also @ TechSpot: HP Envy/Pavilion revamp, more touchscreens, 3200x1800 LCD, 20" tablet

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

The specified service does not exist as an installed service

Discussion in 'Virus and Malware Removal' started by xialoin, Jan 18, 2013.

Post New Reply

Page 2 of 4

Broni Malware Annihilator Posts: 39,380 +177

Safe mode is fine.

Broni, Jan 18, 2013

#21
xialoin Newcomer, in training Posts: 34

I'm back, the whole thing took quite a long time, now I'm not sure where I was supposed to find the new FSS file?

xialoin, Jan 18, 2013

#22
Broni Malware Annihilator Posts: 39,380 +177

You ran it before following my reply #17.
Simply re-run it.

Broni, Jan 18, 2013

#23
xialoin Newcomer, in training Posts: 34

Farbar Service Scanner Version: 16-01-2013
Ran by Kate (administrator) on 19-01-2013 at 01:06:13
Running from "F:\"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Minimal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open Nsi registry key. The service key does not exist.

nsiproxy Service is not running. Checking service configuration:
The start type of nsiproxy service is OK.
The ImagePath of nsiproxy service is OK.

tdx Service is not running. Checking service configuration:
The start type of tdx service is OK.
The ImagePath of tdx service is OK.

afd Service is not running. Checking service configuration:
The start type of afd service is OK.
The ImagePath of afd service is OK.

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
There is no connection to network.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Other errors
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.

Firewall Disabled Policy:
==================

System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

PlugPlay Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open PlugPlay registry key. The service key does not exist.

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

xialoin, Jan 18, 2013

#24
Broni Malware Annihilator Posts: 39,380 +177
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
Broni, Jan 18, 2013

#25

xialoin Newcomer, in training Posts: 34

When ComboFix is done, where will I find the log that I need to paste here?

xialoin, Jan 18, 2013

#26

xialoin Newcomer, in training Posts: 34

ComboFix 13-01-17.04 - Kate 19/01/2013 1:37.1.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2942.2451 [GMT 0:00]
Running from: F:\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-19 to 2013-01-19 )))))))))))))))))))))))))))))))
.
.
2013-01-19 06:27 . 2013-01-19 06:27--------d-----w-C:\FRST
2013-01-19 00:46 . 2008-05-08 05:03303616----a-w-C:\SetACL.exe
2013-01-19 00:29 . 2004-06-11 23:33290304----a-w-C:\subinacl.exe
2013-01-19 00:03 . 2013-01-19 00:57--------d-----w-C:\Tweaking.com_Windows_Repair_Logs
2013-01-19 00:03 . 2013-01-19 00:03--------d-----w-c:\program files\Tweaking.com
2013-01-18 21:23 . 2013-01-18 21:23--------d-----w-c:\users\Kate\AppData\Roaming\Malwarebytes
2013-01-18 21:23 . 2013-01-18 21:23--------d-----w-c:\programdata\Malwarebytes
2013-01-18 21:23 . 2012-12-14 16:4921104----a-w-c:\windows\system32\drivers\mbam.sys
2013-01-18 21:23 . 2013-01-18 21:23--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-01-18 21:23 . 2013-01-18 21:23--------d-----w-c:\users\Kate\AppData\Local\Programs
2013-01-09 17:53 . 2013-01-09 17:59--------d-----w-c:\users\Kate\AppData\Local\Microsoft Games
2012-12-21 16:39 . 2012-12-16 14:13295424----a-w-c:\windows\system32\atmfd.dll
2012-12-21 16:39 . 2012-12-16 14:1334304----a-w-c:\windows\system32\atmlib.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 19:50 . 2012-05-04 07:04697272----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-12-14 19:50 . 2011-09-15 17:5773656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-22 02:56 . 2012-12-12 19:382345984----a-w-c:\windows\system32\win32k.sys
2012-11-12 11:52 . 2012-12-12 19:361638912----a-w-c:\windows\system32\mshtml.tlb
2012-11-09 06:56 . 2011-06-09 17:3960480----a-w-c:\windows\system32\drivers\cfwids.sys
2012-11-09 06:53 . 2011-06-09 17:39210136----a-w-c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 06:53 . 2011-06-09 17:29167344----a-w-c:\windows\system32\mfevtps.exe
2012-11-09 06:52 . 2011-06-09 17:409648----a-w-c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 06:52 . 2011-06-09 17:3992192----a-w-c:\windows\system32\drivers\mferkdet.sys
2012-11-09 06:51 . 2011-03-13 10:20565352----a-w-c:\windows\system32\drivers\mfehidk.sys
2012-11-09 06:50 . 2011-06-09 17:39362640----a-w-c:\windows\system32\drivers\mfefirek.sys
2012-11-09 06:50 . 2011-06-09 17:3965488----a-w-c:\windows\system32\drivers\mfebopk.sys
2012-11-09 06:49 . 2011-06-09 17:39234824----a-w-c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 06:49 . 2011-03-13 10:20132912----a-w-c:\windows\system32\drivers\mfeapfk.sys
2012-11-09 04:42 . 2012-12-12 19:362048----a-w-c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 19:37376832----a-w-c:\windows\system32\dpnet.dll
2012-10-27 06:26 . 2012-12-12 19:36981504----a-w-c:\windows\system32\wininet.dll
2012-10-22 16:30 . 2012-10-22 16:30163056----a-w-c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4DB74D06-491C-440D-305E-012400990F3E}]
2009-07-14 01:1573728----a-w-c:\windows\System32\coomcat.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2011-05-09 09:49176936----a-w-c:\program files\uTorrentControl_v2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7473B6BD-4691-4744-A82B-7854EB3D70B6}"= "c:\program files\uTorrentControl_v2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="OLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE MSRUN" [X]
"TWebCamera"="\TWEBCAMERA.EXE AUTORUN" [X]
"mcui_exe"="KEY" [X]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2009-08-06 1050000]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-07-09 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-07-29 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-03 611672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
"Z1"="c:\users\Kate\Desktop\mbar\mbar.exe" [2013-01-09 1356360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
R2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 19:50]
.
2013-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 11:31]
.
2013-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-29 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wp.pl/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TosNC - CCORE.EXE
HKLM-Run-TosReelTimeMonitor - ITOR.EXE
HKLM-Run-KeNotify - OTIFY.EXE
HKLM-Run-TPwrMain - .EXE
HKLM-Run-00TCrdMain - .EXE
HKLM-Run-SynTPEnh - H.EXE
HKLM-Run-ToshibaServiceStation - .EXE
HKLM-Run-Toshiba Registration - DER.EXE
HKLM-Run-AppleSyncNotifier - OTIFIER.EXE
HKLM-Run-WinampAgent - AMPA.EXE
HKLM-Run-APSDaemon - .EXE
HKLM-Run-iTunesHelper - ESHELPER.EXE
HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\users\Kate\AppData\Local\Temp\Rar$EX00.703\mbar\Data\cleanup.dll
AddRemove-Bloxxit - d:\gry\Bloxit\uninstal.exe
.
.
.
Completion time: 2013-01-19 01:46:46
ComboFix-quarantined-files.txt 2013-01-19 01:46
.
Pre-Run: 120,858,779,648 bytes free
Post-Run: 121,645,056,000 bytes free
.
- - End Of File - - E1FC386E1E7AC62A97C389E2E8F93DDC

