Had to run Fix.b in safe mode would not run as an installed service in normal. Reboot after into normal, FSS would not run, booted back in safe mode with network and ran FSS and DDS here are the results: Farbar Service Scanner Version: 06-08-2012 Ran by Mike (administrator) on 21-08-2012 at 10:36:04 Running from "C:\Users\Mike\Desktop" MicrosoftÆ Windows Vistaô Home Basic Service Pack 2 (X86) Boot Mode: Network **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ SDRSVC Service is not running. Checking service configuration: The start type of SDRSVC service is OK. The ImagePath of SDRSVC service is OK. The ServiceDll of SDRSVC service is OK. VSS Service is not running. Checking service configuration: The start type of VSS service is set to Auto. The default start type is 3. The ImagePath of VSS service is OK. System Restore Disabled Policy: ======================== Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is OK. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. BITS Service is not running. Checking service configuration: The start type of BITS service is OK. The ImagePath of BITS service is OK. The ServiceDll of BITS service is OK. EventSystem Service is not running. Checking service configuration: The start type of EventSystem service is OK. The ImagePath of EventSystem service is OK. The ServiceDll of EventSystem service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Other Services: ============== File Check: ======== C:\Windows\system32\nsisvc.dll => MD5 is legit C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit C:\Windows\system32\dhcpcsvc.dll => MD5 is legit C:\Windows\system32\Drivers\afd.sys => MD5 is legit C:\Windows\system32\Drivers\tdx.sys => MD5 is legit C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit C:\Windows\system32\dnsrslvr.dll => MD5 is legit C:\Windows\system32\mpssvc.dll => MD5 is legit C:\Windows\system32\bfe.dll => MD5 is legit C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit C:\Windows\system32\SDRSVC.dll => MD5 is legit C:\Windows\system32\vssvc.exe => MD5 is legit C:\Windows\system32\wscsvc.dll => MD5 is legit C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\system32\wuaueng.dll => MD5 is legit C:\Windows\system32\qmgr.dll => MD5 is legit C:\Windows\system32\es.dll => MD5 is legit C:\Windows\system32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\system32\svchost.exe => MD5 is legit C:\Windows\system32\rpcss.dll => MD5 is legit **** End of log **** . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.19298 BrowserJavaVersion: 1.6.0_31 Run by Mike at 10:43:09 on 2012-08-21 MicrosoftÆ Windows Vistaô Home Basic 6.0.6002.2.1252.1.1033.18.2939.2392 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB uInternet Settings,ProxyOverride = *.local uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120821083726.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7725.1624\swg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [Akamai NetSession Interface] c:\users\mike\appdata\local\akamai\netsession_win.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe mRun: [NDSTray.exe] DSTRAY.EXE mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [skytel] Skytel.exe mRun: [AdobeCS4ServiceManager] CHEDBYLOGIN mRun: [mcui_exe] KEY mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} : DhcpNameServer = 65.32.1.65 65.32.1.70 TCP: Interfaces\{5EDAFF20-7624-4ECB-89E7-54C0DADCA959} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{C57DED09-9FD3-4BE3-B9E3-6A4E6E3F01DB} : DhcpNameServer = 192.168.2.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\go67oabi.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://google.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\picasa2\npPicasa3.dll FF - plugin: c:\users\mike\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 554048] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-23 206784] R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-14 25896] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-23 168280] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-23 168368] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-23 166320] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-23 60480] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-23 360792] R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648] S2 0146171344458290mcinstcleanup;McAfee Application Installer Cleanup (0146171344458290);c:\windows\temp\014617~1.exe -cleanup -nolog --> c:\windows\temp\014617~1.EXE -cleanup -nolog [?] