Windows Security Service and Firewall missing in action - Vista Home Premium 64-bit

[eidling]

My neighbor clicked on a bogus flashing message that her computer was infected, and as a result ran some sort of invasive malware (or something). I think I have succeed in removing anything bad - at least your program did not detect anything - however her Windows Security Service Center is turned off and cannot be turned on, and her firewall cannot be turned out. So, although her computer seems to be okay at the moment, it would seem to be more vulnerable that before the attack.

I have read and searched and tried to reinstall these services without success. I'm not sure her laptop is still infected. If this is not the correct forum please advise. I think (unless something additional is detected on her laptop) that I mostly need help restoring these services to her laptop.

thank you very much in advance!

Here are the contents of the files generated by the DDS program:

attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume3

Install Date: 6/16/2009 12:51:30 PM

System Uptime: 5/19/2013 9:04:49 AM (1 hours ago)

.

Motherboard: Dell Inc. | | 0P792H

Processor: Intel® Core2 Duo CPU T6500 @ 2.10GHz | U2E1 | 2100/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 313.43 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 6.503 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

3ivx MPEG-4 5.0.3 (remove only)

ABBYY FineReader 6.0 Sprint

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.3

Advanced Audio FX Engine

Ask Toolbar

Ask Toolbar Updater

Bing Bar

Bing Rewards Client Installer

CCleaner

Compatibility Pack for the 2007 Office system

Consumer In-Home Service Agreement

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Edoc Viewer

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Touchpad

Dell Video Chat

Dell Webcam Central

Do_Good Toolbar

Dogpile Bundle Toolbar

FlipShare

Google Desktop

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Driver Diagnostics

Integrated Webcam Driver (1.06.03.0309)

Intel® Graphics Media Accelerator Driver

ITECIR

Java 7 Update 13

Java Auto Updater

Java 6 Update 29

Java 6 Update 3

LeapFrog Connect

LeapFrog Leapster2 Plugin

Lexmark Printable Web

Lexmark Pro200-S500 Series

Lexmark Toolbar

Linksys EasyLink Advisor

Live! Cam Avatar Creator

Malwarebytes Anti-Malware version 1.75.0.1300

Memeo AutoBackup

Memeo AutoSync

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office File Validation Add-In

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Edition 2003

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft UI Engine

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Works

Moozy

Mozilla Firefox 18.0.2 (x86 en-US)

Mozilla Maintenance Service

NPR_Radio Toolbar

Picasa 2

PowerDVD DX

Pure Networks Platform

Quickset

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Search Toolbar

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Setup Support for ShopToWin 1.0

Setup Support for Weatherbug 1.0

Shop to Win 11

Skype™ 5.10

Spelling Dictionaries Support For Adobe Reader 9

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)

Walgreens PictureMover

WD Diagnostics

WebEx Support Manager for Internet Explorer

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

Windows Live ID Sign-in Assistant

Windows Live Sync

.

==== End Of File ===========================

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 1.6.0_29

Run by Owner at 10:19:44 on 2013-05-19

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4054.2177 [GMT -4:00]

.

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe

C:\Windows\SysWOW64\java.exe

C:\Windows\system32\spool\DRIVERS\x64\3\lxebserv.exe

C:\Windows\system32\lxebcoms.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Windows\sminst\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Windows\system32\taskeng.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe

C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\ehome\ehmsas.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Internet Explorer provided by Dell

uSearch Bar = Preserve

uSearch Page = hxxp://www.google.com

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

mURLSearchHooks: NPR Radio Toolbar: {f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82} - C:\Program Files (x86)\NPR_Radio\tbNPR_.dll

mURLSearchHooks: Do Good Toolbar: {a7c707a4-57db-414e-80d5-198388f52ceb} - C:\Program Files (x86)\Do_Good\tbDo_G.dll

mWinlogon: Userinit = userinit.exe,

BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Shop to Win 11: {67D688EC-87DA-4A28-BFA5-C4DB8BE5C9EA} - C:\Program Files (x86)\Shop to Win 11\ShoppingBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Do Good Toolbar: {a7c707a4-57db-414e-80d5-198388f52ceb} - C:\Program Files (x86)\Do_Good\tbDo_G.dll

BHO: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll

BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: NPR Radio Toolbar: {f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82} - C:\Program Files (x86)\NPR_Radio\tbNPR_.dll

TB: NPR Radio Toolbar: {F2C96FF5-E7BD-4FC5-9B71-1D3BD0B6BF82} - C:\Program Files (x86)\NPR_Radio\tbNPR_.dll

TB: Do Good Toolbar: {A7C707A4-57DB-414E-80D5-198388F52CEB} - C:\Program Files (x86)\Do_Good\tbDo_G.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll

TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: NPR Radio Toolbar: {f2c96ff5-e7bd-4fc5-9b71-1d3bd0b6bf82} - C:\Program Files (x86)\NPR_Radio\tbNPR_.dll

TB: Do Good Toolbar: {a7c707a4-57db-414e-80d5-198388f52ceb} - C:\Program Files (x86)\Do_Good\tbDo_G.dll

TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll

TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MEMEOA~1.LNK - C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{39A908FD-7322-41AE-B374-C7A076B2FC97}\NewShortcut4_51A847D327C24F7797772AF2A4E486ED.exe

StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MEMEOA~2.LNK - C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: NameServer = 172.16.0.1

TCP: Interfaces\{AD03C0B6-2D1B-4A05-9479-1E70C523078F} : DHCPNameServer = 172.16.0.1

TCP: Interfaces\{F731C865-B850-4FC3-BFCD-42C1FAD32BBE} : DHCPNameServer = 167.206.254.2 167.206.254.1

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~1\GOEC62~1.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe

x64-Run: [lxebmon.exe] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe"

x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-mPolicies-Explorer: NoActiveDesktop = dword:1

x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1

x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

x64-mPolicies-System: EnableUIADesktopToggle = dword:0

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\3knyzeh0.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=6098BAA0-014E-445A-A6A1-2E7FCB5E0882&apn_ptnrs=&apn_sauid=5606BBA5-B890-4B8D-A060-83BC3942B43C&apn_dtid=OSJ000&&q=

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-6-16 53488]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-6-16 89600]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]

R2 LinksysUpdater;Linksys Updater;C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-11-13 204800]

R2 lxeb_device;lxeb_device;C:\Windows\System32\lxebcoms.exe -service --> C:\Windows\System32\lxebcoms.exe -service [?]

R2 lxebCATSCustConnectService;lxebCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxebserv.exe [2010-11-6 45736]

R2 SftService;SoftThinks Agent Service;C:\Windows\sminst\SftService.exe [2009-6-16 632048]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-6-16 126464]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-16 239104]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-6-16 4735488]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-3-6 159840]

R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-3-8 319840]

S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2009-10-7 30192]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

S3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-4 28152]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-21 89920]

.

=============== File Associations ===============

.

FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2013-05-16 07:09:41 75016696 ----a-w- C:\Windows\System32\mrt.exe

2013-05-14 21:08:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 21:08:38 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-11 19:10:43 4346816 ----a-w- C:\ccsetup401.EXE

2013-05-05 21:36:54 17818624 ----a-w- C:\Windows\System32\mshtml.dll

2013-05-05 21:16:13 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-05 19:25:43 12324864 ----a-w- C:\Windows\SysWow64\mshtml.dll

2013-05-05 19:12:55 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-05-01 22:56:18 168212 ----a-w- C:\ProgramData\SPLEE29.tmp

2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll

2013-04-09 01:55:57 2774016 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 01:19:09 10926080 ----a-w- C:\Windows\System32\ieframe.dll

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:01:06 1346560 ----a-w- C:\Windows\System32\urlmon.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:58:59 237056 ----a-w- C:\Windows\System32\url.dll

2013-04-05 00:57:27 85504 ----a-w- C:\Windows\System32\jsproxy.dll

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:57 816640 ----a-w- C:\Windows\System32\jscript.dll

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-05 00:54:50 729088 ----a-w- C:\Windows\System32\msfeeds.dll

2013-04-05 00:54:25 2147840 ----a-w- C:\Windows\System32\iertutil.dll

2013-04-05 00:51:52 96768 ----a-w- C:\Windows\System32\mshtmled.dll

2013-04-05 00:46:50 248320 ----a-w- C:\Windows\System32\ieui.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:09:30 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:58 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 22:01:35 231936 ----a-w- C:\Windows\SysWow64\url.dll

2013-04-04 21:59:49 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:58:24 717824 ----a-w- C:\Windows\SysWow64\jscript.dll

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-04 21:56:41 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll

2013-04-04 21:55:19 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll

2013-04-04 21:54:42 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll

2013-04-04 21:50:34 176640 ----a-w- C:\Windows\SysWow64\ieui.dll

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-11 13:33:42 4691304 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-09 04:16:35 85504 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-09 01:48:36 75264 ----a-w- C:\Windows\System32\smss.exe

2013-03-08 04:18:52 451072 ----a-w- C:\Windows\System32\winsrv.dll

2013-03-08 04:17:12 2425344 ----a-w- C:\Windows\System32\mstscax.dll

2013-03-08 03:52:22 2067968 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-03-03 19:13:14 1513320 ----a-w- C:\Windows\System32\drivers\ntfs.sys

.

============= FINISH: 10:20:13.76 ===============

[eidling]

Please excuse the typos in the preceding message. It should have read: My neighbor clicked on a bogus flashing message that her computer was infected, and as a result ran some sort of invasive malware (or something). I think I have succeeded in removing anything bad - at least your program did not detect anything - however her Windows Security Service Center is turned off and cannot be turned on, and her firewall cannot be turned on. So, although her computer seems to be okay at the moment, it would seem to be more vulnerable than before the attack.

I have read and searched and tried to reinstall these services without success. I'm not sure her laptop is still infected. If this is not the correct forum please advise. I think (unless something additional is detected on her laptop) that I mostly need help restoring these services to her laptop.

thank you very much in advance!

[eidling]

VERY SORRY - SHE FINALLY FOUND HER INSTALLATION DISKS. SHE HAS BACKED UP HER FILES, SO I WILL JUST DO A CLEAN INSTALL OF VISTA. PLEASE CLOSE THIS REQUEST AND USE YOUR VALUABLE TIME FOR SOMEONE ELSE'S PROBLEM. MANY THANKS!

[LDTate]

Thanks for letting us know