The specified service does not exist as an installed service

Solved
By xialoin
Jan 18, 2013
  1. Hey, my name is Sebastian and I have a massive problem!

    I'am using a Toshiba laptop on Windows 7. But I'm writing from my PC because I'm unable to access the internet on the laptop from normal mode and safe mode. My internet has 'Limited Access', it never had that until the day when a random pornographic site came up for some reason (I haven't serached anything, maybe I accidentally clicked on a advert?). Now, I can't access many programs as a pop up comes up saying 'The specified service does not exist as an installed service'. I tried some soultions that I have found on the internet and yes, I know it may have made the virus worse but I have realized that my USB is not visible so I have to open a file manually through 'Run'. I'am using McAfee as my antivirus. On the internet, people that had this problem also used McAfee, I think anyway.

    Please give me steps on how I could solve this problem! I don't want to give you my registry while not being sure which program would be suitable to and if it would not harm my PC. I have not made any backups unfortunately but I don't think it would let me restore it anyway. What is the point of viruses? Don't people have better things to do with their lifes? They don't gain, they loose time.. Unless they can get some money from it.. I'm not patient :p I want to solve this, so please help me :)!
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===========================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  3. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    Ok, thanks for the instructions :)!

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please observe forum rules.
    All logs have to be pasted not attached.
  5. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    Sorry, I'm new to this site :(
  6. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2013
    Ran by SYSTEM at 18-01-2013 22:34:37
    Running from C:\
    Windows 7 Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1050000 2009-08-06] (Toshiba Europe GmbH)
    HKLM\...\Run: [TosNC] CCORE.EXE [x]
    HKLM\...\Run: [TosReelTimeMonitor] ITOR.EXE [x]
    HKLM\...\Run: [StartCCC] OLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE" MSRUN [x]
    HKLM\...\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-07-09] (TOSHIBA CORPORATION)
    HKLM\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [425984 2009-06-02] (TOSHIBA Electronics, Inc.)
    HKLM\...\Run: [KeNotify] OTIFY.EXE [x]
    HKLM\...\Run: [TPwrMain] .EXE [x]
    HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [521528 2009-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] .EXE [x]
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)
    HKLM\...\Run: [SynTPEnh] H.EXE [x]
    HKLM\...\Run: [TWebCamera] \TWEBCAMERA.EXE" AUTORUN [x]
    HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [163840 2009-07-28] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [611672 2009-08-03] (TOSHIBA Corporation)
    HKLM\...\Run: [ToshibaServiceStation] .EXE /HIDE:60 [x]
    HKLM\...\Run: [Toshiba Registration] DER.EXE [x]
    HKLM\...\Run: [AppleSyncNotifier] OTIFIER.EXE [x]
    HKLM\...\Run: [WinampAgent] AMPA.EXE" [x]
    HKLM\...\Run: [mcui_exe] KEY [x]
    HKLM\...\Run: [APSDaemon] .EXE" [x]
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] ESHELPER.EXE" [x]
    HKU\Default\...\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
    HKU\Default User\...\Run: [TOSHIBA Online Product Information] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [6203296 2009-08-12] (TOSHIBA)
    HKU\Kate\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
    HKU\Kate\...\Run: [gshftew] rundll32 "C:\Users\Kate\AppData\Local\gshftew.dll",gshftew [18432 2013-01-08] ()
    HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [512360 2012-12-14] (Malwarebytes Corporation)
    HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1091432 2012-12-14] (Malwarebytes Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    ==================== Services (Whitelisted) ===================
    2 cfWiMAXService; "C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe" [185712 2009-08-10] (TOSHIBA CORPORATION)
    2 ConfigFree Service; "C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe" [46448 2009-03-10] (TOSHIBA CORPORATION)
    3 GameConsoleService; "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe" [250616 2009-05-22] (WildTangent, Inc.)
    2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
    2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
    3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [279048 2012-11-16] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [167784 2012-08-31] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [203400 2012-11-08] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [168880 2012-11-08] (McAfee, Inc.)
    2 mfevtp; "C:\Windows\system32\mfevtps.exe" [167344 2012-11-08] (McAfee, Inc.)
    2 NAUpdate; "C:\Program Files\Nero\Update\NASvc.exe" [598312 2011-03-29] (Nero AG)
    3 RasMan; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)
    3 SensrSvc; C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [20992 2009-07-13] (Microsoft Corporation)
    2 TemproMonitoringService; "C:\Program Files\Toshiba TEMPRO\TemproSvc.exe" [116104 2009-08-06] (Toshiba Europe GmbH)
    3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)
    2 TosCoSrv; "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe" [464224 2009-08-05] (TOSHIBA Corporation)
    3 TOSHIBA HDD SSD Alert Service; "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe" [111960 2009-08-03] (TOSHIBA Corporation)
    3 WebClient; C:\Windows\System32\svchost.exe -k LocalService [20992 2009-07-13] (Microsoft Corporation)
    3 WinDefend; C:\Windows\System32\svchost.exe -k secsvcs [20992 2009-07-13] (Microsoft Corporation)
    3 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) ====================
    3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-12] (CSR, plc)
    3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60480 2012-11-08] (McAfee, Inc.)
    3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-20] (McAfee, Inc.)
    0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [36208 2009-07-02] (COMPAL ELECTRONIC INC.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
