TechSpot

McAfee real time scan will not stay on

By Abremylin
Aug 22, 2011
  1. Problem description:

    After suspected infection system periodically exhibited no internet traffic being allowed to even the LAN-router (192.168.1.1). All browsers and tracert returned RTOs. Ping would only ack from 192.168.1.1 and self loop. DNS would propagate IPs however packets would RTO.

    Mcaffee RTS would constantly alert to "not running". Firewall activity from router to OS / AV software firewalls all remain active but ineffective on altering symptoms when disabled in any combination.

    Downloaded alternate AV - (F-Prot) - to verify AV cleaning. Also ran several Malware cleanings, included the latest.

    I have ran several virus and malware cleanings in everything from safemode to normal mode depening on what "seemed best" in terms of the cleaning process.

    I eventually found that I could obtain internet connectivity for a limited time (2-4 days) after performing a system restore to a point just before .net 4 was installed automatically by winupdate. It seemed that once .net 4 deployed the system started going to **** and there was no connectivity as above, with Mcaffee RTS being disabled.

    I am now at the point where it seems even the sys restore files are possibly infected or there is another "masked piece" of malware that is continuing to propagate. I have looked over the below post and have included it here as a reference as it appears to be similar in nature.

    Let me know how best to proceed - PLEASE!?

    Related thread:

    http://www.techspot.com/vb/topic165201.html

    Log paste:


    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7482

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    8/22/2011 9:37:44 AM
    mbam-log-2011-08-22 (09-37-44).txt

    Scan type: Quick scan
    Objects scanned: 166889
    Time elapsed: 5 minute(s), 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-08-22 10:42:31
    Windows 6.0.6002 Service Pack 2
    Running: GMER.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ccd6768
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ccd6768 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Owner\AppData\Local\Temp\~DF43B9.tmp 16384 bytes
    File C:\Users\Owner\AppData\Local\Temp\~DF43C4.tmp 512 bytes

