parg0lf Posted December 1, 2012 ID:618771 Share Posted December 1, 2012 I have a Dell inspiron 530 Desktop PC with Intel Core 2 Quad Q6600 2.4GHz processor, with 4GB Ram and 32 bit operating system (Windows Vista). All of a sudden it will not connect to my home network, and even something as simple as the audio features are not working. Whenever I try to start any program I get the nasty message that reads "The specified service does not exist as an installed service". I have read other posts on this forum (reference post from user "AllanGay" dated June 21, 2012) and it seems that several others are having the same problems. I have started my PC in safe mode and I followed the advice from Mr. Maurice Nagger who was directing user "AllanGay" in the forum on how to start the process. The steps I have taken thus far include running the "Rkill.com" program (log file attached below), running the "unhide.exe" program, and lastly running the "dds.scr" tool, and below I have attached the attach.txt as well as the dds.txt files that it generated.I am hopeful that Mr. Naggar or another experienced person from Malwarebytes can help me rid my PC of this problem and gain control of my PC again. While I wait for a return reply and directions on how to proceed, I will be trying to move some of my important files onto a USB memory device, in the event I have to do the fatefull hard disk reformat and start over from scratch with this PC. Still holding out some small glimmer of hope that it can be revived from the grasps of whatever this problem might be. Below is the text file from Rkill Rkill 2.4.5 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2012 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.htmlProgram started at: 11/30/2012 10:03:12 PM in x86 mode.Windows Version: Windows Vista Home Premium Service Pack 2Checking for Windows services to stop: * No malware services found to stop.Checking for processes to terminate: * No malware processes found to kill.Checking Registry for malware related settings: * No issues found in the Registry.Resetting .EXE, .COM, & .BAT associations in the Windows Registry.Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 * Windows Firewall Disabled [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = dword:00000000Checking Windows Service Integrity: * DHCP Client (Dhcp) is not Running. Startup Type set to: Automatic * DHCP Client (Dnscache) is not Running. Startup Type set to: Automatic * COM+ Event System (EventSystem) is not Running. Startup Type set to: Automatic * COM+ Event System (RpcSs) is not Running. Startup Type set to: Automatic * Windows Firewall Authorization Driver (mpsdrv) is not Running. Startup Type set to: Manual * Appinfo [Missing Service] * BFE [Missing Service] * IPBusEnum [Missing Service] * iphlpsvc [Missing Service] * MpsSvc [Missing Service] * Netman [Missing Service] * netprofm [Missing Service] * nsi [Missing Service] * PlugPlay [Missing Service] * QWAVE [Missing Service] * seclogon [Missing Service] * SENS [Missing Service] * SessionEnv [Missing Service] * SLUINotify [Missing Service] * SysMain [Missing Service] * upnphost [Missing Service] * wcncsvc [Missing Service] * WcsPlugInService [Missing Service] * WinDefend [Missing Service] * WinHttpAutoProxySvc [Missing Service] * wscsvc [Missing Service] * wuauserv [Missing Service] * Dnscache [Missing ImagePath] * WebClient [Missing Parameters Key] * WPDBusEnum [Missing Parameters Key]Searching for Missing Digital Signatures: * No issues found.Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost ::1 localhostProgram finished at: 11/30/2012 10:03:22 PMExecution time: 0 hours(s), 0 minute(s), and 9 seconds(s) Here is the txt file from attach.txt.DDS (Ver_2012-11-20.01).Microsoft® Windows Vista™ Home PremiumBoot Device: \Device\HarddiskVolume3Install Date: 9/3/2008 9:18:08 AMSystem Uptime: 11/27/2012 10:13:09 PM (72 hours ago).Motherboard: Dell Inc. | | 0FM586Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2394/266mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 456 GiB total, 185.544 GiB free.D: is FIXED (NTFS) - 10 GiB total, 3.883 GiB free.E: is CDROM (UDF)F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is FIXED (NTFS) - 932 GiB total, 917.702 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================..==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)32 Bit HP CIO Components InstallerAce of SpadesAdobe AIRAdobe Flash Player 11 ActiveXAdobe Reader 8.1.3Adobe Shockwave Player 11.6Apple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft MediaImpression HD EditionATI Catalyst Control CenterAudibleManagerBanctec Service AgreementBing Rewards Client InstallerBonjourBrother HL-5370DWBrowser Address Error RedirectorBufferChmCanon Utilities My PrinterCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center Localization Chinese StandardCatalyst Control Center Localization Chinese TraditionalCatalyst Control Center Localization FrenchCatalyst Control Center Localization GermanCatalyst Control Center Localization HungarianCatalyst Control Center Localization ItalianCatalyst Control Center Localization JapaneseCatalyst Control Center Localization KoreanCatalyst Control Center Localization PolishCatalyst Control Center Localization PortugueseCatalyst Control Center Localization SpanishCatalyst Control Center Localization ThaiCatalyst Control Center Localization