    3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [132912 2012-11-08] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [234824 2012-11-08] (McAfee, Inc.)
    3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65488 2012-11-08] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [362640 2012-11-08] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565352 2012-11-08] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92192 2012-11-08] (McAfee, Inc.)
    0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210136 2012-11-08] (McAfee, Inc.)
    3 PGEffect; C:\Windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
    3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-20] (Realtek Semiconductor Corp.)
    3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
    3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
    ==================== NetSvcs (Whitelisted) ===================
    ==================== One Month Created Files and Folders ========
    2013-01-18 22:27 - 2013-01-18 22:27 - 00000000 ____D C:\FRST
    2013-01-18 13:23 - 2013-01-18 13:23 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-18 13:23 - 2013-01-18 13:23 - 00000000 ____D C:\Users\Kate\AppData\Roaming\Malwarebytes
    2013-01-18 13:23 - 2013-01-18 13:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-18 13:23 - 2013-01-18 13:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-01-18 13:23 - 2012-12-14 08:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-01-09 09:53 - 2013-01-09 09:59 - 00000000 ____D C:\Users\Kate\AppData\Local\Microsoft Games
    2013-01-08 11:00 - 2013-01-08 11:00 - 00018432 ____A C:\Users\Kate\AppData\Local\gshftew.dll
    2012-12-21 08:39 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-21 08:39 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-19 11:49 - 2012-12-19 11:49 - 00262144 ____A C:\Windows\System32\config\ELAM
    ==================== One Month Modified Files and Folders ========
    2013-01-18 22:34 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
    2013-01-18 22:27 - 2013-01-18 22:27 - 00000000 ____D C:\FRST
    2013-01-18 14:14 - 2011-06-09 09:41 - 00001835 ____A C:\Users\Public\Desktop\BT NetProtect Plus.lnk
    2013-01-18 14:07 - 2009-09-09 22:40 - 00992380 ____A C:\Windows\PFRO.log
    2013-01-18 13:23 - 2013-01-18 13:23 - 00001078 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2013-01-18 13:23 - 2013-01-18 13:23 - 00000000 ____D C:\Users\Kate\AppData\Roaming\Malwarebytes
    2013-01-18 13:23 - 2013-01-18 13:23 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-18 13:23 - 2013-01-18 13:23 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2013-01-18 13:22 - 2009-09-09 22:25 - 00732510 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-18 12:50 - 2012-05-03 23:04 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-18 12:16 - 2011-09-29 03:31 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-01-18 11:40 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-18 11:40 - 2009-07-13 20:34 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-18 11:33 - 2011-09-29 03:31 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-01-18 11:32 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-18 11:28 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\NDF
    2013-01-09 09:59 - 2013-01-09 09:53 - 00000000 ____D C:\Users\Kate\AppData\Local\Microsoft Games
    2013-01-08 13:17 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
    2013-01-08 11:02 - 2010-04-09 07:09 - 01354588 ____A C:\Windows\WindowsUpdate.log
    2013-01-08 11:00 - 2013-01-08 11:00 - 00018432 ____A C:\Users\Kate\AppData\Local\gshftew.dll
    2013-01-08 10:56 - 2009-07-13 20:39 - 00080374 ____A C:\Windows\setupact.log
    2013-01-07 14:36 - 2010-12-25 01:03 - 00000000 ____D C:\Users\Kate\AppData\Local\CrashDumps
    2013-01-07 12:12 - 2012-11-19 13:20 - 00000416 ____A C:\Windows\Tasks\At1.job
    2012-12-21 14:04 - 2009-07-13 20:33 - 00335224 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-12-21 04:31 - 2011-06-09 09:39 - 00000000 ____D C:\Program Files\McAfee
    2012-12-21 04:31 - 2011-06-09 09:39 - 00000000 ____D C:\Program Files\Common Files\Mcafee
    2012-12-19 11:49 - 2012-12-19 11:49 - 00262144 ____A C:\Windows\System32\config\ELAM
    ==================== Known DLLs (Whitelisted) =================
    ==================== Bamital & volsnap Check =================
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-11-16 12:19:40
    Restore point made on: 2012-11-29 08:50:29
    Restore point made on: 2012-12-12 11:34:30
    Restore point made on: 2012-12-14 11:07:10
    Restore point made on: 2012-12-21 08:39:44
    Restore point made on: 2013-01-08 13:17:17
    Restore point made on: 2013-01-18 12:26:27
    ==================== Memory info ===========================
    Percentage of memory in use: 12%
    Total physical RAM: 3838.42 MB
    Available physical RAM: 3345.85 MB
    Total Pagefile: 3836.7 MB
    Available Pagefile: 3345.58 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1963.2 MB
    ==================== Partitions =============================
    1 Drive c: (WINDOWS) (Fixed) (Total:149.41 GB) (Free:112.89 GB) NTFS
    2 Drive e: (Data) (Fixed) (Total:148.28 GB) (Free:141.44 GB) NTFS
    3 Drive f: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: () (Removable) (Total:1.84 GB) (Free:1.64 GB) FAT
    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 298 GB 0 B
    Disk 1 Online 1886 MB 0 B
    Disk 2 No Media 0 B 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 400 MB 1024 KB
    Partition 2 Primary 149 GB 401 MB
    Partition 3 Primary 148 GB 149 GB
    =========================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F SYSTEM NTFS Partition 400 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C WINDOWS NTFS Partition 149 GB Healthy
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 E Data NTFS Partition 148 GB Healthy
    =========================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1884 MB 67 KB
    =========================================================
    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 Y FAT Removable 1884 MB Healthy
    =========================================================
    Last Boot: 2013-01-18 12:19
    ==================== End Of Log ============================
  7. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

