Click.Giftload problem..

**willowdanny** · 2011-05-01, 17:54

Seem to be following a trend here..
Got the infection yesterday, followed by a blue screen. Since then after multiple attempts of getting rid of it using spybot, I have resorted to restoring to factory defaults thinking this may rid me of Click.Giftload, however after reinstalling spybot and running scans, I found it has not fixed it.
Google Chrome/Firefox/IE redirecting, blue-screens and no windows update.
Any help would be great ^,^
Logs;

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Danny at 22:42:57.95 on 01/05/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1621 [GMT 1:00]
.
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\RUNDLL32.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\System32\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\mcafee\msc\mcupdmgr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\McAfee\VIRUSS~1\mcods.exe
C:\Program Files\mcafee\VirusScan\mcvsshld.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\mcafee\msc\mcupdui.exe
C:\Windows\system32\taskeng.exe
c:\program files\mcafee\virusscan\mcinsupd.exe
C:\WINDOWS\System32\wscript.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Danny\Downloads\dds.scr
C:\Users\Danny\Games\World of Warcraft\Launcher.patch.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\program files\mcafee\msk\MskAPBho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
StartupFolder: c:\users\danny\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danny\appdata\roaming\mozilla\firefox\profiles\zteka7lz.default\
FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-31 214664]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-7-31 81920]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\McProxy.exe [2009-7-31 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-7-31 144704]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-1 1153368]
R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-7-31 636144]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-7-31 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-7-31 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-7-31 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-31 40552]
S2 0319101304286005mcinstcleanup;McAfee Application Installer Cleanup (0319101304286005);c:\windows\temp\031910~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\031910~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-31 34248]
.
=============== Created Last 30 ================
.
2011-05-01 21:32:31 -------- d-----w- c:\users\danny\appdata\roaming\Safer Networking
2011-05-01 21:32:12 -------- d-----w- c:\program files\Safer Networking
2011-05-01 21:04:13 -------- d-----w- c:\users\danny\appdata\roaming\Malwarebytes
2011-05-01 21:03:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 21:03:58 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-01 21:03:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 21:03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 20:44:46 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-05-01 20:44:33 -------- d-----w- c:\users\danny\Games
2011-05-01 20:43:30 -------- d-----w- c:\progra~2\Blizzard Entertainment
2011-05-01 20:42:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-01 20:42:09 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-05-01 20:41:48 -------- d-----w- c:\program files\Ventrilo
2011-05-01 20:41:15 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-05-01 20:33:53 -------- d-----w- c:\users\danny\appdata\local\Stardock_Corporation
2011-05-01 20:33:35 -------- d-----w- c:\users\danny\appdata\local\DataSafeOnline
2011-05-01 20:33:19 -------- d-----w- c:\users\danny\appdata\local\PowerDVD DX
2011-05-01 20:33:11 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-01 20:31:07 -------- d-sh--w- C:\System Recovery
2011-05-01 20:30:30 -------- d-----w- c:\users\danny\appdata\local\VirtualStore
2011-05-01 20:28:12 -------- d-----w- c:\users\danny\appdata\roaming\Dell
2011-05-01 19:31:21 -------- d-----w- c:\windows\SMINST
.
==================== Find3M ====================
.
.
============= FINISH: 22:49:29.94 ===============

**Blade81** · 2011-05-06, 18:06

Hi,

Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

**willowdanny** · 2011-05-06, 19:47

Thanks for reply, here is the log you wanted:

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-06 18:45:20
-----------------------------
18:45:20.463 OS Version: Windows 6.0.6001 Service Pack 1
18:45:20.463 Number of processors: 2 586 0x170A
18:45:20.464 ComputerName: DANNY-PC UserName: Danny
18:45:27.258 Initialize success
18:45:32.195 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:45:32.197 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
18:45:32.227 Disk 0 MBR read successfully
18:45:32.229 Disk 0 MBR scan
18:45:32.232 Disk 0 TDL4@MBR code has been found
18:45:32.235 Disk 0 MBR hidden
18:45:32.237 Disk 0 MBR [TDL4] **ROOTKIT**
18:45:32.240 Disk 0 trace - called modules:
18:45:32.244
18:45:32.247 Scan finished successfully
18:46:03.429 Disk 0 MBR has been saved successfully to "C:\Users\Danny\Desktop\MBR.dat"
18:46:03.429 The log file has been saved successfully to "C:\Users\Danny\Desktop\log1.txt"

**Blade81** · 2011-05-06, 20:57

Hi,

Re-Run aswMBR. Click Scan. On completion of the scan click Fix button. Save the log as before and reboot when prompted to do so (if no automatic reboot doesn't occur). Post the log + fresh dds logs in your next reply.

