Schrodinger Posted August 14, 2012 ID:584821 Share Posted August 14, 2012 Greetings all.I too have been infected with a lovely little virus that gives me the message, "The specified service does not exist as an installed service".It appears that this started at the same time as windows did it's auto update (despite the fact that I clicked off that option). But regardless, I seem to have one nasty lil bug on my computer now.Reading over the forums, I've seen suggestions for rkill, unhide, dds.scr, etc...Before I attempt these fixes, I wanted to check here first and make sure I'm at least heading down the right path.Some basic info:Windows Vista Home PremiumService Pack 2System:Dell Studio I1735Processor - Intel® Core Duo CPU32-bit Operating SystemI currently have it in windows safe mode with networking. And I have the aforementioned programs saved to a new flash drive.So to all the experts here, I seek your advice. Where do I begin? rkill?, unide? etc...Any info would be greatly appreciated.Schro Link to post Share on other sites More sharing options...
Schrodinger Posted August 14, 2012 Author ID:584837 Share Posted August 14, 2012 I read a bit more from the forum (the main thread regarding 'what to do when infected') and I ran MBAM and DDS.Here are the following reports:DDS.DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32Run by Dayved at 22:08:01 on 2012-08-13Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3581.2691 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\mfevtps.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exec:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\explorer.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\notepad.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uWindow Title = Internet Explorer provided by DelluDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080730uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.localuURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 ToolbarBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120731113802.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exeuRun: [Akamai NetSession Interface] "c:\users\dayved\appdata\local\akamai\netsession_win.exe"mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hidemRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcentermRun: [steelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "c:\program files\steelseries\world of warcraft cataclysm mmo gaming mouse\WoWMHID2.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentStartupFolder: c:\users\dayved\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exemPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabTCP: Interfaces\{76810F3D-6B8E-4152-9F26-ED24600A2F20} : DhcpNameServer = 192.168.1.254Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\dayved\appdata\roaming\mozilla\firefox\profiles\z7euf2t9.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dllFF - plugin: c:\program files\mozilla firefox\plugins\npnisp.dllFF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dllFF - plugin: c:\program files\veetle\player\npvlc.dllFF - plugin: c:\program files\veetle\plugins\npVeetle.dllFF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dllFF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dllFF - plugin: c:\users\dayved\appdata\roaming\mozilla\plugins\npcoolirisplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dllFF - plugin: c:\windows\system32\NPTZDLL.dll.---- FIREFOX POLICIES ----FF - user.js: extensions.BabylonToolbar_i.id - e6f66d79000000000000001fe1bdc9bdFF - user.js: extensions.BabylonToolbar_i.hardId - e6f66d79000000000000001fe1bdc9bdFF - user.js: extensions.BabylonToolbar_i.instlDay - 15437FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:17:08FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylonFF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar_i.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar_i.tlbrId - baseFF - user.js: extensions.BabylonToolbar_i.newTab - falseFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar_i.instlRef - sst.============= SERVICES / DRIVERS ===============.R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-3-25 64048]R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464304]R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-3-25 64912]R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-3-25 169608]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-25 214904]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-3-25 161632]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-3-25 151880]R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-7-30 54784]R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-7-30 203264]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-3-25 340920]S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2012-3-25 54776]S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2009-2-23 34592]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_238116a1\AEstSrv.exe [2008-7-30 73728]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-25 214904]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-25 214904]S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-25 214904]S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-3-25 166288]S2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-4 250056]S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-6 9334784]S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-7-30 29736]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-3-25 57600]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-13 40776]S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-3-25 180848]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-3-25 59456]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-3-25 87656]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-30 34248]S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-30 40552]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-6 113120]S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-7-30 149208]S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-7-30 277624]S3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [2011-11-15 17408]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== File Associations ===============.JSEFile=NOTEPAD.EXE "%1"regfile=NOTEPAD.EXE "%1"scrfile=NOTEPAD.EXE "%1"VBEFile=NOTEPAD.EXE "%1"VBSFile=NOTEPAD.EXE "%1".