmgrx - ok 20:27:44.0221 1540 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:27:44.0221 1540 volsnap - ok 20:27:44.0237 1540 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:27:44.0237 1540 vsmraid - ok 20:27:44.0268 1540 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 20:27:44.0315 1540 VSS - ok 20:27:44.0361 1540 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 20:27:44.0361 1540 W32Time - ok 20:27:44.0377 1540 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:27:44.0377 1540 WacomPen - ok 20:27:44.0408 1540 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 20:27:44.0408 1540 Wanarp - ok 20:27:44.0408 1540 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:27:44.0408 1540 Wanarpv6 - ok 20:27:44.0424 1540 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 20:27:44.0424 1540 Wd - ok 20:27:44.0439 1540 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:27:44.0455 1540 Wdf01000 - ok 20:27:44.0471 1540 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:27:44.0471 1540 WdiServiceHost - ok 20:27:44.0471 1540 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:27:44.0486 1540 WdiSystemHost - ok 20:27:44.0533 1540 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:27:44.0533 1540 Wecsvc - ok 20:27:44.0533 1540 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:27:44.0533 1540 wercplsupport - ok 20:27:44.0580 1540 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 20:27:44.0580 1540 WerSvc - ok 20:27:44.0627 1540 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 20:27:44.0642 1540 WinDefend - ok 20:27:44.0658 1540 WinHttpAutoProxySvc - ok 20:27:44.0705 1540 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:27:44.0720 1540 Winmgmt - ok 20:27:44.0783 1540 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 20:27:44.0814 1540 WinRM - ok 20:27:44.0861 1540 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 20:27:44.0861 1540 Wlansvc - ok 20:27:44.0923 1540 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:27:44.0954 1540 wlidsvc - ok 20:27:45.0001 1540 [ 84A90F13EEBF4380345EF9474D30F10E ] WmBEnum C:\Windows\system32\drivers\WmBEnum.sys 20:27:45.0001 1540 WmBEnum - ok 20:27:45.0063 1540 [ EB0034AC02A44DC784A3174D2B81E764 ] WmFilter C:\Windows\system32\drivers\WmFilter.sys 20:27:45.0063 1540 WmFilter - ok 20:27:45.0079 1540 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:27:45.0079 1540 WmiAcpi - ok 20:27:45.0126 1540 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:27:45.0126 1540 wmiApSrv - ok 20:27:45.0188 1540 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 20:27:45.0204 1540 WMPNetworkSvc - ok 20:27:45.0251 1540 [ 72C4F5A748C74D8D4016CCFA7367210F ] WmVirHid C:\Windows\system32\drivers\WmVirHid.sys 20:27:45.0251 1540 WmVirHid - ok 20:27:45.0297 1540 [ EACDCCED934A185E61CE0684F71C2DEC ] WmXlCore C:\Windows\system32\drivers\WmXlCore.sys 20:27:45.0297 1540 WmXlCore - ok 20:27:45.0344 1540 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:27:45.0344 1540 WPCSvc - ok 20:27:45.0391 1540 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys 20:27:45.0391 1540 WpdUsb - ok 20:27:45.0531 1540 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:27:45.0547 1540 WPFFontCache_v0400 - ok 20:27:45.0563 1540 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:27:45.0563 1540 ws2ifsl - ok 20:27:45.0594 1540 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll 20:27:45.0594 1540 wscsvc - ok 20:27:45.0656 1540 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 20:27:45.0656 1540 WSDPrintDevice - ok 20:27:45.0656 1540 WSearch - ok 20:27:45.0734 1540 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 20:27:45.0781 1540 wuauserv - ok 20:27:45.0797 1540 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:27:45.0797 1540 WUDFRd - ok 20:27:45.0812 1540 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:27:45.0828 1540 wudfsvc - ok 20:27:45.0843 1540 ================ Scan global =============================== 20:27:45.0859 1540 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 20:27:45.0921 1540 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 20:27:45.0953 1540 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 20:27:45.0999 1540 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 20:27:45.0999 1540 [Global] - ok 20:27:45.0999 1540 ================ Scan MBR ================================== 20:27:46.0031 1540 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 20:27:46.0171 1540 \Device\Harddisk0\DR0 - ok 20:27:46.0171 1540 ================ Scan VBR ================================== 20:27:46.0187 1540 [ E9B3CEC60B665EC7C67F9F7E5C1488EC ] \Device\Harddisk0\DR0\Partition1 20:27:46.0187 1540 \Device\Harddisk0\DR0\Partition1 - ok 20:27:46.0187 1540 [ 2A6BC79E88D66692B15671CABCFECD78 ] \Device\Harddisk0\DR0\Partition2 20:27:46.0187 1540 \Device\Harddisk0\DR0\Partition2 - ok 20:27:46.0187 1540 ============================================================ 20:27:46.0187 1540 Scan finished 20:27:46.0187 1540 ============================================================ 20:27:46.0202 1424 Detected object count: 0 20:27:46.0202 1424 Actual detected object count: 0 20:29:55.0838 1380 Deinitialize success Here is the report from aswMBR: aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-02 20:30:02 ----------------------------- 20:30:02.016 OS Version: Windows 6.0.6002 Service Pack 2 20:30:02.016 Number of processors: 4 586 0xF0B 20:30:02.016 ComputerName: HOWELL-PC UserName: Brian 20:30:17.132 Initialize success 20:31:50.841 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 20:31:50.857 Disk 0 Vendor: ST3500630AS 3.ADJ Size: 476940MB BusType: 3 20:31:50.873 Disk 0 MBR read successfully 20:31:50.873 Disk 0 MBR scan 20:31:50.873 Disk 0 Windows VISTA default MBR code 20:31:50.888 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63 20:31:50.888 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640 20:31:50.904 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 466644 MB offset 21084160 20:31:50.904 Disk 0 scanning sectors +976771072 20:31:50.966 Disk 0 scanning C:\Windows\system32\drivers 20:31:57.893 Service scanning 20:32:11.511 Modules scanning 20:32:15.271 Disk 0 trace - called modules: 20:32:15.287 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 20:32:15.