Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The specified service does not exist as an installed service 2


  • This topic is locked This topic is locked
3 replies to this topic

#1 marcellaodum

marcellaodum

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:23 PM

Posted 18 May 2013 - 09:17 PM

Currently I have no administrator rights, no printers, no internet connection, no ability to modify McAfee installation or programs in any way, no USB devices are viewable (although i have worked around this somewhat). In safe mode, i can operate but still no internet and some programs will not run. Firewall wouldn't stay on to begin with, now virus scan is starting the same process - appears to be on but is off when you drill down. I have tried to uninstall McAfee but it will not allow me to.  Some of my programs are starting to take away my access - even in safe mode.  I am trying to figure out a way to transfer my files to a USB to save them in case of a reinstall but as of yet i can't find a way to mass copy them to the USB.

 

These are the steps I have already taken based on another forum I read - no luck:

1. rkill.exe

2. unhide.exe

3 dds.scr

4. tdsskiller.exe with mbam chameleon

5. erunt-setup.exe

6. aswMBR.exe

7. security check.exe

8. FSS.exe

9. ExeFix.reg

10. ComboFix.exe

 

 

I have logs for all that created logs from the steps above. ......  Below are the attach.text file, dds.text file and the combinfix results file.  

 

I appreciate any help.

 

Marcie

 

 

 

attach.text file...