=============== Created Last 30 ================.2012-08-14 03:02:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2012-08-14 03:02:38 -------- d-----w- c:\users\dayved\appdata\roaming\Malwarebytes2012-08-14 03:02:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-14 03:02:29 -------- d-----w- c:\programdata\Malwarebytes2012-08-14 03:02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-08-13 15:58:50 122880 ----a-w- c:\users\dayved\0.3392739750893189.exe2012-08-10 06:35:48 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{99ec2e76-7ebf-4aeb-ad61-1ba2e8bcba6d}\mpengine.dll.==================== Find3M ====================.2012-08-02 17:50:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-08-02 17:50:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-06-02 01:37:55 74703 ----a-w- c:\windows\system32\mfc45.dll2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe1999-12-02 05:54:58 91648 ----a-w- c:\program files\xcacls.exe2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll.============= FINISH: 22:08:52.56 ===============and the ATTACH info.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume3Install Date: 7/29/2008 6:43:32 PMSystem Uptime: 8/13/2012 8:33:14 PM (2 hours ago).Motherboard: Dell Inc. | | 0YP950Processor: Intel® Core2 Duo CPU T5850 @ 2.16GHz | Microprocessor | 2161/166mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 288 GiB total, 38.159 GiB free.D: is FIXED (NTFS) - 10 GiB total, 5.708 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)32 Bit HP CIO Components InstallerAdobe Flash Player 10 ActiveXAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.3)Adobe Shockwave Player 11Advanced Audio FX EngineAkamai NetSession InterfaceAkamai NetSession Interface ServiceAMD APP SDK RuntimeAMD Catalyst Install ManagerApple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Control CenterBanctec Service AgreementBonjourBrowser Address Error RedirectorBufferChmCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCatalyst Control Center Localization Chinese StandardCatalyst Control Center Localization Chinese TraditionalCatalyst Control Center Localization DanishCatalyst Control Center Localization DutchCatalyst Control Center Localization FinnishCatalyst Control Center Localization FrenchCatalyst Control Center Localization GermanCatalyst Control Center Localization ItalianCatalyst Control Center Localization JapaneseCatalyst Control Center Localization KoreanCatalyst Control Center Localization NorwegianCatalyst Control Center Localization PortugueseCatalyst Control Center Localization RussianCatalyst Control Center Localization SpanishCatalyst Control Center Localization Swedishccc-core-staticccc-utilityCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCleanerCDisplay 1.8Cisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCitrix ICA Web ClientComical 0.8Compatibility Pack for the 2007 Office systemConvertHelper 2.2Core Temp 1.0 RC2CoreAVC Professional Edition (remove only)Curse ClientD110DC Universe Online LiveDell DataSafe OnlineDell DockDell Driver Download ManagerDell Getting Started GuideDell Support Center (Support Software)Dell TouchpadDell Wireless WLAN Card UtilityDestinationsDeviceDiscoveryEDocsEusing Free Registry CleanerFlash Movie Player 1.5Free Window Registry RepairFull Tilt PokerGoogle SketchUp 8GPBaseService2HeartCode PALSHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Customer Participation Program 14.0HP Imaging Device Functions 14.0HP Photo CreationsHP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7HP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPAppStudioHPDiagnosticAlertHPPhotoGadgetHPProductAssistantHPSSupplyIntegrated Webcam Driver (1.00.08.0216) Intel® Matrix Storage ManagerITECIR DriveriTunesJava Auto UpdaterJava 6 Update 32Java 6 Update 5Lexmark 4300 SeriesLock PokerMalwarebytes Anti-Malware version 1.62.0.1300MarketResearchMcAfee Online BackupMcAfee Total ProtectionMediaDirectMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft IntelliPoint 6.2Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft ReaderMicrosoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WorksMozilla Firefox (3.5.6)Mozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMz Game AcceleratorNetworkNovell iPrint Client v05.12.00OGA Notifier 2.0.0048.0PostgreSQL 8.3PS_AIO_07_D110_SW_MinQuickSetQuickTimeQuickTransferRealPlayerScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596880) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597162) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2598041) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2596917) 32-Bit EditionShop for HP SuppliesSkinssmARTupdateSmartWebPrintingSoftonic-Eng7 ToolbarSolutionCenterSpeedFan (remove only)Star Wars: The Old RepublicStatusToolboxTouchFreezeTrayAppUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Veetle TV 0.9.18Ventrilo ClientVideoLAN VLC media player 0.8.6cVista Codec PackageVoiceOver KitWallMasterWebRegWIDCOMM Bluetooth Software 6.1.0.4400Winbasp 5.43Windows Driver Package - SteelSeries (HidUsb) HIDClass (11/19/2010 1.2.4.0)Windows Live ID Sign-in AssistantWindows Media Player Firefox PluginWinRAR archiverWorld of WarcraftWorld of Warcraft®: Cataclysm MMO Gaming Mouse.