Malware Defense/BSOD

**az-apache** · 2010-01-09, 15:07

Hello,

I have a situation very similar to the one posted here: http://forums.spybot.info/showthread.php?t=54492

Malware Defense seems is now on my computer. It has disabled all of my anitvirus (McAfee) and spyware protection software (Spybot). My computer now BSOD's inside 60 seconds if I boot in normal mode. Currently I am running in Safe Mode with Networking.

After reading the aforementioned post I attempted to get a Hijack This log to post. When I try to load Hijack This I get the following error "The Windows Installer Service is not available in Safe Mode..."

Where do I start? Please help. And thank you very much.

Got HiJack This installed. Thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:47 AM, on 1/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Dale\Desktop\AntiV\HijackThis.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WinSys2] C:\Windows\system32\startup.exe
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\USB Headsets\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\U-ABIT\uGuru\LaunchuGuru.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [settdebugx.exe] C:\Users\Dale\AppData\Local\Temp\settdebugx.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P3 /q C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZUNCAMCB\CS_25_~1.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\W0G400D5\V_1_~1.SH! C:\Users\Dale\AppData\Local\Temp\TEMPOR~1\Content.SH! C:\Users\Dale\AppData\Local\Temp\TEMPOR~1.SH! C:\Users\Dale\AppData\Local\Temp\History\History.SH! C:\Users\Dale\AppData\Local\Temp\History.SH! C:\Users\Dale\AppData\Local\Temp\Cookies.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\R13BN0MF\1396_1~1.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZ82ON5C\ADSERV~2.SH! C:\Users\Dale\AppData\Local\Temp\Word8.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RG7XTV0X\CS_4_1~1.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\W13VFXNX\1457_1~1.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\CGYG5M7D\INDEX_~1.SH! C:\Users\Dale\AppData\Local\MICROS~1
O4 - HKUS\.DEFAULT\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P3 /q C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\ZUNCAMCB\CS_25_~1.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\W0G400D5\V_1_~1.SH! C:\Users\Dale\AppData\Local\Temp\TEMPOR~1\Content.SH! C:\Users\Dale\AppData\Local\Temp\TEMPOR~1.SH! C:\Users\Dale\AppData\Local\Temp\History\History.SH! C:\Users\Dale\AppData\Local\Temp\History.SH! C:\Users\Dale\AppData\Local\Temp\Cookies.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\R13BN0MF\1396_1~1.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\JZ82ON5C\ADSERV~2.SH! C:\Users\Dale\AppData\Local\Temp\Word8.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\RG7XTV0X\CS_4_1~1.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\W13VFXNX\1457_1~1.SH! C:\Users\Dale\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\CGYG5M7D\INDEX_~1.SH! C:\Users\Dale\AppData\Local\MICROS~1
O4 - Global Startup: Iomega StorCenter.lnk = C:\Program Files\Iomega StorCenter\sohoclient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - d:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.6.108.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - d:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - d:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 11829 bytes

**peku006** · 2010-01-14, 14:15

Hello and

to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop:

Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply

Next Reply

Please reply with:

DDS.txt
Attach.txt

Thanks peku006

**az-apache** · 2010-01-14, 19:00

Thank you
-----

DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Dale at 10:53:11.27 on Thu 01/14/2010
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.5.0_12
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.3070.2300 [GMT -7:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Users\Dale\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [ABIT uGuruIII] c:\program files\u-abit\uguru\LaunchuGuru.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [igndlm.exe] d:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [settdebugx.exe] c:\users\dale\appdata\local\temp\settdebugx.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [WinSys2] c:\windows\system32\startup.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [CTXFIREG] CTxfiReg.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [VolPanel] "c:\program files\creative\usb headsets\volume panel\VolPanlu.exe" /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
dRun: [DelayShred] "c:\program files\mcafee\mshr\shrcl.exe" /p3 /q c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\zuncamcb\cs_25_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\w0g400d5\v_1_~1.sh! c:\users\dale\appdata\local\temp\tempor~1\content.sh! c:\users\dale\appdata\local\temp\tempor~1.sh! c:\users\dale\appdata\local\temp\history\history.sh! c:\users\dale\appdata\local\temp\history.sh! c:\users\dale\appdata\local\temp\cookies.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\r13bn0mf\1396_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\jz82on5c\adserv~2.sh! c:\users\dale\appdata\local\temp\word8.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\rg7xtv0x\cs_4_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\w13vfxnx\1457_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\cgyg5m7d\index_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\5jq62s2d\1544_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\5ug3l6uh\cs_41_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bytyxake\index_~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\4qfzwbf2\kanood~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ifnfcjjz\0329_0~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bpy6leof\ads_2_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\b9xqata4\tt0119~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\4qfzwbf2\genera~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ifnfcjjz\aceuac~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\n1voadl5\in552d~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bv7qe3a1\ads_6_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bv7qe3a1\ads_5_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\2cwar6yu\ads_4_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bv7qe3a1\dnbcom~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\9ts437se\ifr_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bv7qe3a1\ads_3_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\2cwar6yu\11_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\yasmbbft\gummi-~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bv7qe3a1\fail-b~4.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\2cwar6yu\ads_7_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8pn5w4fj\welcom~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\6anuv2ez\dg_spe~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qm1zhw1i\fod_ho~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\zu5ck5ug\fod_ho~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qm1zhw1i\contex~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\6anuv2ez\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\zu5ck5ug\ads_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\72e2ugij\ads_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qm1zhw1i\deltaf~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\h03s0f1l\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ovncph77\10a260~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\9ob6846u\dg_spe~3.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\rwx52e65\radioa~4.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\r5vh35tu\ads_3_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\gs858gry\facts_~1.sh! c:\users\dale\appdata\local\temp\hsperf~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\lhap9ktd\header~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qcdx1xfz\13-tur~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qcdx1xfz\alien-~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\383ovf1y\10-bes~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8tmm5jql\dg_spe~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qcdx1xfz\adunit~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8tmm5jql\adunit~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\383ovf1y\1750_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qcdx1xfz\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\383ovf1y\ads_2_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qcdx1xfz\ads_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\383ovf1y\afe_sp~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qcdx1xfz\review~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\6e5vog0o\dref_h~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\efx0t6vo\cs_38_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\d6uhi00q\index_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\9zsv8eka\zoneit~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\77jkieva\contex~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\692ubbo3\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\77jkieva\button~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\9zsv8eka\794_13~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\9zsv8eka\4125_3~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\eulyw8it\680x18~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bdfawfdz\networ~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\eulyw8it\networ~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\iym3x2y3\index_~3.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\hvuddxmo\1820_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qu41wfej\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\40fkyasv\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\hwidkgaa\dref_h~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8hm75pwk\dref_h~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\jrzmz2rz\ehhowt~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\7vjo2e48\admit-~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\9tojle8a\dg_spe~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8sq1vfoa\ad_728~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\52wjg9iu\adon_7~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\hu1exl7l\prep_c~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\i6bo90c7\devblo~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\i6bo90c7\ads_2_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\5aa1o465\grassh~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\puhai8zz\ads_3_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\7m14l33h\iepngf~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ewgya60d\here_4~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\z27lih7r\tedtal~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\2qiyix65\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ewgya60d\spot_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8ebbxzzd\ifr_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\6e957aiu\2012_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\6e957aiu\ads_2_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8ebbxzzd\ads_8_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\2qiyix65\ads_7_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\2qiyix65\scar%2~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ewgya60d\ads_2_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ssbd5b66\ads.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8ebbxzzd\define~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ewgya60d\ads_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\6e957aiu\the_di~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ewgya60d\displa~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\jdy0lqjg\lawofn~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\s36ht7uy\1@x70_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ssbd5b66\26w693~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ssbd5b66\rjpp78~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\2qiyix65\ads_8_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\z27lih7r\displa~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\z27lih7r\displa~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bw0hq4o7\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\i4o79ohk\ads_3_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\p1cwqlj2\ads_2_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\i4o79ohk\dating~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\i4o79ohk\ads_2_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\i4o79ohk\index_~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\i4o79ohk\ads_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8sidlhui\chi-re~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\p1cwqlj2\frame_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8sidlhui\s2c_du~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bw0hq4o7\famous~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8sidlhui\ke_bla~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bw0hq4o7\tcode3~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\p1cwqlj2\ads_3_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8sidlhui\index_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\p1cwqlj2\adpage~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bw0hq4o7\cs_25_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\i4o79ohk\cs_13_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8sidlhui\cs_9_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\p1cwqlj2\1911_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\bvz5tjx0\cs_25_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qg9vw4rq\1942_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\21tvikog\o_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\tj1mx3tj\ads_5_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\tj1mx3tj\worth-~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qzrl7ymg\ads_4_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\21tvikog\ads_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qzrl7ymg\ads_5_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qe3m7a02\081103~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qe3m7a02\3288_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qe3m7a02\std_ad~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\jxfweygd\delpub~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ap6fyuvb\ads_2_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\d81ufyam\img_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\4ibsrbw4\mvpid-~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\4ibsrbw4\mvp--_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\j8p81uaz\zxivsk~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\j8p81uaz\yu6ban~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\mmh9jju1\d45irc~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\mmh9jju1\pcpmck~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\c4ka9nvm\banner~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ajbctbzv\grab_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\9yk2w1wt\frame_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\l3jgj8h5\152849~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\l3jgj8h5\a-300x~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\88udz80q\tcode3~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\izvvv1xq\join_l~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ghx8y6ze\ig_081~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\834r3187\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ghx8y6ze\adpage~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\l3dx87r6\tpp_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\tdox1r3l\navbar~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\834r3187\jo_spi~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\ghx8y6ze\giftpa~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\834r3187\navbar~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\lfwtjkcn\search~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\vkpp9nt9\1357_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\6mjywmpf\lightb~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qpxfqnxo\x-578-~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qpxfqnxo\csshov~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qpxfqnxo\setcoo~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\lfwtjkcn\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\qpxfqnxo\downlo~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\mkfmjf0s\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\5s5d152a\iforgo~2.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\kbx8co0t\core_i~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\yvlo1exn\forum_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\7b5pvikl\roster~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8hwub91h\ad_728~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\8hwub91h\8322_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\cf1q3va3\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\3n6816z8\pop_1_~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\y5k8z04c\sync_1~1.sh! c:\users\dale\appdata\local\micros~1\windows\tempor~1\content.ie5\o0175yc0\theate~1.sh! c:\users\dale\appdata\local\temp\plugtmp.SH!
dRun: [CtxfiReg] CTXFIREG.exe /FAIL2
dRun: [DevconDefaultDB] c:\windows\system32\READREG /SILENT /FAIL=1
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega storcenter\sohoclient.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - d:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\dale\appdata\roaming\mozilla\firefox\profiles\hoy92zrr.default\
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\dale\appdata\roaming\mozilla\firefox\profiles\hoy92zrr.default\extensions\piclens@cooliris.com\components\cooliris.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPJPI150_12.dll
FF - plugin: c:\program files\java\jre1.5.0_12\bin\NPOJI610.dll
FF - plugin: c:\users\dale\appdata\roaming\mozilla\firefox\profiles\hoy92zrr.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: d:\program files\download manager\npfpdlm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [2007-10-13 21048]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-25 93320]
S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-12-25 359952]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-25 144704]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-9 1153368]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S2 StarWindServiceAE;StarWind AE Service;d:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-9-7 79360]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;d:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2009-11-27 25832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-3-22 21504]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-25 606736]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-25 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-25 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-25 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-25 40552]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2009-9-7 17408]