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-17 133104] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-2-6 13672] S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-7 655944] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-23 168280] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-23 168280] S2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-23 168280] S2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-23 200816] S2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392] S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-28 250056] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-17 133104] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-8-8 146872] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-7 22344] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-20 40776] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-23 230224] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-23 61912] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-23 92192] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-4 113120] S3 netr73;Netopia RT73 Wireless Driver for Vista;c:\windows\system32\drivers\netr73.sys [2010-2-24 494368] S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896] . =============== Created Last 30 ================ . 2012-08-21 13:47:06 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-08-21 13:44:41 7023536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{efa9f4a7-817e-4910-bd91-2842173c8134}\mpengine.dll 2012-08-21 13:39:33 7023536 ------w- c:\programdata\microsoft\windows defender\definition updates\updates\mpengine.dll 2012-08-21 13:34:22 623616 ----a-w- c:\windows\system32\localspl.dll 2012-08-21 12:51:56 -------- d-----w- c:\users\mike\appdata\local\VirtualStore 2012-08-21 12:37:25 33944 ----a-w- c:\program files\mozilla firefox\ScriptFF.dll 2012-08-20 21:21:32 -------- d-----w- c:\users\mike\appdata\local\temp 2012-08-20 21:20:08 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-20 20:45:16 208896 ----a-w- c:\windows\MBR.exe 2012-08-20 20:45:15 98816 ----a-w- c:\windows\sed.exe 2012-08-20 20:45:15 518144 ----a-w- c:\windows\SWREG.exe 2012-08-20 20:45:15 256000 ----a-w- c:\windows\PEV.exe 2012-08-20 16:39:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-08 20:05:24 5120 ----a-w- c:\windows\system32\wmi.dll 2012-08-08 20:05:24 172032 ----a-w- c:\windows\system32\wintrust.dll 2012-08-08 20:05:24 157696 ----a-w- c:\windows\system32\imagehlp.dll 2012-08-08 20:05:24 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-08-08 19:22:12 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-08-08 19:22:07 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-08-08 19:22:07 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-08 19:22:03 680448 ----a-w- c:\windows\system32\msvcrt.dll 2012-08-08 19:19:47 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2012-08-08 19:19:46 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2012-08-08 19:19:46 238080 ----a-w- c:\windows\system32\oleacc.dll 2012-08-08 19:19:45 563712 ----a-w- c:\windows\system32\oleaut32.dll 2012-08-08 19:19:23 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2012-08-08 19:19:21 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax 2012-08-08 19:19:21 293376 ----a-w- c:\windows\system32\psisdecd.dll 2012-08-08 19:19:21 217088 ----a-w- c:\windows\system32\psisrndr.ax 2012-08-08 19:19:20 57856 ----a-w- c:\windows\system32\MSDvbNP.ax 2012-08-08 19:19:06 2048 ----a-w- c:\windows\system32\tzres.dll 2012-08-08 19:17:59 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2012-08-08 19:17:54 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll 2012-08-08 19:17:54 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll 2012-08-08 19:17:50 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-08-08 19:17:45 377344 ----a-w- c:\windows\system32\winhttp.dll 2012-08-08 19:17:39 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-08-08 19:17:39 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-08-08 19:17:10 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll 2012-08-08 19:17:01 49152 ----a-w- c:\windows\system32\csrsrv.dll 2012-08-08 19:16:56 739328 ----a-w- c:\windows\system32\inetcomm.dll 2012-08-08 19:16:50 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-08-08 19:16:50 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-08-08 19:16:47 376320 ----a-w- c:\windows\system32\winsrv.dll 2012-08-08 19:16:44 66560 ----a-w- c:\windows\system32\packager.dll 2012-08-08 19:16:33 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-08-08 19:02:54 278528 ----a-w- c:\windows\system32\schannel.dll 2012-08-08 19:02:52 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-08-08 19:02:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2012-08-08 19:02:51 72704 ----a-w- c:\windows\system32\secur32.dll 2012-08-08 19:02:51 204288 ----a-w- c:\windows\system32\ncrypt.dll 2012-08-08 19:02:50 9728 ----a-w- c:\windows\system32\lsass.exe 2012-08-08 19:02:07 707584 ----a-w- c:\program files\common files\system\wab32.dll 2012-08-08 18:42:40 146872 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-08-07 16:43:58 -------- d-----w- c:\users\mike\appdata\roaming\Malwarebytes 2012-08-07 16:43:39 -------- d-----w- c:\programdata\Malwarebytes 2012-08-07 16:43:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-07 16:43:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-07-27 20:51:30 184248 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll 2012-07-27 20:51:30 184248 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll . ==================== Find3M ==================== . 