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/12/2010 7:30:09 PM
System Uptime: 5/18/2013 2:05:37 PM (3 hours ago)
.
Motherboard: Dell Inc. |  | 0XPDFK
Processor: Intel® Xeon® CPU           W3503  @ 2.40GHz | CPU | 2399/4800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 184.368 GiB free.
D: is CDROM (UDF)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP182: 4/19/2013 12:00:07 AM - Scheduled Checkpoint
RP183: 4/24/2013 3:00:10 AM - Windows Update
RP184: 4/24/2013 7:56:36 PM - Installed iTunes
RP185: 4/30/2013 3:00:11 AM - Windows Update
RP186: 5/4/2013 9:49:09 AM - Removed DealFinder
RP187: 5/12/2013 12:00:07 AM - Scheduled Checkpoint
RP188: 5/15/2013 3:00:14 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.3 - CPSID_83708
Adobe AIR
Adobe Flash Player 11 ActiveX
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
C6100
c6100_Help
Carbonite
CardMinder V3.1
CardMinder V3.2
Cisco Connect
Copy
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Dividend Miles Toolbar
DocProc
ERUNT 1.1j
Fax
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
HP Customer Participation Program 13.0
HP Imaging Device Functions 13.0
HP Officejet 6500 E710n-z Basic Device Software
HP Officejet 6500 E710n-z Help
HP Photosmart All-In-One Driver Software 13.0 Rel. A
HP Photosmart Essential 3.5
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
I.R.I.S. OCR
iCloud
iTunes
Java Auto Updater
Java™ 6 Update 26
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Marketsplash Shortcuts
McAfee Online Backup
McAfee Total Protection
McAfee Virtual Technician
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2007
Microsoft Publisher 2010
MobileMe Control Panel
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network
OCR Software by I.R.I.S. 13.0
Quicken 2011
QuickTime
Safari
Scan
ScanSnap
ScanSnap Manager
ScanSnap Organizer
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x86
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
SonicWALL SSL-VPN NetExtender
Status
Toolbox
TrayApp
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2010 wtniper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2011 wtniper
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
TurboTax 2012 wtniper
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
WinZip 15.5
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/18/2013 2:09:28 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
5/18/2013 2:09:28 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/18/2013 2:09:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/18/2013 2:08:38 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/18/2013 2:08:36 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/18/2013 2:08:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
5/18/2013 2:08:29 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/18/2013 2:08:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
5/18/2013 2:08:01 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {C90134D2-4AE9-407A-919A-4A2EF09C6C51}
5/18/2013 2:05:58 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache MOBKFilter spldr Wanarpv6
5/18/2013 2:05:58 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The service has not been started.
5/18/2013 2:05:54 PM, Error: Service Control Manager [7023]  - The WinDefend service terminated with the following error:  Access is denied.
5/18/2013 2:05:53 PM, Error: Service Control Manager [7003]  - The Network Location Awareness service depends the following service: NSI. This service might not be installed.
5/18/2013 2:05:53 PM, Error: Service Control Manager [7003]  - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
5/18/2013 2:05:53 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
5/18/2013 2:05:52 PM, Error: Service Control Manager [7003]  - The Workstation service depends the following service: NSI. This service might not be installed.
5/18/2013 2:05:52 PM, Error: Service Control Manager [7003]  - The DNS Client service depends the following service: NSI. This service might not be installed.
5/18/2013 2:05:52 PM, Error: Service Control Manager [7003]  - The DHCP Client service depends the following service: NSI. This service might not be installed.
5/18/2013 2:05:51 PM, Error: Service Control Manager [7003]  - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed.
5/18/2013 2:05:51 PM, Error: Service Control Manager [7001]  - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
5/18/2013 2:00:48 PM, Error: Service Control Manager [7001]  - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
5/18/2013 12:57:29 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
5/18/2013 12:51:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
5/18/2013 12:36:35 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