==== Event Viewer Messages From Past Week ========.8/9/2012 12:15:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.8/9/2012 12:14:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.8/9/2012 12:13:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.8/9/2012 12:13:57 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.8/9/2012 12:11:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.8/9/2012 12:11:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.8/9/2012 12:08:51 PM, Error: EventLog [6008] - The previous system shutdown at 12:06:50 PM on 8/9/2012 was unexpected.8/13/2012 9:54:21 PM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed.8/13/2012 8:57:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}8/13/2012 8:40:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2686827).8/13/2012 8:40:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008 x86 (KB2656368).8/13/2012 8:40:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).8/13/2012 8:40:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office InfoPath 2007 (KB2596786).8/13/2012 8:40:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070641: Security Update for Microsoft Office 2007 suites (KB2596744).8/13/2012 8:37:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}8/13/2012 8:35:58 PM, Error: Microsoft-Windows-TBS [16392] - An error occurred while starting the TBS. The error code was 0x8007000d.8/13/2012 8:35:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: MOBKFilter nipplpt2 spldr Wanarpv68/13/2012 8:35:14 PM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed.8/13/2012 8:35:14 PM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed.8/13/2012 8:35:14 PM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.8/13/2012 8:35:14 PM, Error: Service Control Manager [7003] - The Tablet PC Input Service service depends the following service: PlugPlay. This service might not be installed.8/13/2012 8:35:14 PM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed.8/13/2012 8:35:14 PM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed.8/13/2012 8:35:14 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed.8/13/2012 8:35:14 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 8:35:14 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.8/13/2012 8:35:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 8:34:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}8/13/2012 8:34:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}8/13/2012 8:34:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}8/13/2012 8:33:58 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .8/13/2012 8:33:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}8/13/2012 8:33:26 PM, Error: volmgr [46] - Crash dump initialization failed!8/13/2012 8:26:39 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.8/13/2012 7:01:05 PM, Error: Service Control Manager [7022] - The Human Interface Device Access service hung on starting.8/13/2012 7:00:57 PM, Error: Service Control Manager [7024] - The ReadyBoost service terminated with service-specific error 0 (0x0).8/13/2012 7:00:57 PM, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified.8/13/2012 7:00:57 PM, Error: Service Control Manager [7023] - The Portable Device Enumerator Service service terminated with the following error: The system cannot find the file specified.8/13/2012 7:00:57 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: Operation aborted8/13/2012 7:00:57 PM, Error: Service Control Manager [7003] - The Windows Media Center Extender Service service depends the following service: IPBusEnum. This service might not be installed.8/13/2012 7:00:57 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.8/13/2012 6:59:36 PM, Error: Microsoft-Windows-PrintSpooler [72] - Windows could not initialize printer \\ZENTREE\COL_218_HP4700DTN_1 because the print processor HPZPP5in could not be found. Please obtain and install a new version of the driver from the manufacturer (if available), or choose an alternate driver that works with this print device.8/13/2012 2:51:24 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.8/13/2012 2:49:32 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).8/13/2012 2:26:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC mfehidk mfenlfk mfewfpk MOBKFilter NetBIOS netbt nipplpt2 nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv68/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 2:26:37 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.8/13/2012 2:25:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}8/13/2012 12:44:35 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.8/13/2012 11:02:10 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The system cannot find the path specified.8/13/2012 10:30:45 AM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.8/10/2012 8:30:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.69 for the Network Card with network address 001644D005B8 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message)..==== End Of File ===========================I ran MBAM and it showed 6 things wrong. I have the log for that and can post it if needed. I didn't change anything or clean or repair or whatever the options were. I left it as is for now. Link to post Share on other sites More sharing options...
Maniac Posted August 14, 2012 ID:584924 Share Posted August 14, 2012 Hello Schrodinger and ! My name is Maniac and I will be glad to help you solve your malware problem.Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Please post the old Malwarebytes' Anti-Malware log.Step 1Please uninstall this application: Softonic-Eng7 ToolbarStep 2Launch Malwarebytes' Anti-MalwareGo to Update tab and select Check for Updates. If an update is found, it will download and install the latest version. Go to Scanner tab and select Perform Quick Scan, then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.Step 3Download aswMBR.exe to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan On completion of the scan click save log, save it to your desktop and post in your next reply In your next reply, post the following log files:Malwarebytes' Anti-Malware old logMalwarebytes' Anti-MAlware new logaswMBR loga new fresh DDS log Link to post Share on other sites More sharing options...