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863339d8] 20:32:15.302 3 CLASSPNP.SYS[8b9a08b3] -> nt!IofCallDriver -> [0x86167898] 20:32:15.318 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86175b98] 20:32:15.318 Scan finished successfully 20:32:39.685 Disk 0 MBR has been saved successfully to "C:\Users\Brian\Desktop\MBR.dat" 20:32:39.701 The log file has been saved successfully to "C:\Users\Brian\Desktop\aswMBR.txt"

Gringo, I am preparing to start these two processes, however please note that my PC is in safe mode and I do not have a connection to the internet (still says "The specified service does not exist as an installed service") If this is an issue let me know. Will post the logs soon.

Hi Gringo, I have done as you instructed, however I am curious of how long the Combofix scan should take? It has been running now for about 2.5 hours. Is this typical? The PC is in safe mode and the screen says that it is scanning for infected files, and occasionally you can hear the fan on my processor speeding up, and I can hear the hard drive grinding away, so I assume this is normal, but would like your advise if this is not the case.

Gringo, thanks for your assistance. I have followed your instructions and below you will find the reports you requested. I have run the three programs you suggested with my PC in Safe mode, and have not tried to start my PC in normal mode, and will wait to attempt that until you direct me to do so. Here is the log file generated by SecurityCheck: Results of screen317's Security Check version 0.99.56 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Update 5 Java 6 Update 5 Java version out of Date! Adobe Reader 8 Adobe Reader out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log`````````````````````` Here is the report from adwcleaner: # AdwCleaner v2.010 - Logfile created 12/02/2012 at 15:50:44 # Updated 29/11/2012 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Brian - HOWELL-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Brian\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Brian\AppData\Local\funmoods-speeddial.crx File Deleted : C:\Users\Michelle\AppData\Local\Temp\Uninstall.exe File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\Windows\system32\conduitEngine.tmp Folder Deleted : C:\Program Files\Common Files\FreeCause Folder Deleted : C:\Program Files\Free Offers from Freeze.com Folder Deleted : C:\Program Files\vGrabber Folder Deleted : C:\Program Files\v-Grabber Folder Deleted : C:\Users\Brian\AppData\Local\Conduit Folder Deleted : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Folder Deleted : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj Folder Deleted : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jimmegiofifickhcnpbllambfpmadfof Folder Deleted : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Folder Deleted : C:\Users\Brian\AppData\Local\Wajam Folder Deleted : C:\Users\Brian\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Brian\AppData\LocalLow\Funmoods Folder Deleted : C:\Users\Brian\AppData\LocalLow\vGrabber Folder Deleted : C:\Users\Michelle\AppData\Local\Conduit Folder Deleted : C:\Users\Michelle\AppData\Local\Temp\AskSearch Folder Deleted : C:\Users\Michelle\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Michelle\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\Michelle\AppData\LocalLow\PriceGong ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Compete Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Freecause Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\Vgrabber Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vgrabber Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBAD2F6E-E013-4789-A7E4-9D24DB6701C8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.FCTB000100565Pos.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.FCTB000100567Pos.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3057722 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3059010 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967} Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1 Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jimmegiofifickhcnpbllambfpmadfof Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70D252A9-B2CC-4490-AC61-5124680EF58F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDE3333-1C28-44D8-A421-135ED21FE5B5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FBAD2F6E-E013-4789-A7E4-9D24DB6701C8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vgrabber Toolbar Key Deleted : HKLM\Software\Vgrabber Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzyyDtBzztAtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=894483779 --> hxxp://www.google.com -\\ Google Chrome v [unable to get version] File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.5] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&[...] Deleted [l.388] : homepage = "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0Ey[...] Deleted [l.615] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyE[...] File : C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [10463 octets] - [02/12/2012 15:50:44] ########## EOF - C:\AdwCleaner[s1].txt - [10524 octets] ########## Here is the report from RogueKiller: RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Safe mode with network support User : Brian [Admin rights] Mode : Remove -- Date : 12/02/2012 15:58:35 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\Users\Default\NTUSER.DAT ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] 9d1474bed684d6fd5959828bc9d9292b [bSP] f447cd3dc644cd931fe7f4d39e641310 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 466644 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_12022012_02d1558.txt >> RKreport[1]_S_12022012_02d1558.txt ; RKreport[2]_D_12022012_02d1558.txt