    ---- EOF - GMER 1.0.15 ----



    .
    DDS (Ver_2011-06-23.01) - NTFSAMD64
    Internet Explorer: 7.0.6002.18005
    Run by Owner at 10:50:46 on 2011-08-22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8189.5220 [GMT -8:00]
    .
    AV: F-PROT Antivirus for Windows *Enabled/Outdated* {31B7FFC6-2716-5A4E-528D-32786E690ED2}
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\RAVCpl64.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Alienware\AlienFX\AlienwareAlienFXController.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Alienware\AlienFX\AlienFXHook32Mngr.exe
    C:\Program Files\Alienware\AlienFX\AlienFXHook64Mngr.exe
    C:\Windows\splwow64.exe
    C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\System32\mobsync.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.fnbalaska.com/96.cfm
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514162900.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" resetprofile
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup
    StartupFolder: C:\Users\Owner\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files (x86)\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: %SYSTEMROOT%\system32\BfLLR.dll
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: DhcpNameServer = 209.112.128.2 204.17.139.2
    TCP: Interfaces\{2DE2A9F3-7D40-4E0F-9C12-1699300379AE} : DhcpNameServer = 209.112.128.2 204.17.139.2
    TCP: Interfaces\{4F837D69-063B-4AD3-AD46-C7B4AF461873} : DhcpNameServer = 209.112.128.2 204.17.139.2
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514162900.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [(Default)]
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [F-PROT Antivirus Tray application] C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 FPAV_RTP;FPAV_RTP;C:\Windows\system32\DRIVERS\FPAV_RTP.sys --> C:\Windows\system32\DRIVERS\FPAV_RTP.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-5-26 467968]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 FPAVServer;F-PROT Antivirus for Windows system;C:\Program Files (x86)\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2010-11-3 83624]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-27 366640]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-7-27 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-7-27 355440]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-7-27 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-7-27 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-7-27 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-7-27 149032]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-12-16 386344]
    R2 X5XSEx;X5XSEx;C:\Program Files (x86)\Free Ride Games\X5XSEx.sys [2011-3-28 55328]
    R3 BfEdgeVx64;Bigfoot Networks Killer Ethernet Service;C:\Windows\system32\DRIVERS\VEdgeA64.sys --> C:\Windows\system32\DRIVERS\VEdgeA64.sys [?]
    R3 BFNVis64;Bigfoot Networks Killer Gaming Service;C:\Windows\system32\DRIVERS\XenoVa64.sys --> C:\Windows\system32\DRIVERS\XenoVa64.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 136176]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-18 89920]
    .
    =============== Created Last 30 ================
    .
    2011-08-11 12:59:54 -------- d-----w- C:\Users\Owner\AppData\Roaming\Tropico 4 Demo
    2011-08-10 03:34:35 -------- d-----w- C:\Users\Owner\AppData\Local\Apple Computer
    2011-08-08 04:41:41 -------- d-----w- C:\Users\Owner\AppData\Local\ArmA 2 Free
    2011-08-08 03:00:35 -------- d-----w- C:\Users\Owner\AppData\Local\PokerStars.NET
    2011-08-08 02:59:12 -------- d-----w- C:\Program Files (x86)\PokerStars.NET
    2011-08-08 01:45:31 -------- d-----w- C:\Program Files\Common Files\INCA Shared
    2011-08-05 20:26:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2011-08-05 20:26:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2011-08-05 20:26:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2011-08-05 20:26:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2011-08-05 20:26:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2011-08-05 20:26:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2011-08-05 20:26:22 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2011-08-01 22:20:28 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
    2011-07-29 18:42:55 -------- d-----w- C:\PFiles
    2011-07-27 23:26:17 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-27 23:26:13 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-27 19:31:47 -------- d-----w- C:\Users\Owner\AppData\Roaming\FRISK Software
    2011-07-27 19:22:20 836696 ----a-w- C:\Windows\System32\drivers\FPAV_RTP.sys
    2011-07-27 19:22:18 -------- d-----w- C:\ProgramData\FRISK Software
    2011-07-27 19:22:18 -------- d-----w- C:\Program Files (x86)\FRISK Software
    2011-07-26 06:49:59 -------- d-----w- C:\Users\Owner\AppData\Local\CrashRpt
    2011-07-26 06:49:59 -------- d-----w- C:\Users\Owner\AppData\Local\Arktos
    .
    ==================== Find3M ====================
    .
    2011-07-06 02:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-07-06 02:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-07-05 16:04:36 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-27 23:14:18 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2011-06-27 23:14:18 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2011-06-27 23:12:23 281200 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2011-06-02 13:50:04 2764288 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-30 13:32:13 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2011-05-26 23:24:58 31336 ----a-w- C:\Windows\System32\drivers\VEdgeA64.sys
    2011-05-26 23:24:58 157288 ----a-w- C:\Windows\System32\drivers\XenoVa64.sys
    2011-05-26 23:24:52 192616 ----a-w- C:\Windows\System32\BfLLR.dll
    2011-05-26 23:24:50 183400 ----a-w- C:\Windows\SysWow64\BfLLR.dll
    2011-05-26 23:24:50 164456 ----a-w- C:\Windows\System32\xstat.exe
    2011-05-26 23:24:50 155240 ----a-w- C:\Windows\SysWow64\xstat.exe
    .
    ============= FINISH: 10:51:46.34 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 9/17/2009 4:41:30 AM
    System Uptime: 8/19/2011 6:51:24 AM (76 hours ago)
    .
    Motherboard: Dell Inc | | 0C113J
    Processor: Intel(R) Core(TM)2 Quad CPU Q9400 @ 2.66GHz | Socket 775 | 2672/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 75.236 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 7.38 GiB free.
    E: is CDROM (UDF)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP746: 8/10/2011 3:00:14 AM - Windows Update
    RP747: 8/10/2011 5:12:13 PM - Scheduled Checkpoint
    RP748: 8/11/2011 4:54:33 AM - Installed DirectX
    RP749: 8/11/2011 10:12:53 AM - Restore Operation
    RP750: 8/11/2011 10:48:25 AM - Windows Update
    RP751: 8/12/2011 3:00:12 AM - Windows Update
    RP752: 8/13/2011 - Scheduled Checkpoint
    RP753: 8/14/2011 12:00:01 AM - Scheduled Checkpoint
    RP754: 8/15/2011 12:00:01 AM - Scheduled Checkpoint
    RP755: 8/16/2011 12:00:01 AM - Scheduled Checkpoint
    RP756: 8/17/2011 12:00:01 AM - Scheduled Checkpoint
    RP757: 8/17/2011 8:35:57 AM - Restore Operation
    RP758: 8/17/2011 9:15:11 AM - Restore Operation
    RP759: 8/17/2011 4:11:20 PM - Restore Operation