Turkishccc-core-staticccc-utilityCCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help EnglishCCC Help FrenchCCC Help GermanCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help PolishCCC Help PortugueseCCC Help SpanishCCC Help ThaiCCC Help TurkishCDDRV_InstallerCisco WebEx MeetingsConvert AVI to MP4 1.3Creative MediaSource 5Creative System InformationCreative ZEND110Dell-eBayDell Best of WebDell DataSafe OnlineDell DockDell Getting Started GuideDell Support Center (Support Software)DestinationsDeviceDiscoverydoPDF 7.2 printerDropboxEDocsGoogle DesktopGoToAssist CorporateGPBaseService2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)HP Customer Participation Program 14.0HP Imaging Device Functions 14.0HP Photo CreationsHP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7HP Smart Web Printing 4.60HP Solution Center 14.0HP UpdateHPAppStudioHPPhotoGadgetHPProductAssistantHPSSupplyiCloudInfinisource Payroll Smart ClientIntel® PRO Network Connections 12.1.11.0iTunesJava 6 Update 5Java 7 Update 5KhalInstallWrapperLEGO Digital DesignerLogitech Gaming Software 5.08Logitech SetPointMarketResearchMcAfee Security Scan PlusMcAfee SecurityCenterMicrosoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB2698023)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Default ManagerMicrosoft Flight Simulator XMicrosoft IntelliPoint 6.1Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access 2007Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Home and Student 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SilverlightMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MobileMe Control PanelMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKNetworkOGA Notifier 2.0.0048.0PriorityPayWPS_AIO_07_D110_SW_MinQuickTimeQuickTransferRealtek High Definition Audio DriverROBLOX Player for BrianRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DERoxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSafariScanSecurity Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596672) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596856) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687314) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687441) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2687315) 32-Bit EditionShared C Run-time for x86Shop for HP SuppliesSkinsSmartWebPrintingSolutionCenterSound Blaster Audigy ADVANCED MBSpelling Dictionaries Support For Adobe Reader 8StatusswMSMTomTom HOMETomTom HOME Visual Studio Merge ModulesToolboxTrayAppUnity Web Player (All users)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Vgrabber ToolbarWatchGuard Mobile VPNWebRegWest Point Bridge Designer 2012 (2nd Edition) (remove only)Windows Live ID Sign-in AssistantZENcast Organizer.==== End Of File ===========================Finally here is the text file from dds.txtDDS (Ver_2012-11-20.01) - NTFS_x86 NETWORKInternet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.0Run by Brian at 22:49:46 on 2012-11-30Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.2544 [GMT -5:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Windows\System32\Notepad.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkService.============== Pseudo HJT Report ===============.uStart Page = hxxp://portal.wowway.net/uWindow Title = Internet Explorer provided by DelluDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080903mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtBtDtDyE0EyEtAyDtDyEzyyDtBzztAtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=894483779uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%suURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dlluURLSearchHooks: <No Name>: - LocalServer32 - <no file>uURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dllmURLSearchHooks: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dllmWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: Play Pickle Text: {02F0243C-2E71-4a1a-A790-6C30888119D0} -BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dllBHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120625224653.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Shop to Win: {A0D2864A-05FA-91F4-A5CC-DEF70D52F5AF} -BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dllBHO: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dllBHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: Shop to Win: {EE146ACC-D881-1414-2148-B1D008B47ADB} -BHO: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllTB: Vgrabber Toolbar: {B2ED7FAF-72A0-46D1-9D9D-602226F5CB9F} - c:\program files\vgrabber\prxtbVgra.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dllTB: Vgrabber Toolbar: {b2ed7faf-72a0-46d1-9d9d-602226f5cb9f} - c:\program files\vgrabber\prxtbVgra.dllTB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dllmPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dllDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP5-14362/webex/ieatgpc1.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{8EBEBF83-F912-464C-9D2A-920FA57F7B44} : DHCPNameServer = 192.168.1.