2012-08-14 19:26:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-14 19:26:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-28 11:37:42 916992 ----a-w- c:\windows\system32\wininet.dll 2012-06-28 11:32:02 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-06-28 11:31:38 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-28 11:31:23 71680 ----a-w- c:\windows\system32\iesetup.dll 2012-06-28 11:31:23 109056 ----a-w- c:\windows\system32\iesysprep.dll 2012-06-28 09:59:23 385024 ----a-w- c:\windows\system32\html.iec 2012-06-28 08:19:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-28 08:17:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-22 11:58:12 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-06-22 11:55:18 206784 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-06-22 11:53:56 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-06-22 11:53:48 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-06-22 11:52:38 554048 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-06-22 11:51:46 360792 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-06-22 11:51:16 61912 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2012-06-22 11:50:56 230224 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-06-22 11:50:24 127992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-06-07 00:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 16:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 10:43:36.06 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . MicrosoftÆ Windows Vistaô Home Basic Boot Device: \Device\HarddiskVolume2 Install Date: 7/22/2009 9:49:02 PM System Uptime: 8/21/2012 10:32:11 AM (0 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 224 GiB total, 79.586 GiB free. D: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Deskjet F4500 series Device ID: ROOT\IMAGE\0000 Manufacturer: HP Name: Deskjet F4500 series PNP Device ID: ROOT\IMAGE\0000 Service: StillCam . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Deskjet F4500 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Deskjet F4500 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) µTorrent 32 Bit HP CIO Components Installer 7-Zip 9.10 beta AC3Filter (remove only) Acrobat.com Adobe AIR Adobe Anchor Service CS4 Adobe Bridge CS4 Adobe CMaps CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 Professional Adobe Flash CS4 STI-en Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Importer Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Reader X (10.1.4) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Shockwave Player 11.6 Adobe Type Support CS4 Adobe Update Manager CS4 Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Akamai NetSession Interface Akamai NetSession Interface Service Amazon Links Any Video Converter 2.7.9 Apple Application Support Apple Mobile Device Support Apple Software Update AVS Audio Converter version 6.2 AVS Update Manager 1.0 AVS4YOU Software Navigator 1.4 Bonjour BufferChm Canon MP560 series MP Drivers CD/DVD Drive Acoustic Silencer Compatibility Pack for the 2007 Office system Connect DJ_AIO_06_F4500_SW_MIN DVD MovieFactory for TOSHIBA ERUNT 1.1j F4500 FreeRIP v3.40 Google Chrome Google Desktop Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 HP Photosmart C4700 All-In-One Driver 13.0 Rel .6 HPPhotoGadget Intel® Graphics Media Accelerator Driver IntelÆ Matrix Storage Manager iTunes Java Auto Updater Java 6 Update 31 Java 6 Update 6 kuler Malwarebytes Anti-Malware version 1.62.0.1300 McAfee AntiVirus Plus McAfee Security Scan Plus Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft XML Parser Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network PDF Settings CS4 Pearson LockDown Browser Photoshop Camera Raw Picasa 3 Pixel Bender Toolkit PS_AIO_06_C4700_SW_Min QuickBooks Financial Center QuickTime Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek High Definition Audio Driver REALTEK RTL8187B Wireless LAN Driver Realtek USB 2.0 Card Reader Realtek WiFi Protected Setup Library Respondus LockDown Browser Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Windows Media Encoder (KB2447961) Security Update for Windows Media Encoder (KB954156) Security Update for Windows Media Encoder (KB979332) Shared C Run-time for x86 Sothink SWF Decompiler Suite Shared Configuration CS4 swMSM Synaptics Pointing Device Driver Toolbox TOSHIBA Assist TOSHIBA ConfigFree TOSHIBA Desktop Links TOSHIBA Disc Creator TOSHIBA DVD PLAYER TOSHIBA Extended Tiles for Windows Mobility Center TOSHIBA Hardware Setup TOSHIBA Recovery Disc Creator Toshiba Registration TOSHIBA Service Station TOSHIBA Speech System Applications TOSHIBA Speech System SR Engine(U.S.) Version1.0 TOSHIBA Speech System TTS Engine(U.S.) Version1.0 TOSHIBA Supervisor Password TOSHIBA Value Added Package TurboTax 2011 TurboTax 2011 WinPerFedFormset TurboTax 2011 WinPerReleaseEngine TurboTax 2011 WinPerTaxSupport TurboTax 2011 wrapper Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) WebReg WildTangent Games Windows Media Encoder 9 Series Windows Media Player Firefox Plugin Xvid 1.2.2 final uninstall Yahoo! Detect ZipCentral 4.01 . ==== Event Viewer Messages From Past Week ======== . 