    Attached Files:

  8. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2013
    Ran by SYSTEM at 2013-01-18 23:06:03 Run:1
    Running from Y:\

    ==============================================

    HKEY_USERS\Kate\Software\Microsoft\Windows\CurrentVersion\Run\\gshftew Value deleted successfully.
    C:\Users\Kate\AppData\Local\gshftew.dll moved successfully.

    ==== End of Fixlog ====
  9. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    I have a problem with finding the Malwarebytes Anti-Rootkit zip file on my laptop. Should I enter safe mode? I can't see my usb in the Computer. And when I use 'Run', I'm not sure if you can unzip files from there. How should I unzip the files then?
  10. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    It should be where you always download files.
    Why do you need to see USB?
  11. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    I stated clearly at the beginning that I can't access internet on the laptop because the virus or whatever it is tells me my internet has 'Limited Access'. I have to download files from this PC and transfer them to my laptop with a USB.
  12. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I see.

    Check if you can access USB drive from safe mode.
  13. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    The system sees the USB in safe mode, waiting for the scan to complete, will post the results as soon as possible! Do you think we'll be able to fix this issue? Honestly?
     
  14. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Surely we will :)
  15. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.01.0.1016

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x86

    System is currently in a safe mode

    Account is Administrative

    Internet Explorer version: 8.0.7601.17514

    Java version: 1.6.0_14

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 2.099000 GHz
    Memory total: 3085352960, free: 2719997952

    ------------ Kernel report ------------
    01/18/2013 23:41:14
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\imofugc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\LPCFilter.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\mfewfpk.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps32.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\AtiPcie.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\usbohci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_msahci.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\framebuf.dll
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\msvcrt.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\msctf.dll
    \Windows\System32\lpk.dll
    \Windows\System32\sechost.dll
    \Windows\System32\psapi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\usp10.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\ole32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\user32.dll
    \Windows\System32\urlmon.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xffffffff86269030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\00000070\
    Lower Device Object: 0xffffffff86268be0
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    Initialization returned 0x0
    Load Function returned 0x0
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xffffffff862683c8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\0000006f\
    Lower Device Object: 0xffffffff86247ca8
    Lower Device Driver Name: \Driver\USBSTOR\
    Driver name found: USBSTOR
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff84ed27b8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-1\
    Lower Device Object: 0xffffffff85c76908
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff84ed27b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff84ed23f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff84ed27b8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff85c76908, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
    ------------ End ----------
    Upper DeviceData: 0xffffffff9b9619e8, 0xffffffff84ed27b8, 0xffffffff8635aac8
    Lower DeviceData: 0xffffffff9b841c60, 0xffffffff85c76908, 0xffffffff8630b7d8
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 6A48139F