Schrodinger Posted August 14, 2012 Author ID:585110 Share Posted August 14, 2012 Thank you thank you thank you for taking the time to reply to my post.I printed out your instructions and followed them to the best of my limited ability.Step 1 - uninstall "Softonic-Eng7 Toolbar : I searched the add/remove programs but didn't see it listed. Typing in the 'search' box from the start button results in the same error " The specified service does not exist..."Step 2 - I could not update Malwarebyte's Anti-Malware since I cannot access the internet on my infected computer. I could try and open in on my wife's computer, add to the desktop, update, then save to my flash. Not sure how big the program is but am willing to try. The current version is 41 days old.But the rest of step 2 was easy peasy.Step 3 - After some difficulty (flash drive not showing) but thanks to another thread I learned how to find it another way (thank you Maurice Naggar). Here is everything so far. (might be multiple posts due to length)Old MBAM logMalwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.03.05Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)Internet Explorer 9.0.8112.16421Dayved :: DAYVED-PC [administrator]8/13/2012 10:02:46 PMmbam-log-2012-08-13 (22-06-36).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 280753Time elapsed: 3 minute(s), 30 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 2HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> No action taken.HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> No action taken.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 2HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> No action taken.HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> No action taken.Folders Detected: 0(No malicious items detected)Files Detected: 2C:\Users\Dayved\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> No action taken.C:\Users\Dayved\0.3392739750893189.exe (Trojan.Agent.Gen) -> No action taken.(end)New MBAM logMalwarebytes Anti-Malware 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.07.03.05Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)Internet Explorer 9.0.8112.16421Dayved :: DAYVED-PC [administrator]8/14/2012 10:45:14 AMmbam-log-2012-08-14 (10-45-14).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 280764Time elapsed: 4 minute(s), 36 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)aswMBR logaswMBR version 0.9.9.1665 Copyright© 2011 AVAST SoftwareRun date: 2012-08-14 11:25:51-----------------------------11:25:51.827 OS Version: Windows 6.0.6002 Service Pack 211:25:51.827 Number of processors: 2 586 0xF0D11:25:51.827 ComputerName: DAYVED-PC UserName: Dayved11:25:52.919 Initialize success11:26:02.716 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-111:26:02.716 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 311:26:02.731 Disk 0 MBR read successfully11:26:02.731 Disk 0 MBR scan11:26:02.731 Disk 0 Windows VISTA default MBR code11:26:02.731 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 149 MB offset 6311:26:02.747 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 30720011:26:02.762 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 294854 MB offset 2127872011:26:02.778 Disk 0 scanning sectors +62513971211:26:02.856 Disk 0 scanning C:\Windows\system32\drivers11:26:11.405 Service scanning11:26:29.906 Modules scanning11:26:34.337 Disk 0 trace - called modules:11:26:34.352 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll11:26:34.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x872c99a0]11:26:34.368 3 CLASSPNP.SYS[83fb98b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x868b9030]11:26:34.368 Scan finished successfully11:27:16.940 Disk 0 MBR has been saved successfully to "F:\Virus\MBR.dat"11:27:17.018 The log file has been saved successfully to "F:\Virus\aswMBR.txt"Fresh DDS log.DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32Run by Dayved at 11:10:05 on 2012-08-14MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.1.1033.18.3581.3084 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\mfevtps.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\Windows\Explorer.EXEC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uWindow Title = Internet Explorer provided by DelluDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6080730uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>;*.localuURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -mURLSearchHooks: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dllBHO: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 ToolbarBHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dllBHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120731113802.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dllBHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} -TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileTB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dllTB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dllEB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dlluRun: [ehTray.exe] c:\windows\ehome\ehTray.exeuRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exeuRun: [Akamai NetSession Interface] "c:\users\dayved\appdata\local\akamai\netsession_win.exe"mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hidemRun: [iAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exemRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcentermRun: [steelSeries World of Warcraft Cataclysm MMO Gaming Mouse] "c:\program files\steelseries\world of warcraft cataclysm mmo gaming mouse\WoWMHID2.exe"mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exemRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkeymRun: [McPvTray_exe] "c:\program files\mcafee\mat\McPvTray.exe"mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silentStartupFolder: c:\users\dayved\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoru~1\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exeStartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exemPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htmIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLLIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTrusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CABDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cabTCP: Interfaces\{76810F3D-6B8E-4152-9F26-ED24600A2F20} : DhcpNameServer = 192.168.1.254Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll.================= FIREFOX ===================.FF - ProfilePath - c:\users\dayved\appdata\roaming\mozilla\firefox\profiles\z7euf2t9.default\FF - prefs.js: browser.search.selectedEngine - GoogleFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dllFF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dllFF - plugin: c:\program files\mozilla firefox\plugins\npnisp.dllFF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dllFF - plugin: c:\program files\veetle\player\npvlc.dllFF - plugin: c:\program files\veetle\plugins\npVeetle.dllFF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dllFF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dllFF - plugin: c:\users\dayved\appdata\roaming\mozilla\plugins\npcoolirisplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dllFF - plugin: c:\windows\system32\npdeployJava1.dllFF - plugin: c:\windows\system32\npmproxy.dllFF - plugin: c:\windows\system32\NPTZDLL.dll.