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dllAppInit_DLLs= c:\progra~1\google\google~2\GOEC62~1.DLLLSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-9-3 554048]R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-5 206784]R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784]R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-5 168368]R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-9-5 166320]R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-5 60480]R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-5 360792]R3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520]S1 ncpfilt;WatchGuard Filter;c:\windows\system32\drivers\ncplelhp.sys [2009-3-13 72520]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-5 200816]S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-10-1 146872]S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-9-3 230224]S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-9-3 61912]S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-5 92192]S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-9-3 34248]S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-9-3 40552]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]S4 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-4-28 161048]S4 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-3 30192]S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-5 95200]S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.287\McCHSvc.exe [2012-9-11 234776]S4 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784]S4 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-9-5 167784]S4 ncpclcfg;ncpclcfg;c:\program files\watchguard\mobile vpn\ncpclcfg.exe [2009-3-13 81920]S4 ncprwsnt;ncprwsnt;c:\program files\watchguard\mobile vpn\NCPRWSNT.EXE [2009-3-13 1036296]S4 NcpSec;NcpSec;c:\program files\watchguard\mobile vpn\NCPSEC.EXE [2009-3-13 45056]S4 rwsrsu;RwsRsu;c:\program files\watchguard\mobile vpn\rwsrsu.exe [2009-1-13 266240]S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632].=============== Created Last 30 ================.2012-11-28 03:05:24 -------- d-----w- c:\windows\pss2012-11-14 11:57:59 75776 ----a-w- c:\windows\system32\synceng.dll2012-11-14 11:57:38 2047488 ----a-w- c:\windows\system32\win32k.sys2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll2012-11-10 22:06:45 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll2012-11-10 22:06:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll.==================== Find3M ====================.2012-11-08 22:55:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2012-11-08 22:55:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll.============= FINISH: 22:50:16.24 =============== Link to post Share on other sites More sharing options...
daledoc1 Posted December 1, 2012 ID:618776 Share Posted December 1, 2012 Hi and welcome: Sorry to hear you're infected.It's generally NOT a god idea to follow malware cleaning advice provided to another user, even if the problem sounds "the same".A fix for one system could severely damage another system, as each computer is unique. Also, we can't review scan logs or work on malware removal in this sub-section of the forum.Help is just around the corner. Please read below for assistance with cleaning your system.IMPORTANT: Please do NOT use any temporary file cleaners unless instructed to do so - they can cause data loss, making recovery difficult.IF YOU WOULD LIKE EXPERT HELP WITH MALWARE REMOVAL, PLEASE CHOOSE ONE OF THE FOLLOWING 3 OPTIONS:OPTION 1: Free, one-on-one, expert assistance in the Malware Removal Forum. (Please see helpful tips below.)OPTION 2: For licensed users of MBAM PRO, there is free, one-on-one, expert assistance from the MBAM support helpdesk.OPTION 3: Fee-based, one-on-one, expert assistance from Premium Support.OPTION 1:Please print out, read and carefully follow the instructions in the "I'm Infected - What Do I Do Now?" sticky topic.-->If the infection has so crippled the computer that you cannot complete some or all of the steps, then just do the best you can and start a new topic as described below.Then please start a new post in the Malware Removal Forum.An authorized, trained malware expert will provide free, one-on-one assistance as soon as one becomes available.-->>When starting your new post, please note the following:<<--Please do NOT post in a topic started by someone else, even if their problem sounds similar.Please COPY/PASTE the requested logs directly into your post, rather than attaching them.Under options, please be sure to select "track this topic" and "immediate email notification", so you'll know when a helper responds.Please be patient - it may be 48 hours or more before a helper can assist you, especially when the forum is very busy.Please do NOT "bump" your topic or reply back to it for at least 48 hours.Doing so may cause your topic to be overlooked, as it will appear that you are already being helped.OPTION 2:If you are a paid user of MBAM PRO and would like support via the helpdesk, please contact them HERE.OPTION 3:If you prefer the Malwarebytes Premium Services (comprehensive solutions to all your computer support needs – from installation and set-up to troubleshooting and tune-ups), please go to the Premium Support site HERE.Please be patient – someone will assist you as soon as possible.Thank you very much,daledoc1 Link to post Share on other sites More sharing options...
Wide_Glide Posted December 1, 2012 ID:618777 Share Posted December 1, 2012 Deleted please follow daledoc1's instructions Link to post Share on other sites More sharing options...
Maurice Naggar Posted December 11, 2012 ID:622295 Share Posted December 11, 2012 Resolved by member and Gringo_pr see http://forums.malwarebytes.org/index.php?showtopic=118930&st=40 Link to post Share on other sites More sharing options...
Recommended Posts