5/18/2013 12:33:53 PM, Error: Service Control Manager [7003]  - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
5/18/2013 12:33:53 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
5/18/2013 12:31:12 PM, Error: Service Control Manager [7038]  - The SstpSvc service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error:  The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/18/2013 12:31:12 PM, Error: Service Control Manager [7001]  - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error:  The service did not start due to a logon failure.
5/18/2013 12:31:12 PM, Error: Service Control Manager [7000]  - The Secure Socket Tunneling Protocol Service service failed to start due to the following error:  The service did not start due to a logon failure.
5/18/2013 12:18:39 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache mfehidk MOBKFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
5/18/2013 12:18:39 PM, Error: Service Control Manager [7001]  - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/18/2013 12:18:39 PM, Error: Service Control Manager [7001]  - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/18/2013 12:18:39 PM, Error: Service Control Manager [7001]  - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/18/2013 12:18:39 PM, Error: Service Control Manager [7001]  - The McAfee Anti-Malware Core service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/18/2013 12:18:38 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/18/2013 12:18:38 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
5/18/2013 12:18:38 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/18/2013 12:18:38 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/18/2013 12:18:38 PM, Error: Service Control Manager [7001]  - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error:  A device attached to the system is not functioning.
5/18/2013 12:18:38 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/18/2013 12:16:54 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}
5/18/2013 1:59:30 PM, Error: Microsoft-Windows-WMPNSS-Service [14338]  - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070424'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/18/2013 1:59:30 PM, Error: Microsoft-Windows-WMPNSS-Service [14333]  - Service 'WMPNetworkSvc' did not start correctly due to error '0x80070424'. Restart your computer, and then try to restart the service.
5/18/2013 1:57:23 PM, Error: Service Control Manager [7003]  - The Telephony service depends the following service: PlugPlay. This service might not be installed.
5/18/2013 1:57:23 PM, Error: Service Control Manager [7001]  - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
5/18/2013 1:57:03 PM, Error: Service Control Manager [7023]  - The seclogon service terminated with the following error:  The specified procedure could not be found.
5/18/2013 1:56:56 PM, Error: Service Control Manager [7023]  - The Server service terminated with the following error:  The service has not been started.
5/18/2013 1:56:51 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Workstation service which failed to start because of the following error:  The dependency service does not exist or has been marked for deletion.
5/18/2013 1:33:11 PM, Error: Service Control Manager [7034]  - The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
5/18/2013 1:33:11 PM, Error: Service Control Manager [7034]  - The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
5/18/2013 1:33:04 PM, Error: Service Control Manager [7023]  - The LogMeIn service terminated with the following error:  %%-2147467243
5/18/2013 1:06:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 10 for Windows 7 Service Pack 1 (KB2829530).
5/18/2013 1:06:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for ActiveX Killbits for Windows 7 (KB2820197).
5/18/2013 1:06:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2820331).
5/18/2013 1:06:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2813956).
5/18/2013 1:06:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0816: Update for Windows 7 (KB2798162).
5/18/2013 1:06:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2830290).
5/18/2013 1:06:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Windows 7 (KB2829361).
5/18/2013 1:06:02 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x800f0816: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 SP1 x86 (KB2804579).
5/15/2013 3:20:21 AM, Error: Service Control Manager [7000]  - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error:  The system cannot find the path specified.
5/12/2013 8:34:25 PM, Error: Service Control Manager [7000]  - The Windows Connect Now - Config Registrar service failed to start due to the following error:  The system cannot find the path specified.
.
==== End Of File ===========================
 

 

 

DDS.text file..........