---- FIREFOX POLICIES ----FF - user.js: extensions.BabylonToolbar_i.id - e6f66d79000000000000001fe1bdc9bdFF - user.js: extensions.BabylonToolbar_i.hardId - e6f66d79000000000000001fe1bdc9bdFF - user.js: extensions.BabylonToolbar_i.instlDay - 15437FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1712:17:08FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylonFF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar_i.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar_i.tlbrId - baseFF - user.js: extensions.BabylonToolbar_i.newTab - falseFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111015FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.BabylonToolbar_i.instlRef - sst.============= SERVICES / DRIVERS ===============.R0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-3-25 64048]R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-10-15 464304]R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-3-25 64912]R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-3-25 169608]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-25 214904]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-3-25 161632]R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-3-25 151880]R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2008-7-30 54784]R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-7-30 203264]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-3-25 340920]S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2012-3-25 54776]S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2009-2-23 34592]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_238116a1\AEstSrv.exe [2008-7-30 73728]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-5 217600]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-25 214904]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-25 214904]S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-3-25 214904]S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-3-25 166288]S2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-9-19 65536]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-4 250056]S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-6 9334784]S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-5 275968]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-7-30 29736]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-3-25 57600]S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-3-25 180848]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-3-25 59456]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-3-25 87656]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-7-30 34248]S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-7-30 40552]S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-6 113120]S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-7-30 149208]S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-7-30 277624]S3 SSMO3v2Filter;MMO3v2 Mouse;c:\windows\system32\drivers\MO3v2Driver.sys [2011-11-15 17408]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== File Associations ===============.JSEFile=NOTEPAD.EXE "%1"VBEFile=NOTEPAD.EXE "%1"VBSFile=NOTEPAD.EXE "%1".=============== Created Last 30 ================.2012-08-14 03:02:38 -------- d-----w- c:\users\dayved\appdata\roaming\Malwarebytes2012-08-14 03:02:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-14 03:02:29 -------- d-----w- c:\programdata\Malwarebytes2012-08-14 03:02:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2012-08-10 06:35:48 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{99ec2e76-7ebf-4aeb-ad61-1ba2e8bcba6d}\mpengine.dll.==================== Find3M ====================.2012-08-02 17:50:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-08-02 17:50:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-06-02 01:37:55 74703 ----a-w- c:\windows\system32\mfc45.dll2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll2012-05-31 17:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe1999-12-02 05:54:58 91648 ----a-w- c:\program files\xcacls.exe2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll.============= FINISH: 11:12:20.36 ===============I believe that is everything. Again, I really can't thank you enough. That's a wall of text to go through. Link to post Share on other sites More sharing options...
Maniac Posted August 15, 2012 ID:585440 Share Posted August 15, 2012 Thanks!Before you transfer any files and folder immunize your USB flash drive:http://www.pandasecurity.com/homeusers/downloads/usbvaccine/Next:Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows Update[*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply. Link to post Share on other sites More sharing options...
Schrodinger Posted August 15, 2012 Author ID:585638 Share Posted August 15, 2012 FSS LogFarbar Service Scanner Version: 06-08-2012Ran by Dayved (administrator) on 15-08-2012 at 13:27:01Running from "F:\"MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86)Boot Mode: Network****************************************************************Internet Services:============Dnscache Service is not running. Checking service configuration:Checking Start type: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.Checking ImagePath: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.Checking ServiceDll: ATTENTION!=====> Unable to open Dnscache registry key. The service key does not exist.Dhcp Service is not running. Checking service configuration:The start type of Dhcp service is OK.The ImagePath of Dhcp service is OK.The ServiceDll of Dhcp service is OK.Nsi Service is not running. Checking service configuration:Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.Connection Status:==============Attempt to access Local Host IP returned error: Localhost is blocked: Other errorsLAN connected.Attempt to access Google IP returned error: Other errorsAttempt to access Google.com returned error: Other errorsAttempt to access Yahoo IP returned error: Other errorsAttempt to access Yahoo.com returned error: Other errorsWindows Firewall:=============Firewall Disabled Policy:==================System Restore:============SDRSVC Service is not running. Checking service configuration:The start type of SDRSVC service is OK.The ImagePath of SDRSVC service is OK.The ServiceDll of SDRSVC service is OK.VSS Service is not running. Checking service configuration:The start type of VSS service is OK.The ImagePath of VSS service is OK.System Restore Disabled Policy:========================Security Center:============wscsvc Service is not running. Checking service configuration:The start type of wscsvc service is OK.The ImagePath of wscsvc service is OK.The ServiceDll of wscsvc service is OK.Windows Update:============wuauserv Service is not running. Checking service configuration:Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.BITS Service is not running. Checking service configuration:The start type of BITS service is OK.The ImagePath of BITS service is OK.The ServiceDll of BITS service is OK.EventSystem Service is not running. Checking service configuration:The start type of EventSystem service is OK.The ImagePath of EventSystem service is OK.The ServiceDll of EventSystem service is OK.Windows Autoupdate Disabled Policy:============================PlugPlay Service is not running. Checking service configuration:Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys => MD5 is legitC:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Schrodinger Posted August 17, 2012 Author ID:586517 Share Posted August 17, 2012 Did I leave something out? Just wondering because it's been a few days. Link to post Share on other sites More sharing options...