=============== Created Last 30 ================

2010-01-08 10:50:37 0 d-----w- c:\users\dale\appdata\roaming\FFSJ
2010-01-08 10:43:59 794906 ----a-w- c:\windows\unins000.exe
2010-01-08 10:43:59 4025 ----a-w- c:\windows\unins000.dat
2010-01-08 10:43:59 0 d-----w- c:\windows\system32\FFSJ
2009-12-26 18:15:02 320 ----a-w- c:\windows\system32\filerenamerrer.sys
2009-12-26 16:34:37 224 ----a-w- c:\windows\system32\filerenamerred.sys
2009-12-26 16:34:37 150528 ----a-w- c:\windows\system32\TLBINF32.DLL
2009-12-26 16:34:36 224016 ----a-w- c:\windows\system32\TABCTL32.OCX
2009-12-25 20:27:46 138168 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-25 17:03:21 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-25 16:54:31 13506 ----a-w- c:\windows\system32\Config.MPF
2009-12-25 16:50:54 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-12-25 16:50:54 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-12-25 16:50:54 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-12-25 16:50:49 130424 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-12-25 16:50:30 0 d-----w- c:\program files\common files\McAfee
2009-12-25 16:50:29 0 d-----w- c:\program files\McAfee.com
2009-12-25 16:50:27 0 d-----w- c:\program files\McAfee
2009-12-25 16:47:57 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-12-25 12:59:16 0 d-----w- c:\program files\iPod

==================== Find3M ====================

2010-01-05 00:17:09 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-05 00:17:00 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 10:19:17 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 10:19:17 51200 ----a-w- c:\windows\inf\infpub.dat
2009-11-17 10:19:16 86016 ----a-w- c:\windows\inf\infstor.dat
2009-11-17 10:19:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-17 10:19:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 10:18:35 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 12:31:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 01:21:38 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2009-11-09 01:21:38 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2009-10-29 09:17:42 2048 ----a-w- c:\windows\system32\tzres.dll
2008-03-22 23:48:22 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-15 22:50:31 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-11-28 13:15:08 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2008-11-28 13:24:08 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008112820081129\index.dat