I have a Dell Inspiron 530 Desktop PC with Intel Core 2 Quad Q6600 2.4GHz processor, with 4GB Ram and 32 bit operating system (Windows Vista). All of a sudden it will not connect to my home network, and even something as simple as the audio features are not working. Whenever I try to start any program I get the nasty message that reads "The specified service does not exist as an installed service". daledoc1 on this forum, asked that I start this post and place the attach.txt and dds.txt log files here to allow the Malwarebytes removal forum to assist me in removing this from my PC. I have also downloaded the free version on Malwarebytes onto my broken PC and ran a scan and have attached the log file from this scan. It found 41 malicious items and I chose to remove all of those. I hope that was the right thing to do, but after reading other posts on the forum I now realize that this may not have been the right procedure, but its too late now. I hope these logs provide some insight into what is causing this issue with my PC and I look forward to some advise on how to remedy this situation. Here is 1st log is the log from the scan by Malwarebytes: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.09.29.05 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Brian :: HOWELL-PC [administrator] 12/1/2012 9:20:56 PM mbam-log-2012-12-02 (06-46-09).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 626351 Time elapsed: 1 hour(s), 50 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 32 HKCR\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> No action taken. HKCR\PlayPickleText.Linker.1 (PUP.Magoo) -> No action taken. HKCR\PlayPickleText.Linker (PUP.Magoo) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken. HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken. HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken. HKCR\f (PUP.Funmoods) -> No action taken. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011 (Rogue.SmartInternetProtection2011) -> No action taken. Files Detected: 14 C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$R2ZJVUS.exe (PUP.Bundle.Installer.OI) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RG20RZP.exe (PUP.Bundle.Installer.OI) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$ROVWTZD.exe (PUP.AdBundle) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RULKNGC.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RXIW3ZL.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RP7OB5D\gimp_freely.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> No action taken. C:\Users\Michelle\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> No action taken. C:\Users\Michelle\AppData\Local\Temp\~!#8204.tmp (Trojan.Agent.MRGGen) -> No action taken. C:\Users\Brian\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken. C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken. C:\Users\Brian\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken. C:\Users\Brian\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken. C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011\Instructions.ini (Rogue.SmartInternetProtection2011) -> No action taken. (end) Here is the second log file from Malwarebytes after threat removal: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.09.29.05 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Brian :: HOWELL-PC [administrator] 12/1/2012 9:20:56 PM mbam-log-2012-12-01 (21-20-56).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 626351 Time elapsed: 1 hour(s), 50 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 32 HKCR\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully. HKCR\PlayPickleText.Linker.1 (PUP.Magoo) -> Quarantined and deleted successfully. HKCR\PlayPickleText.Linker (PUP.Magoo) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011 (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully. Files Detected: 14 C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$R2ZJVUS.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RG20RZP.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$ROVWTZD.exe (PUP.AdBundle) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RULKNGC.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RXIW3ZL.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RP7OB5D\gimp_freely.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully. C:\Users\Michelle\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. C:\Users\Michelle\AppData\Local\Temp\~!#8204.