xialoin, Jan 18, 2013

#27
Broni Malware Annihilator Posts: 39,380 +177

At this point it doesn't look like your issue is caused by an infection.
There was one possibly malicious file we removed with FRST script and that's about it.

Try repair installation: http://www.w7forums.com/repair-install-t1204.html

Broni, Jan 18, 2013

#28
xialoin Newcomer, in training Posts: 34

So how did it all start then? From nothing? Not a virus? I haven't deleted anything in the past month or two! Now, if we can't restore my windows to like, 3 weeks back, even 6 hours ago, then there is nothing left other than reinstalling windows and loosing all the files right? In that case, even if I wanted to do that, I haven't been given the Windows 7 CD. This leaves me with piracy.. So really? Nothing I can do about that now? And you said 'Surely we will fix that'..

xialoin, Jan 18, 2013

#29
xialoin Newcomer, in training Posts: 34

Dude! There has to be something! You can't just say no and give up on this. Please.. Can't we possibly use one of those programs to see what file we accidentaly deleted and then like restore it?

xialoin, Jan 18, 2013

#30
Broni Malware Annihilator Posts: 39,380 +177

There is no reason to get upset with me.
I didn't do anything to your computer.
I'm only trying to help to the best of my knowledge.

Then, apparently you even didn't check my link.
If you did you'd know that repair installation will not disturb your data (backing up your data is always recommended though, even when your computer is fine).
If you don't have Windows DVD you can easily create it without pirating anything.
See my manual here: http://www.smartestcomputing.us.com...ble-dvd-or-usb-for-your-version-of-windows-7/
In order to run repair installation you'll have to uninstall Service Pack 1.

Broni, Jan 18, 2013

#31
Broni Malware Annihilator Posts: 39,380 +177

Dude! There has to be something! You can't just say no and give up on this

Please be polite.
You're not the only person I'm helping so I can't reply to your reply in a split second.

Broni, Jan 18, 2013

#32
xialoin Newcomer, in training Posts: 34

I'am polite, it's 02:30 in UK, I'm really tired, I'm starting work at 6am! I have probably less than 3 hours of sleep left now because of this stupid laptop, everyone would be annoyed at least a little that after all this you just get a message that you can't really solve this.. Sorry but I appreciate your help!

xialoin, Jan 18, 2013

#33
xialoin Newcomer, in training Posts: 34

Will I loose any files with this: http://www.smartestcomputing.us.com...ble-dvd-or-usb-for-your-version-of-windows-7/

xialoin, Jan 18, 2013

#34
Broni Malware Annihilator Posts: 39,380 +177

I strongly suggest you get some sleep.
Rushing things up is never a good idea.

repair installation will not disturb your data (backing up your data is always recommended though, even when your computer is fine).

Broni, Jan 18, 2013

#35
xialoin Newcomer, in training Posts: 34

You think so? I'll take the laptop to work tomorrow, well now it's today actually, and at about 12 I will try to uninstall my Service Pack 1 but hang on a minute.. I thought you can't uninstall it if it was already there when you bought the laptop. What then?

xialoin, Jan 18, 2013

#36
Broni Malware Annihilator Posts: 39,380 +177

Service Pack can always be uninstalled.

Broni, Jan 18, 2013

#37
xialoin Newcomer, in training Posts: 34

Ok, I think I'll get some sleep now. Or might aswell just stay up When I will be installing my new Windows 7, will it ask for the key that I have on the sticker on the bottom of my laptop? Or will it just recognise that I have a legal version and just kind of reboot my system?

xialoin, Jan 18, 2013

#38
Broni Malware Annihilator Posts: 39,380 +177

You'll NOT be installing new Windows. You'll repair existing installation.'
Go to bed! Now!...LOL

Broni, Jan 18, 2013

#39
xialoin Newcomer, in training Posts: 34

Sorry But I just want to get rid of the Service Pack at least for now

xialoin, Jan 18, 2013

#40

Page 2 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.