Maniac Posted August 17, 2012 ID:586766 Share Posted August 17, 2012 Sorry for delay! Some family things....Step 1Please download the following files on your Desktop:DnscacheNSINSI ProxyNSI Proxy LegacywuaservPlugPlayLaunch them and then click on YES button when you get UAC prompt.Step 2Please download on the Desktop the following application: Windows RepairNext, extract and launch the Repair_Windows.exeClick on Start repairs tab-click on Start Check mark following options aloneReset registry permissionsreset file permissionsRepair WMIRepair Windows Firewall.Remove Policies Set By InfectionsRepair Winsock & DNS CacheRepair hostsCheckmark Restart System When Finished optionclick the Start button System should restart after repairPost a new fresh FSS log. Link to post Share on other sites More sharing options...
Schrodinger Posted August 18, 2012 Author ID:586807 Share Posted August 18, 2012 A few questions before I start this.1. When I launced the Windows Repair the following message came up, "SAFE MODE - some repairs may not work correctly under safe mode." Should I be running these programs under safe mode with networking or just normal mode?2. When you say to "Check mark following options alone" do you mean you only want those listed to have check marks in them and all of the rest leave unchecked?Sorry for the simple questions but I don't want to screw this up.And you never have to apologize for any delay. You're awesome for helping me and I know real life takes priority over anything.Thanks again. Link to post Share on other sites More sharing options...
Schrodinger Posted August 18, 2012 Author ID:586815 Share Posted August 18, 2012 Darn no edit function....Also, there is no option on the Windows Repair for "Repair hosts". Link to post Share on other sites More sharing options...
Maniac Posted August 18, 2012 ID:586943 Share Posted August 18, 2012 1. When I launced the Windows Repair the following message came up, "SAFE MODE - some repairs may not work correctly under safe mode." Should I be running these programs under safe mode with networking or just normal mode?Both steps must be executed in Normal mode.2. When you say to "Check mark following options alone" do you mean you only want those listed to have check marks in them and all of the rest leave unchecked?This means that you can select only the ones I listed, the rest should not be marked.Also, there is no option on the Windows Repair for "Repair hosts". The right option is: Repair Hosts File Link to post Share on other sites More sharing options...
Schrodinger Posted August 18, 2012 Author ID:587088 Share Posted August 18, 2012 None of the those steps can be done under normal mode. The error message "The specified service does not exist as an installed service." pops up. Should I run those under safe mode with networking instead or is there a way to 'force' them to run? Link to post Share on other sites More sharing options...
Schrodinger Posted August 19, 2012 Author ID:587177 Share Posted August 19, 2012 For what is worth, I ran the items under safe mode and here is the 2nd FSS logFarbar Service Scanner Version: 06-08-2012Ran by Dayved (administrator) on 18-08-2012 at 20:42:13Running from "F:\"MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86)Boot Mode: Network****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============SDRSVC Service is not running. Checking service configuration:The start type of SDRSVC service is OK.The ImagePath of SDRSVC service is OK.The ServiceDll of SDRSVC service is OK.VSS Service is not running. Checking service configuration:The start type of VSS service is OK.The ImagePath of VSS service is OK.System Restore Disabled Policy:========================Security Center:============wscsvc Service is not running. Checking service configuration:The start type of wscsvc service is OK.The ImagePath of wscsvc service is OK.The ServiceDll of wscsvc service is OK.Windows Update:============wuauserv Service is not running. Checking service configuration:The start type of wuauserv service is OK.The ImagePath of wuauserv service is OK.The ServiceDll of wuauserv service is OK.BITS Service is not running. Checking service configuration:The start type of BITS service is OK.The ImagePath of BITS service is OK.The ServiceDll of BITS service is OK.EventSystem Service is not running. Checking service configuration:The start type of EventSystem service is OK.The ImagePath of EventSystem service is OK.The ServiceDll of EventSystem service is OK.Windows Autoupdate Disabled Policy:============================Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys => MD5 is legitC:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Maniac Posted August 19, 2012 ID:587237 Share Posted August 19, 2012 Do you have internet access now?Please open Start and type: cmd . In Microsoft Command Prompt type the following:sc start SDRSVCThen press Enter button.Do the same for the following commands too:sc start VSSsc start wscsvcsc start wuauservsc start BITSsc start EventSystemReboot and generate a new fresh Farbar Service Scanner log. Link to post Share on other sites More sharing options...