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. C:\Users\Brian\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\Brian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\Brian\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011\Instructions.ini (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully. (end) Here is the attach.txt log file: DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 9/3/2008 9:18:08 AM System Uptime: 11/27/2012 10:13:09 PM (72 hours ago) . Motherboard: Dell Inc. | | 0FM586 Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 185.544 GiB free. D: is FIXED (NTFS) - 10 GiB total, 3.883 GiB free. E: is CDROM (UDF) F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (NTFS) - 932 GiB total, 917.702 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Ace of Spades Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 8.1.3 Adobe Shockwave Player 11.6 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaImpression HD Edition ATI Catalyst Control Center AudibleManager Banctec Service Agreement Bing Rewards Client Installer Bonjour Brother HL-5370DW Browser Address Error Redirector BufferChm Canon Utilities My Printer Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Spanish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Polish CCC Help Portuguese CCC Help Spanish CCC Help Thai CCC Help Turkish CDDRV_Installer Cisco WebEx Meetings Convert AVI to MP4 1.3 Creative MediaSource 5 Creative System Information Creative ZEN D110 Dell-eBay Dell Best of Web Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Destinations DeviceDiscovery doPDF 7.2 printer Dropbox EDocs Google Desktop GoToAssist Corporate GPBaseService2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPAppStudio HPPhotoGadget HPProductAssistant HPSSupply iCloud Infinisource Payroll Smart Client Intel® PRO Network Connections 12.1.11.0 iTunes Java 6 Update 5 Java 7 Update 5 KhalInstallWrapper LEGO Digital Designer Logitech Gaming Software 5.08 Logitech SetPoint MarketResearch McAfee Security Scan Plus McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Flight Simulator X Microsoft IntelliPoint 6.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access 2007 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Network OGA Notifier 2.0.0048.0 PriorityPayW PS_AIO_07_D110_SW_Min QuickTime QuickTransfer Realtek High Definition Audio Driver ROBLOX Player for Brian Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Safari Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Shared C Run-time for x86 Shop for HP Supplies Skins SmartWebPrinting SolutionCenter Sound Blaster Audigy ADVANCED MB Spelling Dictionaries Support For Adobe Reader 8 Status swMSM TomTom HOME TomTom HOME Visual Studio Merge Modules Toolbox TrayApp Unity Web Player (All users) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Vgrabber Toolbar WatchGuard Mobile VPN WebReg West Point Bridge Designer 2012 (2nd Edition) (remove only) Windows Live ID Sign-in Assistant ZENcast Organizer . ==== End Of File =========================== Here is the DDS.txt log file: DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.0 Run by Brian at 22:49:46 on 2012-11-30 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2544 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\System32\Notepad.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService . ============== Pseudo HJT Report =============== . uStart Page = hxxp://portal.wowway.net/ uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903 mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzyyDtBzztAtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=894483779 uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll uURLSearchHooks: <No Name>: - LocalServer32 - <no file> uURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll mURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Play Pickle Text: {02F0243C-2E71-4a1a-A790-6C30888119D0} - BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120625224653.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Shop to Win: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: Shop to Win: {EE146ACC-D881-1414-2148-B1D008B47ADB} - BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Vgrabber Toolbar: {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - c:\program files\vgrabber\prxtbVgra.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{8EBEBF83-F912-464C-9D2A-920FA57F7B44} : DHCPNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-3 554048] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-5 206784] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-5 168368] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-5 166320] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-5 60480] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-5 360792] R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520] S1 ncpfilt;WatchGuard Filter;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-5 200816] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-1 146872] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-3 230224] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-3 61912] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-5 92192] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-3 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-3 40552] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048] S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-3 30192] S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-5 95200] S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.287\McCHSvc.exe [2012-9-11 234776] S4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784] S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784] S4 ncpclcfg;ncpclcfg;c:\program files\watchguard\mobile vpn\ncpclcfg.exe [2009-3-13 81920] S4 ncprwsnt;ncprwsnt;c:\program files\watchguard\mobile vpn\NCPRWSNT.EXE [2009-3-13 1036296] S4 NcpSec;NcpSec;c:\program files\watchguard\mobile vpn\NCPSEC.EXE [2009-3-13 45056] S4 rwsrsu;RwsRsu;c:\program files\watchguard\mobile vpn\rwsrsu.exe [2009-1-13 266240] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632] . =============== Created Last 30 ================ . 