 

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 10.0.9200.16537
Run by Marcie at 17:51:18 on 2013-05-18
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3070.2416 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {868978c8-95f3-4020-a5cd-5a16d60e36ca} - c:\program files\dividend miles toolbar\Helper.dll
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Dividend Miles Toolbar BHO: {69CD690C-70B1-4333-AD69-28FFF7118C56} - c:\program files\dividend miles toolbar\Toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Dividend Miles Toolbar: {3948072D-28FE-4206-9F7F-2AFF92B24679} - c:\program files\dividend miles toolbar\Toolbar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: Dividend Miles Toolbar: {3948072D-28FE-4206-9F7F-2AFF92B24679} - c:\program files\dividend miles toolbar\Toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [mcui_exe] KEY
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SonicWALLNetExtender] EGUI.EXE -HIDEGUI -CLEARREBOOT
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogMeIn GUI] SYSTRAY.EXE"
mRun: [mcpltui_exe] KEY
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [1] c:\program files\malwarebytes' anti-malware\chameleon\mbam-chameleon.exe /r /p
StartupFolder: c:\users\marcie\appdata\roaming\micros~1\windows\startm~1\programs\startup\dealfi~1.lnk - c:\program files\aa\dealfinder\dealfinder\DealFinder.exe
StartupFolder: c:\users\marcie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cardmi~1.lnk - c:\program files\pfu\scansnap\cardminder v3.1\CardLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://remote.lupton.com/XTSAC.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://remote.lupton.com/NELX.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724
TCP: NameServer = 24.159.64.23 24.217.201.67 24.177.176.38
TCP: Interfaces\{41A2DDB5-3E7C-4FBB-8788-3E35F15F3F08} : DHCPNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
TCP: Interfaces\{CB49D2FE-13D0-4FCC-BD8F-B4CA81B68814} : DHCPNameServer = 198.224.182.135 198.224.183.135
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-11-9 565416]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-9 210168]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-11 184728]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-1-11 168880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-1-11 171976]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-9 362640]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\drivers\NxDrv.sys [2009-10-21 22600]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\drivers\MOBK.sys [2011-1-20 54776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-11 184728]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2012-1-31 374704]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2012-4-15 47640]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-18 418376]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-18 701512]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-10-4 167784]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-11 184728]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-11 184728]
S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-1-11 184728]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-1-11 632344]
S2 MOBKbackup;McAfee Online Backup;c:\program files\mcafee online backup\MOBKbackup.exe [2010-4-13 229688]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-9 60480]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-4-2 147472]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-5-18 31560]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-18 22856]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-11-9 234824]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-11-9 65488]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2012-11-2 252200]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2012-11-2 81456]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-10-17 1343400]
.
=============== Created Last 30 ================
.
2013-05-18 17:36:56 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-18 16:59:32 -------- d-----w- c:\users\marcie\appdata\local\temp
2013-05-18 16:51:37 98816 ----a-w- c:\windows\sed.exe
2013-05-18 16:51:37 256000 ----a-w- c:\windows\PEV.exe
2013-05-18 16:51:37 208896 ----a-w- c:\windows\MBR.exe
2013-05-18 15:55:28 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-05-18 15:52:54 -------- d-----w- c:\users\marcie\appdata\roaming\Malwarebytes
2013-05-18 15:52:45 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-18 15:52:45 -------- d-----w- c:\programdata\Malwarebytes
2013-05-18 15:52:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-18 15:52:32 -------- d-----w- c:\users\marcie\appdata\local\Programs
2013-05-04 14:16:24 -------- d-----w- c:\programdata\Citrix
2013-05-04 14:08:13 -------- d-----w- c:\program files\Citrix
2013-05-04 14:08:06 -------- d-----w- c:\users\marcie\appdata\local\Citrix
2013-05-04 14:07:49 -------- d-----w- c:\users\marcie\appdata\local\Deployment
2013-05-04 14:07:49 -------- d-----w- c:\users\marcie\appdata\local\Apps
2013-05-03 22:46:27 -------- d-----w- c:\programdata\BA9E99498C89661A0000BA9DDEB16BD8
2013-04-30 07:03:25 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-24 23:59:11 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-24 23:58:44 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-04-24 23:58:44 -------- d-----w- c:\program files\iTunes
2013-04-24 23:58:44 -------- d-----w- c:\program files\iPod
2013-04-24 01:20:19 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
==================== Find3M  ====================
.
2013-04-30 07:03:25 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-13 17:33:17 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 17:33:17 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-01 03:09:59 2347008 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 17:51:23.19 ===============
 