    RP760: 8/18/2011 2:47:53 PM - Restore Operation
    RP761: 8/19/2011 8:04:11 AM - Scheduled Checkpoint
    RP762: 8/20/2011 - Scheduled Checkpoint
    RP763: 8/21/2011 - Scheduled Checkpoint
    RP764: 8/22/2011 - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    µTorrent
    4Story (4STORY)
    7500_7600_7700_Help
    ACE Online EP3-2 2.3.0.3 Full
    Acrobat.com
    Adobe Acrobat 9 Standard - English, Français, Deutsch
    Adobe Acrobat 9.4.5 - CPSID_83708
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.4
    Age of Booty Demo
    Age of Conan - Hyborian Adventures
    AikaOnline
    Alien Swarm
    AlienFX for XPS
    Alliance of Valiant Arms
    Anomaly Warzone Earth Demo
    Apple Application Support
    Apple Software Update
    ArcaniA - Gothic 4 Demo
    ASIO4ALL
    Axis and Allies
    Bandisoft MPEG-1 Decoder
    Battlefield: Bad Company 2
    Be a King 2
    Be Richer
    Big Fish Games: Game Manager
    Bigfoot Networks Dashboard
    Bigfoot Networks Killer Network Manager
    Bing Bar
    Black Prophecy
    Borderlands
    BPD_HPSU
    BPD_Scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    BugBits
    Bulletstorm Demo
    Capitalism II
    Choice Guard
    CyberLink PowerDirector
    CyberLink WaveEditor
    Dark Messiah Might and Magic Single Player
    Dawntide (remove only)
    Defender of the Crown Heroes Live Forever
    Defense Grid: The Awakening
    Dell Getting Started Guide
    Dell Video Chat
    Delve Deeper
    Destinations
    DeviceManagementQFolder
    Diablo II
    DNA
    DocProc
    DocProcQFolder
    Doors of the Mind: Inner Mysteries
    Download Manager 2.3.10
    Dr Lynch Grave Secrets
    Drug Lord 2
    Dungeon Siege 2
    Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.12.00.803
    Earthrise
    Empire Builder - Ancient Egypt
    eSupportQFolder
    F-PROT Antivirus for Windows x64
    Face of Mankind
    Farm Frenzy 3
    Farm Frenzy 3 - Russian Roulette
    Farm Frenzy 3: Russian Roulette
    Fate of the World
    Fax
    Fix-it-up: Kate`s Adventure
    FL Studio 10
    Fraps (remove only)
    Free Ride Games Player
    Freelancer
    Galaxy Online
    GamersFirst LIVE!
    Gazillionaire III v3.04 (remove only)
    GIMP 2.6.6
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Heroes In the Sky
    HOARD
    Hotel Mogul
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Photosmart Essential
    HP Product Assistant
    HP Update
    HPProductAssistant
    HPSSupply
    IL Download Manager
    Impulse
    Island Realms
    Japanese Fonts Support For Adobe Reader 9
    Java Auto Updater
    Java(TM) 6 Update 26
    Java(TM) 6 Update 7
    Junk Mail filter update
    L7500
    Launchpad Enhanced
    Lead and Gold - Gangs of the Wild West
    Left 4 Dead 2 Add-on Support
    Left 4 Dead 2 Demo
    Little Folk of Faery
    Love & Death ™: Bitten ™
    Majesty 2
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Marooned
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Default Manager
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office Live Meeting 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft XML Parser
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Mortal Online
    Mount and Blade: Warband
    MPM
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Namco All-Stars by Namco - Dig Dug
    Nexon Game Manager
    NVIDIA Performance
    NVIDIA PhysX
    OpenAL
    OpenOffice.org 3.0
    Overlord II
    Overlord: Raising Hell
    Pando Media Booster
    Perpetuum
    Pirates of the Burning Sea (English)
    Please choose an option
    PokerStars
    Port Royale 2
    Post Apocalyptic Mayhem
    PowerDVD DX
    Pristontale 3133
    ProductContext
    Project S
    PunkBuster Services
    QualXServ Service Agreement
    QuickBooks
    QuickBooks Pro 2009
    QuickTime
    Rachel's Retreat
    Realms Online version 1.7.2
    Realtek High Definition Audio Driver
    Redemption Cemetery: Curse of the Raven
    Reincarnations: Uncover the Past Collector's Edition
    RETScreen
    RETScreen Version 4
    RISK Factions Demo
    Robin's Quest: A Legend Born
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Sid Meier's Civilization 4
    Sid Meier's Civilization V
    Sins of a Solar Empire
    SlimDX Redistributable (March 2009)
    SmartSound Quicktracks 5
    Solar 2
    SolutionCenter
    Space Colony Demo
    Space Siege Demo
    Star Ruler - Demo
    Star Wars Galaxies
    StarCraft II
    Starport GE v1.0
    Status
    Steam
    Stronghold 2 Deluxe
    SupportSoft Assisted Service
    System Requirements Lab
    Tales of Fantasy
    TaxACT 2009
    TaxACT 2009 Business 1065 Edition
    TaxACT 2010
    TaxACT 2010 Business 1065 Edition
    TeamSpeak 3 Client
    The Battle for Middle-earth (tm) II
    The Island - Castaway
    Toolbox
    Torchlight
    Tradewinds Caravans
    TrayApp
    Two Worlds
    Unity Web Player
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Vindictus
    Virtual Farm
    WebReg
    Winamp
    Winamp Detector Plug-in
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Player Firefox Plugin
    Wings of Prey - Demo
    Wizard101
    World of Zellians: Kingdom Builder ™
    Wurm Online 2.7.4-2655
    Youda Safari
    Youda Survivor
    Zombie Driver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/18/2011 9:51:39 AM, Error: EventLog [6008] - The previous system shutdown at 9:36:03 AM on 8/18/2011 was unexpected.
    8/18/2011 9:10:27 AM, Error: EventLog [6008] - The previous system shutdown at 8:47:30 AM on 8/18/2011 was unexpected.
    8/18/2011 8:37:52 AM, Error: EventLog [6008] - The previous system shutdown at 6:41:03 PM on 8/17/2011 was unexpected.
    8/18/2011 2:45:51 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    8/18/2011 2:43:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
    8/18/2011 2:42:45 PM, Error: Service Control Manager [7022] - The McAfee Network Agent service hung on starting.
    8/18/2011 2:38:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    8/18/2011 2:37:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    8/18/2011 11:55:47 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet Pro L7500 Series with shared resource name HP Officejet Pro L7500 Series. Error 65535. The printer cannot be used by others on the network.
    8/18/2011 11:55:45 AM, Error: EventLog [6008] - The previous system shutdown at 11:53:37 AM on 8/18/2011 was unexpected.
    8/17/2011 9:07:43 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/17/2011 9:07:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    8/17/2011 9:07:09 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    8/17/2011 9:06:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    8/17/2011 9:06:03 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/17/2011 8:30:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0019030269EB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    8/17/2011 8:23:33 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet Pro L7500 Series with shared resource name HP Officejet Pro L7500 Series. Error 2114. The printer cannot be used by others on the network.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================================