============= FINISH: 10:54:28.06 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/12/2007 3:37:10 PM
System Uptime: 1/13/2010 6:29:47 PM (16 hours ago)

Motherboard: http://www.abit.com.tw/ | | IP35 PRO(P35+ICH9R)
Processor: Intel(R) Core(TM)2 Quad CPU @ 2.40GHz | Socket 775 | 2394/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 140 GiB total, 30.836 GiB free.
D: is FIXED (NTFS) - 1863 GiB total, 1615.34 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 234 GiB total, 28.587 GiB free.
G: is CDROM ()
W: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1062: 12/31/2009 2:50:06 AM - Scheduled Checkpoint
RP1063: 12/31/2009 6:02:32 PM - Windows Update
RP1065: 1/3/2010 1:51:41 PM - Scheduled Checkpoint
RP1066: 1/4/2010 8:59:45 PM - Windows Update
RP1067: 1/6/2010 12:00:03 AM - Scheduled Checkpoint
RP1068: 1/7/2010 12:00:03 AM - Scheduled Checkpoint
RP1069: 1/7/2010 8:07:53 AM - Windows Update
RP1070: 1/8/2010 4:26:11 PM - Scheduled Checkpoint
RP1072: 1/9/2010 5:33:03 AM - Windows Defender Checkpoint

==== Installed Programs ======================

µTorrent
abti uGuru
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player 11
Age of Chivalry
Altap Salamander 2.51
Altitude - Demo
Amazon MP3 Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed
Audiosurf
AutoUpdate
BD Advisor 2.0
Bejeweled 2 Deluxe 1.1.3.2523
Beyond Good and Evil
BioShock
Bonjour
Borderlands
Braid
Call of Duty 4: Modern Warfare
Call of Juarez
Cogs
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Creative Software AutoUpdate
Creative System Information
Creative USB Headsets
Crysis(R)
CuteFTP 8 Home
CuteFTP 8 Professional
D.I.P.R.I.P. Warm Up
Darkest of Days
Dead Space
Defense Grid: The Awakening
DivX Codec
DivX Player
DivX Web Player
Doom 3
Download Manager 2.3.6
Dragon Age: Origins
Dreamfall: The Longest Journey
Droplitz
DVD Flick
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.5.0
DVDFab 6.2.0.5 (11/11/2009)
Elf Bowling: Hawaiian Vacation
Evil Genius
Fallout 3
FarCry 2
File Renamer 6.0
File Splitter and Joiner (FFSJ v3.3)
Fraps
Free Allegiance
FW LiveUpdate
Galactic Bowling
GameSpy Arcade
GameSpy Comrade
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life Deathmatch: Source
Half-Life: Source
HijackThis 2.0.2
Hinterland
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Insurgency
Iomega StorCenter
iTunes
iTunes Library Updater
J2SE Runtime Environment 5.0 Update 12
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JMB36X Raid Configurer
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Juniper Terminal Services Client
King's Bounty: Armored Princess
Left 4 Dead 2 Demo
LG USB Modem driver
Light of Altair
Magic ISO Maker v5.5 (build 0273)
Mass Effect
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Converter Pack
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Organization Chart 2.0
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nation Red
Natural Selection 3.2
Netflix Movie Viewer
NVIDIA Drivers
NVIDIA PhysX
Oblivion
OGA Notifier 2.0.0048.0
On the Rain-Slick Precipice of Darkness, Episode Two
OpenAL
Opposing Force
Osmos
PeerGuardian 2.0
Peggle Deluxe
Peggle Nights
Penny Arcade Adventures: On the Rain-Slick Precipice of Darkness, Episode One
Penny Arcade Adventures: On the Rain-Slick Precipice of Darkness, Episode Two
Penumbra Overture
Penumbra: Black Plague
Penumbra: Requiem
Plants Vs Zombies Demo
PokerStars.net
Portal
Prototype
Psychonauts
PunkBuster Services
Quake
QuickTime
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Rhapsody Player Engine
Seagate*DiscWizard
SeaTools for Windows
Serious Sam HD: The First Encounter
Skype™ 3.6
Snagit 9.1.1
SolveigMM AVI Trimmer
Sound Blaster X-Fi
Source SDK Base
Space Giraffe PC
SPORE™ Creature Creator Trial Edition
Spybot - Search & Destroy
STALKER: Clear Sky
Steam
System Requirements Lab
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
Tales of Monkey Island: Chapter 2 - The Siege of Spinner Cay
Team Fortress 2
Team Fortress 2 Dedicated Server
TextPad 5
The Longest Journey
The Maw
The Rosetta Stone
The Ship
The Witcher
TI Connect 1.6
Torchlight
Total Video Converter 3.14 080930
Ultimate Extras sounds from Microsoft® Tinker™
Unreal Tournament 3
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
V CAST Music with Rhapsody
Vista Codec Package
VLC media player 1.0.0
Wallace and Gromit Ep1: Fright of the Bumblebees
Winamp
WinAVI Video Converter
Windows Sound Schemes
WinRAR archiver
World of Goo
X-COM: UFO Defense
Xfire (remove only)