2012-11-28 03:05:24 -------- d-----w- c:\windows\pss 2012-11-14 11:57:59 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-14 11:57:38 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2012-11-10 22:06:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-11-08 22:55:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-08 22:55:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll . ============= FINISH: 22:50:16.24 =============== I have a Dell Inspiron 530 Desktop PC with Intel Core 2 Quad Q6600 2.4GHz processor, with 4GB Ram and 32 bit operating system (Windows Vista). All of a sudden it will not connect to my home network, and even something as simple as the audio features are not working. Whenever I try to start any program I get the nasty message that reads "The specified service does not exist as an installed service". daledoc1 on this forum, asked that I start this post and place the attach.txt and dds.txt log files here to allow the Malwarebytes removal forum to assist me in removing this from my PC. I have also downloaded the free version on Malwarebytes onto my broken PC and ran a scan and have attached the log file from this scan. It found 41 malicious items and I chose to remove all of those. I hope that was the right thing to do, but after reading other posts on the forum I now realize that this may not have been the right procedure, but its too late now. I hope these logs provide some insight into what is causing this issue with my PC and I look forward to some advise on how to remedy this situation. Here is 1st log is the log from the scan by Malwarebytes: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.09.29.05 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Brian :: HOWELL-PC [administrator] 12/1/2012 9:20:56 PM mbam-log-2012-12-02 (06-46-09).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 626351 Time elapsed: 1 hour(s), 50 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 32 HKCR\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> No action taken. HKCR\PlayPickleText.Linker.1 (PUP.Magoo) -> No action taken. HKCR\PlayPickleText.Linker (PUP.Magoo) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> No action taken. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken. HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken. HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken. HKCR\f (PUP.Funmoods) -> No action taken. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> No action taken. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> No action taken. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> No action taken. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011 (Rogue.SmartInternetProtection2011) -> No action taken. Files Detected: 14 C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$R2ZJVUS.exe (PUP.Bundle.Installer.OI) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RG20RZP.exe (PUP.Bundle.Installer.OI) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$ROVWTZD.exe (PUP.AdBundle) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RULKNGC.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RXIW3ZL.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RP7OB5D\gimp_freely.exe (PUP.BundleOffers.IIQ) -> No action taken. C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> No action taken. C:\Users\Michelle\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> No action taken. C:\Users\Michelle\AppData\Local\Temp\~!#8204.tmp (Trojan.Agent.MRGGen) -> No action taken. C:\Users\Brian\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken. C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> No action taken. C:\Users\Brian\AppData\Local\funmoods.crx (PUP.Funmoods) -> No action taken. C:\Users\Brian\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> No action taken. C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011\Instructions.ini (Rogue.SmartInternetProtection2011) -> No action taken. (end) Here is the second log file from Malwarebytes: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.09.29.05 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Brian :: HOWELL-PC [administrator] 12/1/2012 9:20:56 PM mbam-log-2012-12-01 (21-20-56).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 626351 Time elapsed: 1 hour(s), 50 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 32 HKCR\CLSID\{02F0243C-2E71-4a1a-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully. HKCR\PlayPickleText.Linker.1 (PUP.Magoo) -> Quarantined and deleted successfully. HKCR\PlayPickleText.Linker (PUP.Magoo) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02F0243C-2E71-4A1A-A790-6C30888119D0} (PUP.Magoo) -> Quarantined and deleted successfully. HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully. HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011 (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully. Files Detected: 14 C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$R2ZJVUS.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RG20RZP.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$ROVWTZD.exe (PUP.AdBundle) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RULKNGC.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RXIW3ZL.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-3893912771-293447690-4005701847-1000\$RP7OB5D\gimp_freely.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\Program Files\v-Grabber\Uninstall.exe (PUP.BundleInstaller.VG) -> Quarantined and deleted successfully. C:\Users\Michelle\AppData\Local\Temp\msimg32.dll (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. C:\Users\Michelle\AppData\Local\Temp\~!