    You can't be running two AV programs.
    Assuming you paid for McAfee, please uninstall F-Secure.

    Let's try simple approach to your issue first.
    Uninstall McAfee using this tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
    Install fresh copy.
    Will it stay on?
     
  3. Abremylin

    Abremylin TS Rookie Topic Starter

    Thank you for taking the time to address my issue.

    I have removed F-Prot and used the tool you linked to remove Mcafee. I then reinstalled Mcafee and performed the on screen prompts.

    As a note - as soon as Mcafee was uninstalled I had internet connectivity on the trouble system again; which (thankfully I guess) allowed me to download / install the AV software again.

    During the Mcafee install process Windows also decided it needed various updates and we had a reboot that included 9 updates.

    After the system started it began the "Removing Existing Mcafee Software" routine and in the middle of it suddenly a service cascade of failures happened. Alienware, BTTray, and Mcafee RT virus scan all disabled at once. The Mcafee installer completed its "removal" and required a reboot.

    Rebooted to a stable desktop with internet connection but no AV installed. Windows warning me that there is no AV protecting the system.

    I guess I will try to reinstall Mcafee again. Spank me later if I should have just waited for your reply.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes I want you to try to reinstall McAfee.
     
  5. Abremylin

    Abremylin TS Rookie Topic Starter

    Ok - did that, after disabling Malware bytes. Reboot - everything appears clean.

    Should I just perform a full scan with the AV and Malware bytes and reply?
     
  6. Abremylin

    Abremylin TS Rookie Topic Starter

    well I did the quick scans for both AV and malware - both clean.

    I am going to load test the unit and see if it begins performing normally again.

    Looks like it was just a corrupted Mcafee install, and / or AV conflicts?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very possible because so far your logs look clean.

    Keep me posted.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...