Schrodinger Posted August 19, 2012 Author ID:587310 Share Posted August 19, 2012 A few issues:Pop up error message when started in normal mode : Windows Defender - Application failed to initialize: 0x80070006. The handle is invalidStill can't run anything in normal mode. I get the 'Specified service does not exist' error message.However, I have internet access now! Woohoo!Here is the newest FSS log:Farbar Service Scanner Version: 06-08-2012Ran by Dayved (administrator) on 19-08-2012 at 09:53:40Running from "C:\Users\Dayved\Desktop"MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86)Boot Mode: Network****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============SDRSVC Service is not running. Checking service configuration:The start type of SDRSVC service is OK.The ImagePath of SDRSVC service is OK.The ServiceDll of SDRSVC service is OK.VSS Service is not running. Checking service configuration:The start type of VSS service is OK.The ImagePath of VSS service is OK.System Restore Disabled Policy:========================Security Center:============wscsvc Service is not running. Checking service configuration:The start type of wscsvc service is OK.The ImagePath of wscsvc service is OK.The ServiceDll of wscsvc service is OK.Windows Update:============wuauserv Service is not running. Checking service configuration:The start type of wuauserv service is OK.The ImagePath of wuauserv service is OK.The ServiceDll of wuauserv service is OK.BITS Service is not running. Checking service configuration:The start type of BITS service is OK.The ImagePath of BITS service is OK.The ServiceDll of BITS service is OK.EventSystem Service is not running. Checking service configuration:The start type of EventSystem service is OK.The ImagePath of EventSystem service is OK.The ServiceDll of EventSystem service is OK.Windows Autoupdate Disabled Policy:============================Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys => MD5 is legitC:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Maniac Posted August 19, 2012 ID:587312 Share Posted August 19, 2012 Step 1You may check for the status of “Windows Defender” service and ensure that it’s started and running.a. Click on Start.b. Type “services.msc” in the Start Search box and hit Enter on the keyboard.c. Double-click on Windows Defender.d. Under Service status in the General tab, click Start to start the service.e. From the startup type dropdown menu select Manual.f. Click on Apply and OK.Step 2Please download and run WUS_Fix.exe: http://users.telenet.be/marcvn/tools/WUS_Fix.exeThis should restore the default registry settings related with BITS and Automatic updates. Step 3Please download and run the following files:SDRSVC.regVSS.regwscsvc.regEventSystem.regFinally, reboot your PC and generate a new fresh Farbar Service Scanner log. Link to post Share on other sites More sharing options...
Schrodinger Posted August 20, 2012 Author ID:587664 Share Posted August 20, 2012 Step 1 - Unable to locate Windows Defender under the services. It is not listed. Tried using services.msc in normal mode but got the same reoccurring error. Searched under safe mode with networking and was able to bring up the services list but Defender was not listed.Did all the rest of your instructions however. Here is the FSS log.Farbar Service Scanner Version: 06-08-2012Ran by Dayved (administrator) on 20-08-2012 at 09:14:53Running from "C:\Users\Dayved\Desktop"MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86)Boot Mode: Network****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============SDRSVC Service is not running. Checking service configuration:The start type of SDRSVC service is OK.The ImagePath of SDRSVC service is OK.The ServiceDll of SDRSVC service is OK.VSS Service is not running. Checking service configuration:The start type of VSS service is OK.The ImagePath of VSS service is OK.System Restore Disabled Policy:========================Security Center:============wscsvc Service is not running. Checking service configuration:The start type of wscsvc service is OK.The ImagePath of wscsvc service is OK.The ServiceDll of wscsvc service is OK.Windows Update:============wuauserv Service is not running. Checking service configuration:The start type of wuauserv service is OK.The ImagePath of wuauserv service is OK.The ServiceDll of wuauserv service is OK.BITS Service is not running. Checking service configuration:The start type of BITS service is OK.The ImagePath of BITS service is OK.The ServiceDll of BITS service is OK.EventSystem Service is not running. Checking service configuration:The start type of EventSystem service is OK.The ImagePath of EventSystem service is OK.The ServiceDll of EventSystem service is OK.Windows Autoupdate Disabled Policy:============================Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys => MD5 is legitC:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Maniac Posted August 20, 2012 ID:587667 Share Posted August 20, 2012 Do you still see this message? Link to post Share on other sites More sharing options...
Schrodinger Posted August 20, 2012 Author ID:587701 Share Posted August 20, 2012 The error message for Windows Defender still pops up. And when I try the search function for 'services.msc' the following error message shows up..."C:\Windows\system32\services.msc The specified service does not exist as an installed service.Microsoft Word opens fine as does my comic book viewer program. It appears any exe. file won't open in normal mode. The 'Specified service does not exist as an installed service' pops up for any exe. file.In addition, another minor problem is present; a pop up window appears with the heading, "Start Menu > Programs > Startup > AutorunsDisabled. The folder is empty and it's not a major issue since I can just close the window. Link to post Share on other sites More sharing options...