8/21/2012 9:55:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 8/21/2012 9:55:03 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/21/2012 9:46:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/21/2012 8:43:31 AM, Error: Service Control Manager [7003] - The Telephony service depends the following service: PlugPlay. This service might not be installed. 8/21/2012 8:36:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06} 8/21/2012 10:37:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 8/21/2012 10:34:02 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr Wanarpv6 8/21/2012 10:34:02 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: Netman. This service might not be installed. 8/21/2012 10:34:02 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/21/2012 10:34:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 8/21/2012 10:34:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 8/21/2012 10:33:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/21/2012 10:33:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/21/2012 10:27:03 AM, Error: Service Control Manager [7003] - The Windows Media Player Network Sharing Service service depends the following service: UPnPHost. This service might not be installed. 8/21/2012 10:25:49 AM, Error: Service Control Manager [7023] - The WebClient service terminated with the following error: The system cannot find the file specified. 8/21/2012 10:25:49 AM, Error: Service Control Manager [7023] - The seclogon service terminated with the following error: The specified procedure could not be found. 8/21/2012 10:25:40 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 8/20/2012 6:59:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C} 8/20/2012 6:45:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 8/20/2012 5:40:11 PM, Error: Microsoft-Windows-TBS [16392] - An error occurred while starting the TBS. The error code was 0x8007000d. 8/20/2012 5:39:16 PM, Error: Service Control Manager [7003] - The Workstation service depends the following service: NSI. This service might not be installed. 8/20/2012 5:39:16 PM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: PlugPlay. This service might not be installed. 8/20/2012 5:39:16 PM, Error: Service Control Manager [7003] - The Windows Audio Endpoint Builder service depends the following service: PlugPlay. This service might not be installed. 8/20/2012 5:39:16 PM, Error: Service Control Manager [7003] - The Tablet PC Input Service service depends the following service: PlugPlay. This service might not be installed. 8/20/2012 5:39:16 PM, Error: Service Control Manager [7003] - The Network Location Awareness service depends the following service: NSI. This service might not be installed. 8/20/2012 5:39:16 PM, Error: Service Control Manager [7003] - The IP Helper service depends the following service: NSI. This service might not be installed. 8/20/2012 5:39:16 PM, Error: Service Control Manager [7003] - The DHCP Client service depends the following service: NSI. This service might not be installed. 8/20/2012 5:39:16 PM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Windows Audio Endpoint Builder service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/20/2012 5:32:30 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/20/2012 5:30:16 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/20/2012 5:27:21 PM, Error: Service Control Manager [7024] - The ReadyBoost service terminated with service-specific error 0 (0x0). 8/20/2012 5:27:21 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: Operation aborted 8/20/2012 5:27:21 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Workstation service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion. 8/20/2012 5:17:39 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/20/2012 4:45:23 PM, Error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 3 time(s). 8/20/2012 4:36:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mfevtp service. 8/20/2012 4:21:22 PM, Error: Service Control Manager [7034] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 3 time(s). 8/20/2012 4:21:02 PM, Error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 3 time(s). 8/20/2012 4:20:28 PM, Error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 2 time(s). 