#8204.tmp (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. C:\Users\Brian\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\Brian\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\Brian\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully. C:\Users\Michelle\AppData\Roaming\Smart Internet Protection 2011\Instructions.ini (Rogue.SmartInternetProtection2011) -> Quarantined and deleted successfully. (end) Here is the attach.txt log file: DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 9/3/2008 9:18:08 AM System Uptime: 11/27/2012 10:13:09 PM (72 hours ago) . Motherboard: Dell Inc. | | 0FM586 Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 185.544 GiB free. D: is FIXED (NTFS) - 10 GiB total, 3.883 GiB free. E: is CDROM (UDF) F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (NTFS) - 932 GiB total, 917.702 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Ace of Spades Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 8.1.3 Adobe Shockwave Player 11.6 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaImpression HD Edition ATI Catalyst Control Center AudibleManager Banctec Service Agreement Bing Rewards Client Installer Bonjour Brother HL-5370DW Browser Address Error Redirector BufferChm Canon Utilities My Printer Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Spanish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Polish CCC Help Portuguese CCC Help Spanish CCC Help Thai CCC Help Turkish CDDRV_Installer Cisco WebEx Meetings Convert AVI to MP4 1.3 Creative MediaSource 5 Creative System Information Creative ZEN D110 Dell-eBay Dell Best of Web Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Destinations DeviceDiscovery doPDF 7.2 printer Dropbox EDocs Google Desktop GoToAssist Corporate GPBaseService2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPAppStudio HPPhotoGadget HPProductAssistant HPSSupply iCloud Infinisource Payroll Smart Client Intel® PRO Network Connections 12.1.11.0 iTunes Java 6 Update 5 Java 7 Update 5 KhalInstallWrapper LEGO Digital Designer Logitech Gaming Software 5.08 Logitech SetPoint MarketResearch McAfee Security Scan Plus McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Flight Simulator X Microsoft IntelliPoint 6.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access 2007 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Network OGA Notifier 2.0.0048.0 PriorityPayW PS_AIO_07_D110_SW_Min QuickTime QuickTransfer Realtek High Definition Audio Driver ROBLOX Player for Brian Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Safari Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Shared C Run-time for x86 Shop for HP Supplies Skins SmartWebPrinting SolutionCenter Sound Blaster Audigy ADVANCED MB Spelling Dictionaries Support For Adobe Reader 8 Status swMSM TomTom HOME TomTom HOME Visual Studio Merge Modules Toolbox TrayApp Unity Web Player (All users) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Vgrabber Toolbar WatchGuard Mobile VPN WebReg West Point Bridge Designer 2012 (2nd Edition) (remove only) Windows Live ID Sign-in Assistant ZENcast Organizer . ==== End Of File =========================== Here is the DDS.txt log file: DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.0 Run by Brian at 22:49:46 on 2012-11-30 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2544 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\System32\Notepad.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService . ============== Pseudo HJT Report =============== . uStart Page = hxxp://portal.wowway.net/ uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903 mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzyyDtBzztAtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=894483779 uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll uURLSearchHooks: <No Name>: - LocalServer32 - <no file> uURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll mURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Play Pickle Text: {02F0243C-2E71-4a1a-A790-6C30888119D0} - BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120625224653.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Shop to Win: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: Shop to Win: {EE146ACC-D881-1414-2148-B1D008B47ADB} - BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Vgrabber Toolbar: {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - c:\program files\vgrabber\prxtbVgra.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{8EBEBF83-F912-464C-9D2A-920FA57F7B44} : DHCPNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-3 554048] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-5 206784] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-5 168368] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-5 166320] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-5 60480] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-5 360792] R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520] S1 ncpfilt;WatchGuard Filter;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-5 200816] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-1 146872] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-3 230224] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-3 61912] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-5 92192] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-3 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-3 40552] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048] S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-3 30192] S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-5 95200] S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.287\McCHSvc.exe [2012-9-11 234776] S4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784] S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784] S4 ncpclcfg;ncpclcfg;c:\program files\watchguard\mobile vpn\ncpclcfg.exe [2009-3-13 81920] S4 ncprwsnt;ncprwsnt;c:\program files\watchguard\mobile vpn\NCPRWSNT.EXE [2009-3-13 1036296] S4 NcpSec;NcpSec;c:\program files\watchguard\mobile vpn\NCPSEC.EXE [2009-3-13 45056] S4 rwsrsu;RwsRsu;c:\program files\watchguard\mobile vpn\rwsrsu.exe [2009-1-13 266240] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632] . =============== Created Last 30 ================ . 