Maniac Posted August 20, 2012 ID:587716 Share Posted August 20, 2012 Please perform the following action:http://www.bleepingcomputer.com/forums/topic43051.htmlNext, generate a new fresh Farbar Service Scanner log. Link to post Share on other sites More sharing options...
Schrodinger Posted August 20, 2012 Author ID:587734 Share Posted August 20, 2012 Ran the "SFC.EXE /SCANNOW". Not entirely sure if it did anything because the DOS window was only visible for a second or two. It did not ask for my installation disk (which the post said it might not).Still getting the same problems. Windows Defender error, all exe. files not working, and the autorun window pops up. Everything else seems to be working great though. Link to post Share on other sites More sharing options...
Schrodinger Posted August 20, 2012 Author ID:587735 Share Posted August 20, 2012 Oops forgot the FSS log...Farbar Service Scanner Version: 06-08-2012Ran by Dayved (administrator) on 20-08-2012 at 11:44:41Running from "C:\Users\Dayved\Desktop"MicrosoftÆ Windows Vistaô Home Premium Service Pack 2 (X86)Boot Mode: Network****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============SDRSVC Service is not running. Checking service configuration:The start type of SDRSVC service is OK.The ImagePath of SDRSVC service is OK.The ServiceDll of SDRSVC service is OK.VSS Service is not running. Checking service configuration:The start type of VSS service is OK.The ImagePath of VSS service is OK.System Restore Disabled Policy:========================Security Center:============wscsvc Service is not running. Checking service configuration:The start type of wscsvc service is OK.The ImagePath of wscsvc service is OK.The ServiceDll of wscsvc service is OK.Windows Update:============wuauserv Service is not running. Checking service configuration:The start type of wuauserv service is OK.The ImagePath of wuauserv service is OK.The ServiceDll of wuauserv service is OK.BITS Service is not running. Checking service configuration:The start type of BITS service is OK.The ImagePath of BITS service is OK.The ServiceDll of BITS service is OK.EventSystem Service is not running. Checking service configuration:The start type of EventSystem service is OK.The ImagePath of EventSystem service is OK.The ServiceDll of EventSystem service is OK.Windows Autoupdate Disabled Policy:============================Other Services:==============File Check:========C:\Windows\system32\nsisvc.dll => MD5 is legitC:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legitC:\Windows\system32\dhcpcsvc.dll => MD5 is legitC:\Windows\system32\Drivers\afd.sys => MD5 is legitC:\Windows\system32\Drivers\tdx.sys => MD5 is legitC:\Windows\system32\Drivers\tcpip.sys => MD5 is legitC:\Windows\system32\dnsrslvr.dll => MD5 is legitC:\Windows\system32\mpssvc.dll => MD5 is legitC:\Windows\system32\bfe.dll => MD5 is legitC:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legitC:\Windows\system32\SDRSVC.dll => MD5 is legitC:\Windows\system32\vssvc.exe => MD5 is legitC:\Windows\system32\wscsvc.dll => MD5 is legitC:\Windows\system32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\system32\wuaueng.dll => MD5 is legitC:\Windows\system32\qmgr.dll => MD5 is legitC:\Windows\system32\es.dll => MD5 is legitC:\Windows\system32\cryptsvc.dll => MD5 is legitC:\Windows\system32\svchost.exe => MD5 is legitC:\Windows\system32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
Maniac Posted August 20, 2012 ID:587882 Share Posted August 20, 2012 Please download one of the following and run it:http://download.bleepingcomputer.com/FixExec/32-bit/FixExec.comhttp://download.bleepingcomputer.com/FixExec/32-bit/FixExec.pifhttp://download.bleepingcomputer.com/FixExec/32-bit/FixExec.scrWhen FixExec has finished running it will create a log on your Windows desktop called FixExec.txt. This log will contain a list of the items that were repaired on your computer. Post it in your next reply. Link to post Share on other sites More sharing options...
Schrodinger Posted August 21, 2012 Author ID:588240 Share Posted August 21, 2012 Downloaded the first link and ran in. Had to run it in safe mode. It doesn't appear that it fixed anything though. I still can't run any exe. files. But here is the log it posted.FixExec by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2012 BleepingComputer.comMore Information about FixExec can be found at this link: http://www.bleepingcomputer.com/download/windows/utilities/fixexecProgram started at: 08/21/2012 12:41:01 PM in x86 mode.Windows Version: Windows VistaChecking for processes to terminate before fixing executable associations. * No processes found to kill.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Program finished at: 08/21/2012 12:41:08 PMExecution time: 0 hours(s), 0 minute(s), and 8 seconds(s) Link to post Share on other sites More sharing options...
Maniac Posted August 21, 2012 ID:588325 Share Posted August 21, 2012 I would like to run it in Normal mode, not in Safe mode. Link to post Share on other sites More sharing options...
Recommended Posts