**willowdanny** · 2011-05-06, 22:09

I did what you asked, and here is the log, however I can no longer load up on my main user outside of safe mode without blue screening and restarting

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-06 20:10:06
-----------------------------
20:10:06.157 OS Version: Windows 6.0.6001 Service Pack 1
20:10:06.157 Number of processors: 2 586 0x170A
20:10:06.157 ComputerName: DANNY-PC UserName: Danny
20:10:07.062 Initialize success
20:10:08.840 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:10:08.840 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
20:10:08.902 Disk 0 MBR read successfully
20:10:08.902 Disk 0 MBR scan
20:10:08.918 Disk 0 unknown MBR code
20:10:08.918 Disk 0 scanning sectors +488395120
20:10:08.965 Disk 0 scanning C:\Windows\system32\drivers
20:10:11.991 Service scanning
20:10:13.083 Service mfeavfk01 C:\Windows\System32\Drivers\mfeavfk01.sys **HIDDEN**
20:10:14.066 Disk 0 trace - called modules:
20:10:14.113 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:10:14.128 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84b608e0]
20:10:14.144 3 CLASSPNP.SYS[89fa9745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84bd2028]
20:10:14.175 Scan finished successfully
20:10:26.936 Disk 0 MBR has been saved successfully to "C:\Users\Danny\Desktop\MBR.dat"
20:10:26.952 The log file has been saved successfully to "C:\Users\Danny\Desktop\log2.txt"