2012-11-28 03:05:24 -------- d-----w- c:\windows\pss 2012-11-14 11:57:59 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-14 11:57:38 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2012-11-10 22:06:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-11-08 22:55:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-08 22:55:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll . ============= FINISH: 22:50:16.24 ===============

I have a Dell inspiron 530 Desktop PC with Intel Core 2 Quad Q6600 2.4GHz processor, with 4GB Ram and 32 bit operating system (Windows Vista). All of a sudden it will not connect to my home network, and even something as simple as the audio features are not working. Whenever I try to start any program I get the nasty message that reads "The specified service does not exist as an installed service". I have read other posts on this forum (reference post from user "AllanGay" dated June 21, 2012) and it seems that several others are having the same problems. I have started my PC in safe mode and I followed the advice from Mr. Maurice Nagger who was directing user "AllanGay" in the forum on how to start the process. The steps I have taken thus far include running the "Rkill.com" program (log file attached below), running the "unhide.exe" program, and lastly running the "dds.scr" tool, and below I have attached the attach.txt as well as the dds.txt files that it generated. I am hopeful that Mr. Naggar or another experienced person from Malwarebytes can help me rid my PC of this problem and gain control of my PC again. While I wait for a return reply and directions on how to proceed, I will be trying to move some of my important files onto a USB memory device, in the event I have to do the fatefull hard disk reformat and start over from scratch with this PC. Still holding out some small glimmer of hope that it can be revived from the grasps of whatever this problem might be. Below is the text file from Rkill Rkill 2.4.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 11/30/2012 10:03:12 PM in x86 mode. Windows Version: Windows Vista Home Premium Service Pack 2 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000 Checking Windows Service Integrity: * DHCP Client (Dhcp) is not Running. Startup Type set to: Automatic * DHCP Client (Dnscache) is not Running. Startup Type set to: Automatic * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * COM+ Event System (RpcSs) is not Running. Startup Type set to: Automatic * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * Appinfo [Missing Service] * BFE [Missing Service] * IPBusEnum [Missing Service] * iphlpsvc [Missing Service] * MpsSvc [Missing Service] * Netman [Missing Service] * netprofm [Missing Service] * nsi [Missing Service] * PlugPlay [Missing Service] * QWAVE [Missing Service] * seclogon [Missing Service] * SENS [Missing Service] * SessionEnv [Missing Service] * SLUINotify [Missing Service] * SysMain [Missing Service] * upnphost [Missing Service] * wcncsvc [Missing Service] * WcsPlugInService [Missing Service] * WinDefend [Missing Service] * WinHttpAutoProxySvc [Missing Service] * wscsvc [Missing Service] * wuauserv [Missing Service] * Dnscache [Missing ImagePath] * WebClient [Missing Parameters Key] * WPDBusEnum [Missing Parameters Key] Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhost Program finished at: 11/30/2012 10:03:22 PM Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s) Here is the txt file from attach.txt. DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume3 Install Date: 9/3/2008 9:18:08 AM System Uptime: 11/27/2012 10:13:09 PM (72 hours ago) . Motherboard: Dell Inc. | | 0FM586 Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 456 GiB total, 185.544 GiB free. D: is FIXED (NTFS) - 10 GiB total, 3.883 GiB free. E: is CDROM (UDF) F: is Removable G: is Removable H: is Removable I: is Removable J: is FIXED (NTFS) - 932 GiB total, 917.702 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 32 Bit HP CIO Components Installer Ace of Spades Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 8.1.3 Adobe Shockwave Player 11.6 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft MediaImpression HD Edition ATI Catalyst Control Center AudibleManager Banctec Service Agreement Bing Rewards Client Installer Bonjour Brother HL-5370DW Browser Address Error Redirector BufferChm Canon Utilities My Printer Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Spanish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help English CCC Help French CCC Help German CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Polish CCC Help Portuguese CCC Help Spanish CCC Help Thai CCC Help Turkish CDDRV_Installer Cisco WebEx Meetings Convert AVI to MP4 1.3 Creative MediaSource 5 Creative System Information Creative ZEN D110 Dell-eBay Dell Best of Web Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Destinations DeviceDiscovery doPDF 7.2 printer Dropbox EDocs Google Desktop GoToAssist Corporate GPBaseService2 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photo