 

Combofix log text file.......

 

ComboFix 13-05-18.03 - Marcie 05/18/2013  12:54:10.1.2 - x86 NETWORK
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3070.2527 [GMT -4:00]
Running from: D:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marcie\Cardv32l10W_510.exe
c:\users\Marcie\GoToAssistDownloadHelper.exe
c:\users\Marcie\Orgv32l13W_510.exe
c:\users\Marcie\ssv42l14W_510.exe
.
Infected copy of c:\windows\system32\samsrv.dll was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.1.7601.17514_none_b3f5c348ff36a76f\samsrv.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-18 to 2013-05-18  )))))))))))))))))))))))))))))))
.
.
2013-05-18 16:59 . 2013-05-18 17:36 -------- d-----w- c:\users\Marcie\AppData\Local\temp
2013-05-18 16:59 . 2013-05-18 16:59 -------- d-----w- c:\users\Marcie Odum\AppData\Local\temp
2013-05-18 16:59 . 2013-05-18 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-18 16:59 . 2013-05-18 16:59 -------- d-----w- c:\users\Brad\AppData\Local\temp
2013-05-18 16:10 . 2013-05-18 16:10 -------- d-----w- c:\program files\ERUNT
2013-05-18 15:55 . 2013-05-18 15:55 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-05-18 15:52 . 2013-05-18 15:52 -------- d-----w- c:\users\Marcie\AppData\Roaming\Malwarebytes
2013-05-18 15:52 . 2013-05-18 15:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-18 15:52 . 2013-05-18 15:52 -------- d-----w- c:\programdata\Malwarebytes
2013-05-18 15:52 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-18 15:52 . 2013-05-18 15:52 -------- d-----w- c:\users\Marcie\AppData\Local\Programs
2013-05-04 14:16 . 2013-05-04 14:16 -------- d-----w- c:\programdata\Citrix
2013-05-04 14:08 . 2013-05-04 14:08 -------- d-----w- c:\program files\Citrix
2013-05-04 14:08 . 2013-05-04 14:08 -------- d-----w- c:\users\Marcie\AppData\Local\Citrix
2013-05-04 14:07 . 2013-05-04 14:08 -------- d-----w- c:\users\Marcie\AppData\Local\Deployment
2013-05-04 14:07 . 2013-05-04 14:07 -------- d-----w- c:\users\Marcie\AppData\Local\Apps
2013-05-03 22:46 . 2013-05-03 22:51 -------- d-----w- c:\programdata\BA9E99498C89661A0000BA9DDEB16BD8
2013-04-30 07:03 . 2013-04-30 07:03 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-24 23:59 . 2012-08-21 17:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-04-24 23:58 . 2013-04-24 23:59 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-04-24 23:58 . 2013-04-24 23:59 -------- d-----w- c:\program files\iTunes
2013-04-24 23:58 . 2013-04-24 23:58 -------- d-----w- c:\program files\iPod
2013-04-24 01:20 . 2013-04-12 13:45 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 05:04 . 2013-04-10 20:49 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 20:49 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 20:49 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 20:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-03-13 17:33 . 2012-04-12 13:04 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:33 . 2011-06-01 12:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-01 03:09 . 2013-04-10 20:49 2347008 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{868978c8-95f3-4020-a5cd-5a16d60e36ca}"= "c:\program files\Dividend Miles Toolbar\Helper.dll" [2011-06-08 357376]
.
[HKEY_CLASSES_ROOT\clsid\{868978c8-95f3-4020-a5cd-5a16d60e36ca}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{18AB4FA0-5522-4114-9654-5CCE2F9D172E}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{69CD690C-70B1-4333-AD69-28FFF7118C56}]
2011-06-08 19:01 1544192 ----a-w- c:\program files\Dividend Miles Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3948072D-28FE-4206-9F7F-2AFF92B24679}"= "c:\program files\Dividend Miles Toolbar\Toolbar.dll" [2011-06-08 1544192]
.
[HKEY_CLASSES_ROOT\clsid\{3948072d-28fe-4206-9f7f-2aff92b24679}]
[HKEY_CLASSES_ROOT\FCTB000063323.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8406FB26-8A92-4574-8C97-410FCDAD7F00}]
[HKEY_CLASSES_ROOT\FCTB000063323.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3948072D-28FE-4206-9F7F-2AFF92B24679}"= "c:\program files\Dividend Miles Toolbar\Toolbar.dll" [2011-06-08 1544192]
.
[HKEY_CLASSES_ROOT\clsid\{3948072d-28fe-4206-9f7f-2aff92b24679}]
[HKEY_CLASSES_ROOT\FCTB000063323.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{8406FB26-8A92-4574-8C97-410FCDAD7F00}]
[HKEY_CLASSES_ROOT\FCTB000063323.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-14 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="KEY" [X]
"SonicWALLNetExtender"="EGUI.EXE -HIDEGUI -CLEARREBOOT" [X]
"mcpltui_exe"="KEY" [X]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-12-19 44280]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-12-18 642816]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"LogMeIn GUI"="SYSTRAY.EXE" [2009-07-14 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
"1"="c:\program files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" [2013-04-04 218184]
.
c:\users\Marcie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DealFinder.lnk - c:\program files\AA\DealFinder\DealFinder\DealFinder.exe [N/A]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [N/A]
CardMinder Viewer.lnk - c:\program files\PFU\ScanSnap\CardMinder V3.1\CardLauncher.exe [2010-10-14 36864]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2010-10-27 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2010-10-27 1175552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [x]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ    HPSLPSVC
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:33]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 02:27]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 02:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Trusted Zone: americanexpress.com\online
Trusted Zone: lupton.com\remote
TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ScanSnap WIA Service Checker - DOWS\SSDRIVER\FI5110\SSWIACHECKER.EXE
HKLM-Run-hpqSRMon - .EXE
HKLM-Run-Adobe ARM - FILES\ADOBE\ARM\1.0\ADOBEARM.EXE
HKLM-Run-AppleSyncNotifier - OTIFIER.EXE
HKLM-Run-SunJavaUpdateSched - FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
HKLM-Run-APSDaemon - .EXE
HKLM-Run-Carbonite Backup - ITEUI.EXE
HKLM-Run-IntelliType Pro - TER\ITYPE.EXE
HKLM-Run-IntelliPoint - T.EXE
HKLM-Run-iTunesHelper - ESHELPER.EXE
SafeBoot-mbamchameleon
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(932)
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\windows\system32\conhost.exe
c:\windows\system32\DllHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\helppane.exe
.
**************************************************************************
.
Completion time: 2013-05-18  13:40:42 - machine was rebooted
ComboFix-quarantined-files.txt  2013-05-18 17:40
.
Pre-Run: 194,514,378,752 bytes free
Post-Run: 197,928,726,528 bytes free
.
- - End Of File - - 262D487D11938762F3A99DFD436CFFCE
 


Edited by marcellaodum, 19 May 2013 - 09:09 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 AM

Posted 23 May 2013 - 08:22 AM

Greetings Marcie and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Sounds like you have a lot going on. Please allow me some time to review the information you have provided and I will reply as soon as possible. While I do that please attempt to run the below program.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 AM

Posted 26 May 2013 - 08:32 AM

Greetings Marcie,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:23 AM

Posted 28 May 2013 - 08:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users