8/20/2012 4:19:55 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/20/2012 4:19:27 PM, Error: Service Control Manager [7031] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/20/2012 4:18:12 PM, Error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s). 8/20/2012 4:17:09 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/20/2012 4:17:09 PM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/20/2012 4:17:09 PM, Error: Service Control Manager [7031] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/20/2012 4:15:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service. 8/19/2012 8:41:25 PM, Error: EventLog [6008] - The previous system shutdown at 8:20:35 PM on 8/19/2012 was unexpected. 8/19/2012 7:48:09 PM, Error: Service Control Manager [7003] - The Virtual Disk service depends the following service: PlugPlay. This service might not be installed. 8/19/2012 7:48:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service vds with arguments "" in order to run the server: {7D1933CB-86F6-4A98-8628-01BE94C9A575} 8/18/2012 6:18:29 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The system cannot find the path specified. 8/18/2012 6:17:01 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 8/18/2012 6:16:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 8/18/2012 6:16:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 8/18/2012 6:16:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 8/18/2012 6:15:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service. 8/18/2012 11:37:15 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 00225FCC8F09 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message). 8/17/2012 5:48:44 AM, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File =========================== After finishing the scans, Malwarebytes pops up and says that its file were corrupted and did I want a download, I said yes and the datatbase was successfully updated from version v0.00.00.00 to version v2012.08.21.08. This was while still in safe mode. It did a scan on its own after the download and here is the result. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.21.08 Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking) Internet Explorer 8.0.6001.19298 Mike :: SATELLITE [administrator] Protection: Disabled 8/21/2012 10:50:02 AM mbam-log-2012-08-21 (10-50-02).txt Scan type: Custom scan (c:\programdata\microsoft\windows\start menu\programs\maintenance\backup and restore center.lnk|) Scan options enabled: File System | Heuristics/Shuriken | PUP | PUM Scan options disabled: Memory | Startup | Registry | Heuristics/Extra | P2P Objects scanned: 1 Time elapsed: 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) There was aso a strange notepad that opened entitled Microsoft Office Word 2007 but in a notepad that poped up after the scan as well: L ¿ FÕP ¡ P‡O– Í:i¢ÿ +00ù /C:\ Ñ 1 Ì@Æà PROGRA~1 l ôÆb5QZÌ@Æà& < B P r o g r a m F i l e s @ s h e l l 3 2 . d l l , - 2 1 7 8 1 b 1 Ó:KA MICROS~3 J ôÆÓ:‡@Ó:KA& ı- M i c r o s o f t O f f i c e R 1 ê>wk Office12 : ôÆÓ:‡@ê>wk& . O f f i c e 1 2 Z 2 h= =ëà WINWORD.EXE @ ôÆ =ëàN=A8& ƒ W I N W O R D . E X E } C r e a t e a n d e d i t p r o f e s s i o n a l - l o o k i n g d o c u m e n t s s u c h a s l e t t e r s , p a p e r s , r e p o r t s , a n d b o o k l e t s b y u s i n g M i c r o s o f t O f f i c e W o r d . H . . \ . . \ . . \ . . \ . . \ . . \ . . \ P r o g r a m F i l e s \ M i c r o s o f t O f f i c e \ O f f i c e 1 2 \ W I N W O R D . E X E H C : \ W i n d o w s \ I n s t a l l e r \ { 9 1 1 2 0 0 0 0 - 0 0 2 F - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } \ w o r d i c o n . e x e ‡w_1^VW!!!!!!!!!MKKSkWORDFiles>tW{~$4Q]c@5d1`,xaTO5 w _ 1 ^ V W ! ! ! ! ! ! ! ! ! M K K S k W O R D F i l e s > t W { ~ $ 4 Q ] c @ 5 d 1 ` , x a T O 5 ‡%SystemRoot%\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe % S y s t e m R o o t % \ I n s t a l l e r \ { 9 1 1 2 0 0 0 0 - 0 0 2 F - 0 0 0 0 - 0 0 0 0 - 0 0 0 0 0 0 0 F F 1 C E } \ w o r d i c o n . e x e I also presumed that you wanted me to reboot into normal mode to see how system was, so I am in normal mode now and I still do not have proper network icon or connection status, still showing limited in network dialogue, but I do have internet connectivity and drives are recognized. I still cannot run (as I tested to see from last time trying) FSS as an admin, it errors and says the specifeied service does not exist as an installed service. I also tried control panel and attempted to start windows defender and it errored, Application failed to initialize: 0x800106ba again. McAfee appears to working normally and on start up, but Malwarebytes did not, and will not start manually either even though apparently running fine in safe mode when selected form desktop icon I get error, the specified service does not exist as an installed service.