Creations HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HPAppStudio HPPhotoGadget HPProductAssistant HPSSupply iCloud Infinisource Payroll Smart Client Intel® PRO Network Connections 12.1.11.0 iTunes Java 6 Update 5 Java 7 Update 5 KhalInstallWrapper LEGO Digital Designer Logitech Gaming Software 5.08 Logitech SetPoint MarketResearch McAfee Security Scan Plus McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Default Manager Microsoft Flight Simulator X Microsoft IntelliPoint 6.1 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access 2007 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MobileMe Control Panel MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Network OGA Notifier 2.0.0048.0 PriorityPayW PS_AIO_07_D110_SW_Min QuickTime QuickTransfer Realtek High Definition Audio Driver ROBLOX Player for Brian Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Safari Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Shared C Run-time for x86 Shop for HP Supplies Skins SmartWebPrinting SolutionCenter Sound Blaster Audigy ADVANCED MB Spelling Dictionaries Support For Adobe Reader 8 Status swMSM TomTom HOME TomTom HOME Visual Studio Merge Modules Toolbox TrayApp Unity Web Player (All users) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Vgrabber Toolbar WatchGuard Mobile VPN WebReg West Point Bridge Designer 2012 (2nd Edition) (remove only) Windows Live ID Sign-in Assistant ZENcast Organizer . ==== End Of File =========================== Finally here is the text file from dds.txtDDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.0 Run by Brian at 22:49:46 on 2012-11-30 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2544 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Windows\System32\Notepad.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService . ============== Pseudo HJT Report =============== . uStart Page = hxxp://portal.wowway.net/ uWindow Title = Internet Explorer provided by Dell uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903 mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzyyDtBzztAtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=894483779 uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll uURLSearchHooks: <No Name>: - LocalServer32 - <no file> uURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll mURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll mWinlogon: Userinit = userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: Play Pickle Text: {02F0243C-2E71-4a1a-A790-6C30888119D0} - BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120625224653.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Shop to Win: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} - BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll BHO: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: Shop to Win: {EE146ACC-D881-1414-2148-B1D008B47ADB} - BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Vgrabber Toolbar: {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - c:\program files\vgrabber\prxtbVgra.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll TB: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dll TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{8EBEBF83-F912-464C-9D2A-920FA57F7B44} : DHCPNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll AppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLL LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-3 554048] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-5 206784] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-5 168368] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-5 166320] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-5 60480] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-5 360792] R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520] S1 ncpfilt;WatchGuard Filter;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-5 200816] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-1 146872] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-3 230224] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-3 61912] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-5 92192] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-3 34248] S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-3 40552] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048] S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-3 30192] S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-5 95200] S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.287\McCHSvc.exe [2012-9-11 234776] S4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784] S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784] S4 ncpclcfg;ncpclcfg;c:\program files\watchguard\mobile vpn\ncpclcfg.exe [2009-3-13 81920] S4 ncprwsnt;ncprwsnt;c:\program files\watchguard\mobile vpn\NCPRWSNT.EXE [2009-3-13 1036296] S4 NcpSec;NcpSec;c:\program files\watchguard\mobile vpn\NCPSEC.EXE [2009-3-13 45056] S4 rwsrsu;RwsRsu;c:\program files\watchguard\mobile vpn\rwsrsu.exe [2009-1-13 266240] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632] . =============== Created Last 30 ================ . 2012-11-28 03:05:24 -------- d-----w- c:\windows\pss 2012-11-14 11:57:59 75776 ----a-w- c:\windows\system32\synceng.dll 2012-11-14 11:57:38 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2012-11-10 22:06:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll . ==================== Find3M ==================== . 2012-11-08 22:55:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-08 22:55:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll . ============= FINISH: 22:50:16.24 ===============