==== Event Viewer Messages From Past Week ========

1/9/2010 6:48:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/9/2010 5:48:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC mfehidk MPFP NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr Tcpip tdx Wanarpv6
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:46 AM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/9/2010 5:48:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/9/2010 5:48:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/9/2010 5:47:34 AM, Error: EventLog [6008] - The previous system shutdown at 5:45:02 AM on 1/9/2010 was unexpected.
1/9/2010 5:45:02 AM, Error: EventLog [6008] - The previous system shutdown at 5:43:08 AM on 1/9/2010 was unexpected.
1/9/2010 5:06:58 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
1/9/2010 5:06:43 AM, Error: EventLog [6008] - The previous system shutdown at 5:05:07 AM on 1/9/2010 was unexpected.
1/8/2010 3:45:03 PM, Error: EventLog [6008] - The previous system shutdown at 3:42:46 PM on 1/8/2010 was unexpected.
1/13/2010 7:01:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
1/13/2010 6:58:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
1/13/2010 6:58:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/13/2010 6:58:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/13/2010 6:58:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/13/2010 6:58:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/13/2010 6:32:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Services service to connect.
1/13/2010 6:32:43 PM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/13/2010 6:31:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mfehidk spldr Wanarpv6
1/13/2010 6:31:47 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: One or more arguments are invalid
1/13/2010 6:31:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.
1/13/2010 6:31:47 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the wscsvc service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/13/2010 6:31:47 PM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
1/13/2010 6:31:47 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/13/2010 6:31:47 PM, Error: Service Control Manager [7000] - The McAfee Personal Firewall Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

**peku006** · 2010-01-15, 09:58

Hi az-apache

1 - TFC (Temp File Cleaner)

Please download TFC to your desktop
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.

NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

2 - Rkill

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4

Double-click on the Rkill desktop icon to run the tool.
If using Vista, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.

You will need to run the application again if rebooting the computer occurs along the way.

3 - Download and Run Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
- Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
- If an update is found, the program will automatically update itself.
- Press the OK button to close that box and continue.
- Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.

On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

4 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log

Thanks peku006

**az-apache** · 2010-01-15, 14:32

Malwarebytes' Anti-Malware 1.44
Database version: 3568
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18865

1/15/2010 6:27:47 AM
mbam-log-2010-01-15 (06-27-47).txt

Scan type: Full Scan (C:\|D:\|F:\|)
Objects scanned: 460367
Time elapsed: 1 hour(s), 1 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted

successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\settdebugx.exe (Trojan.FakeAlert)

-> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**peku006** · 2010-01-16, 09:40

Hi az-apache

you should run these tools in normal mode

1 - Download and Run ComboFix

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/comb...o-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here.

When finished, it will produce a log for you
Please include the C:\ComboFix.txt in your next reply for further review.

2 - Status Check
Please reply with

1. the ComboFix log(C:\ComboFix.txt)

Thanks peku006

**az-apache** · 2010-01-16, 14:22

I received an immediate BSOD when I rebooted into normal mode. Could not run ComboFix.exe

**peku006** · 2010-01-16, 14:38

Hi az-apache

Please try to run ComboFix in safe mode

Thanks peku006

**az-apache** · 2010-01-16, 14:47

No luck

**peku006** · 2010-01-16, 14:53

Hi az-apache

Download RootRepeal from the following location and save it to your desktop.
Unzip it to your Desktop
Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
Click the OK button
Check the box for your main system drive (Usually C, and Click OK to start the scan

The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

peku006

Thread: Malware Defense/BSOD

Thread Tools

Display

Malware Defense/BSOD

DDS Log Reply

Malware bytes ran -here is the post

No Luck Running in Normal Mode, Immediate BSOD

It will not run in Safe Mode w/Networking

Posting Permissions