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 819200
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 821248 Numsec = 313344000

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 314165248 Numsec = 310974464

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xffffffff862683c8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86248a08, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff862683c8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86247ca8, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Upper DeviceData: 0xffffffff9b844f40, 0xffffffff862683c8, 0xffffffff8635e848
    Lower DeviceData: 0xffffffff8b967928, 0xffffffff86247ca8, 0xffffffff8635b370
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 0

    Partition information:

    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 135 Numsec = 3858489

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 1977614336 bytes
    Sector size: 512 bytes

    Physical Sector Size: 0
    Drive: 2, DevicePointer: 0xffffffff86269030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff86267428, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff86269030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff86268be0, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
  16. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    Malwarebytes Anti-Rootkit BETA 1.01.0.1016
    www.malwarebytes.org

    Database version: v2013.01.09.01

    Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
    Internet Explorer 8.0.7601.17514
    Kate :: KATE-TOSH [administrator]

    18/01/2013 23:51:00
    mbar-log-2013-01-18 (23-51-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 28823
    Time elapsed: 9 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    That looks good.

    Let's see about your internet connection.

    Please download Farbar Service Scanner Download Link and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  18. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    Farbar Service Scanner Version: 16-01-2013
    Ran by Kate (administrator) on 18-01-2013 at 23:57:00
    Running from "F:\"
    Windows 7 Home Premium Service Pack 1 (X86)
    Boot Mode: Minimal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    Nsi Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

    nsiproxy Service is not running. Checking service configuration:
    The start type of nsiproxy service is OK.
    The ImagePath of nsiproxy service is OK.

    tdx Service is not running. Checking service configuration:
    The start type of tdx service is OK.
    The ImagePath of tdx service is OK.

    afd Service is not running. Checking service configuration:
    The start type of afd service is OK.
    The ImagePath of afd service is OK.


    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    There is no connection to network.
    Attempt to access Google IP returned error. Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error. Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.

    bfe Service is not running. Checking service configuration:
    The start type of bfe service is OK.
    The ImagePath of bfe service is OK.
    The ServiceDll of bfe service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is OK.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    PlugPlay Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    We have some registry items missing.

    Download Windows Repair (all in one) from this site

    Install the program then run it.

    Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

    [​IMG]



    Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 4 and under "System Restore" click on Create button:

    [​IMG]


    Go to Start Repairs tab and click Start button.

    [​IMG]


    Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

    [​IMG]

    Click on box next to the Restart System when Finished. Then click on Start.

    Post new FSS log.
  20. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    Safe mode is fine? In normal mode the error pops up again,
    'The specified service does not exist as an installed service'
  21. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Safe mode is fine.
  22. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    I'm back, the whole thing took quite a long time, now I'm not sure where I was supposed to find the new FSS file?
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    You ran it before following my reply #17.
    Simply re-run it.
  24. xialoin

    xialoin Newcomer, in training Topic Starter Posts: 34

    Farbar Service Scanner Version: 16-01-2013
    Ran by Kate (administrator) on 19-01-2013 at 01:06:13
    Running from "F:\"
    Windows 7 Home Premium Service Pack 1 (X86)
    Boot Mode: Minimal
    ****************************************************************

    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.

    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.

    Nsi Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
    Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

    nsiproxy Service is not running. Checking service configuration:
    The start type of nsiproxy service is OK.
    The ImagePath of nsiproxy service is OK.

    tdx Service is not running. Checking service configuration:
    The start type of tdx service is OK.
    The ImagePath of tdx service is OK.

    afd Service is not running. Checking service configuration:
    The start type of afd service is OK.
    The ImagePath of afd service is OK.


    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    There is no connection to network.
    Attempt to access Google IP returned error. Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error. Other errors
    Attempt to access Yahoo.com returned error: Other errors


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.

    bfe Service is not running. Checking service configuration:
    The start type of bfe service is OK.
    The ImagePath of bfe service is OK.
    The ServiceDll of bfe service is OK.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.

    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.


    System Restore Disabled Policy:
    ========================


    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

    BITS Service is not running. Checking service configuration:
    The start type of BITS service is OK.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend service is OK.
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    PlugPlay Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.
    Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
  25. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.