**willowdanny** · 2011-05-06, 22:16

And the dds sorry, forgot that one ^,^

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Danny at 21:15:44.98 on 06/05/2011
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_25
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.2513 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Users\Danny\Downloads\dds(1).scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110502100318.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "c:\program files\dell datasafe local backup\components\dsupdate\runhstart.bat"
StartupFolder: c:\users\danny\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\users\danny\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\danny\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\danny\appdata\roaming\mozilla\firefox\profiles\zteka7lz.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\2.0.31005.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-5-2 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2011-5-2 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-5-2 164840]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-2 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-5-2 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-5-2 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-5-2 313288]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-7-31 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-4-6 176128]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-2 271480]
S2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2011-5-2 271480]
S2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-5-2 171168]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-5-1 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-7-31 636144]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-4-6 7774208]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-4-6 242176]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-5-2 55840]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-5-2 152960]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-5-2 52104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-5-2 84264]
.
=============== Created Last 30 ================
.
2011-05-03 09:54:26 -------- d-----w- c:\users\danny\appdata\roaming\Acreon
2011-05-03 09:54:11 -------- d-----w- c:\users\danny\appdata\local\._Revolution_
2011-05-03 08:35:50 -------- d-----w- c:\users\danny\appdata\local\Apps
2011-05-03 08:35:48 -------- d-----w- c:\users\danny\appdata\local\Deployment
2011-05-02 16:54:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-02 14:31:02 -------- d-----w- c:\users\danny\My Backup Files
2011-05-02 09:49:25 -------- d-----w- c:\users\danny\appdata\local\Adobe
2011-05-02 09:03:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-05-02 09:03:18 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2011-05-02 09:03:10 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-05-02 09:03:06 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-05-02 09:03:06 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-05-02 09:03:06 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2011-05-02 09:03:06 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-05-02 09:03:06 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-05-02 09:03:06 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-05-02 09:03:06 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-05-02 09:03:06 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2011-05-02 09:03:06 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-05-01 21:32:31 -------- d-----w- c:\users\danny\appdata\roaming\Safer Networking
2011-05-01 21:32:12 -------- d-----w- c:\program files\Safer Networking
2011-05-01 21:04:13 -------- d-----w- c:\users\danny\appdata\roaming\Malwarebytes
2011-05-01 21:03:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-01 21:03:58 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-01 21:03:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-01 21:03:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-01 20:44:46 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2011-05-01 20:43:30 -------- d-----w- c:\progra~2\Blizzard Entertainment
2011-05-01 20:42:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-01 20:42:09 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-05-01 20:41:48 -------- d-----w- c:\program files\Ventrilo
2011-05-01 20:41:15 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-05-01 20:33:53 -------- d-----w- c:\users\danny\appdata\local\Stardock_Corporation
2011-05-01 20:33:35 -------- d-----w- c:\users\danny\appdata\local\DataSafeOnline
2011-05-01 20:33:19 -------- d-----w- c:\users\danny\appdata\local\PowerDVD DX
2011-05-01 20:33:11 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-01 20:31:07 -------- d-sh--w- C:\System Recovery
2011-05-01 20:30:30 -------- d-----w- c:\users\danny\appdata\local\VirtualStore
2011-05-01 20:28:12 -------- d-----w- c:\users\danny\appdata\roaming\Dell
2011-05-01 19:31:21 -------- d-----w- c:\windows\SMINST
2011-05-01 18:46:38 -------- d-----w- c:\users\danny\appdata\local\SupportSoft
2011-05-01 16:53:48 -------- d-----w- c:\users\danny\appdata\local\ATI
2011-05-01 16:53:42 -------- d-----w- c:\program files\AMD APP
2011-05-01 16:50:28 -------- d-----w- c:\program files\ATI
2011-05-01 16:49:24 -------- d-----w- C:\ATI
2011-05-01 16:43:42 -------- d-----w- C:\AMD
2011-05-01 16:32:30 -------- d-----w- c:\users\danny\Games
.
==================== Find3M ====================
.
2011-04-06 02:07:18 17469952 ----a-w- c:\windows\system32\atioglxx.dll
2011-04-06 02:03:24 147456 ----a-w- c:\windows\system32\atiapfxx.exe
2011-04-06 02:03:14 671744 ----a-w- c:\windows\system32\aticfx32.dll
2011-04-06 01:59:32 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-04-06 01:59:04 393216 ----a-w- c:\windows\system32\atieclxx.exe
2011-04-06 01:58:36 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-04-06 01:57:30 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-04-06 01:57:14 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-04-06 01:57:02 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-04-06 01:56:54 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-04-06 01:56:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-04-06 01:53:34 4307968 ----a-w- c:\windows\system32\atidxx32.dll
2011-04-06 01:42:12 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-04-06 01:42:02 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-04-06 01:38:50 6098432 ----a-w- c:\windows\system32\aticaldd.dll
2011-04-06 01:35:00 4256768 ----a-w- c:\windows\system32\atiumdag.dll
2011-04-06 01:34:16 1912832 ----a-w- c:\windows\system32\atiumdmv.dll
2011-04-06 01:28:00 52736 ----a-w- c:\windows\system32\coinst.dll
2011-04-06 01:26:40 3631616 ----a-w- c:\windows\system32\atiumdva.dll
2011-04-06 01:22:10 258048 ----a-w- c:\windows\system32\atiadlxx.dll
2011-04-06 01:22:00 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-04-06 01:21:50 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-04-06 01:20:52 31232 ----a-w- c:\windows\system32\atiuxpag.dll
2011-04-06 01:20:38 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-04-06 01:20:16 37376 ----a-w- c:\windows\system32\atitmpxx.dll
2011-04-06 01:13:16 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-04-06 01:13:16 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-04-05 21:09:48 59904 ----a-w- c:\windows\system32\OVDecode.dll
2011-04-05 21:09:30 51712 ----a-w- c:\windows\system32\OpenCL.dll
2011-04-05 21:09:08 12385280 ----a-w- c:\windows\system32\amdocl.dll
.
============= FINISH: 21:16:37.07 ===============

**Blade81** · 2011-05-06, 22:43

Hi,

Download this file and place it to your c: root (c:\). Copy C:\Users\Danny\Desktop\MBR.dat file to your c: root, too. When done (and without issues), do this:
Click start->type cmd.exe to make cmd.exe appear on the list, right click it and select 'run as administrator'.
In command prompt that opens up type the following command:
C:\mbr.exe -w 0 C:\MBR.dat

If no issues with steps above reboot and see if you're able to access normal mode.

**Blade81** · 2011-05-12, 14:52

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.

Thread: Click.Giftload problem..

Thread Tools

Display

Click.Giftload problem..

Posting Permissions