Error Starting On Demand Scanner (McAfee)

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Origin on 25th August 2009, 3:53 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 25th August 2009, 11:05 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2696
Windows 5.1.2600 Service Pack 3

8/25/2009 6:51:07 PM
mbam-log-2009-08-25 (18-51-07).txt

Scan type: Quick Scan
Objects scanned: 106192
Time elapsed: 23 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntipPro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Origin on 28th August 2009, 3:38 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31523
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 29th August 2009, 2:42 am

I tried to run the combofix...when I went to the start menu and followed above directions, it told me that it wasn't installed. I re-installed it using previous instructions, except didn't rename it. Is it still ok to run it?

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 29th August 2009, 5:19 pm

Hello.
Yes, it's fine.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 29th August 2009, 8:18 pm

ComboFix 09-08-28.06 - Audrey Chriqui 08/29/2009 15:19.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.111 [GMT -4:00]
Running from: c:\documents and settings\Audrey Chriqui\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1089551744-1120685985-1162132538-1003
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\windows\system32\mdm.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP935\A0084594.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- C:\Combo-Fix
2009-08-25 23:47 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 23:47 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 23:45 . 2009-08-25 23:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 23:45 . 2009-08-25 23:45 -------- d-----w- c:\program files\McAfee.com
2009-08-25 23:35 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 01:13 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Audrey Chriqui\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-18 01:05 . 2009-08-18 01:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-18 01:03 . 2009-08-18 01:03 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-18 01:02 . 2009-08-19 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-18 00:54 . 2009-08-19 22:36 -------- d-----w- C:\downloads
2009-08-18 00:14 . 2009-08-18 00:55 -------- d-----w- c:\documents and settings\Audrey Chriqui\.SunDownloadManager
2009-08-17 02:56 . 2009-08-17 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-08-17 02:52 . 2009-08-17 02:52 -------- d-----w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\Citrix
2009-08-16 06:15 . 2009-07-13 05:42 286880 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-16 04:41 . 2009-08-19 21:12 -------- d-sh--w- c:\windows\Installer
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-08-12 03:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 29th August 2009, 8:19 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 23:18 . 2007-10-31 03:13 -------- d-----w- c:\program files\McAfee
2009-08-25 23:54 . 2007-10-31 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-18 01:12 . 2005-08-16 01:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 02:52 . 2007-11-07 19:59 -------- d-----w- c:\program files\Citrix
2009-08-16 06:11 . 2008-01-26 02:39 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\McAfee
2009-08-16 05:08 . 2006-10-01 02:14 -------- d-----w- c:\program files\iTunes
2009-08-15 23:20 . 2005-08-16 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:08 . 2008-02-22 06:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 14:26 . 2005-04-30 05:39 -------- d-----w- c:\program files\iPod
2009-07-18 14:26 . 2008-02-23 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 14:19 . 2005-04-30 05:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 14:00 . 2009-07-18 14:00 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-03 17:09 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 00:20 . 2006-09-08 17:45 63088 ----a-w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 00:18 . 2009-07-03 00:18 -------- d-----w- c:\program files\Microsoft
2009-07-03 00:17 . 2009-07-03 00:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-03 00:16 . 2008-01-31 01:29 -------- d-----w- c:\program files\Windows Live
2009-07-03 00:12 . 2009-07-03 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 03:09 . 2009-06-05 03:09 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 29th August 2009, 8:19 pm

------- Sigcheck -------

[7] 2004-08-04 08:00 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\$NtServicePackUninstall$\eventlog.dll
[7] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-04-30 06:04 . 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe

2005-06-07 04:46 . 2005-06-07 04:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

2005-04-30 04:54 . 2005-04-11 17:00 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2007-07-28 23:35 . 2007-07-28 23:35 68856 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

2005-11-20 05:50 . 2005-07-08 04:55 49152 c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\bak\hphupd05.exe

2005-02-17 06:11 . 2005-02-17 06:11 49152 c:\program files\Hp\HP Software Update\bak\HPWuSchd2.exe

2003-12-22 13:38 . 2003-12-22 13:38 241664 c:\program files\Hp\hpcoretech\bak\hpcmpmgr.exe

2005-04-30 05:55 . 2005-02-17 21:01 233534 c:\program files\HPQ\Default Settings\bak\cpqset.exe

2005-04-30 05:53 . 2004-12-03 20:24 290816 c:\program files\HPQ\Quick Launch Buttons\bak\EabServr.exe

2005-06-24 19:16 . 2005-06-24 19:16 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

2007-02-18 15:11 . 2006-11-09 20:07 49263 c:\program files\Java\jre1.5.0_10\bin\bak\jusched.exe

2005-04-30 05:39 . 2005-04-30 05:39 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

2005-04-30 05:30 . 2005-02-02 12:11 692316 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe

2005-04-30 05:30 . 2005-02-02 12:12 102492 c:\program files\Synaptics\SynTP\bak\SynTPLpr.exe

2006-12-24 11:43 . 2006-12-01 02:49 4662776 c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe

2004-08-04 08:00 . 2004-08-04 08:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-04 08:00 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

2005-11-20 05:50 . 2005-07-08 04:55 491520 c:\windows\system32\bak\hphmon05.exe

2005-11-24 02:17 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe

.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 29th August 2009, 8:20 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-17 02:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/23/2007 9:32 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\AUDREY~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\AUDREY~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [4/5/2008 9:45 PM 34136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-11-20 04:55]

2009-08-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2009-08-25 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2008-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 29th August 2009, 8:20 pm

------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-29 15:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 29th August 2009, 8:21 pm

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
c:\program files\BUFFALO\Client Manager3\NtCommon\BwcProv.dll

- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************
.
Completion time: 2009-08-29 16:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-29 20:12

Pre-Run: 26,756,845,568 bytes free
Post-Run: 27,131,404,288 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

297 --- E O F --- 2009-08-16 03:50

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 29th August 2009, 10:49 pm

Now open a new notepad file.
Input this into the notepad file:

FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | c:\windows\system32\eventlog.dll

AWF::
c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\bak\hphupd05.exe
c:\program files\Hp\HP Software Update\bak\HPWuSchd2.exe
c:\program files\Hp\hpcoretech\bak\hpcmpmgr.exe
c:\program files\HPQ\Default Settings\bak\cpqset.exe
c:\program files\HPQ\Quick Launch Buttons\bak\EabServr.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Java\jre1.5.0_10\bin\bak\jusched.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Synaptics\SynTP\bak\SynTPEnh.exec:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\bak\hphmon05.exe
c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe

Driver::
pciinfo

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 1:42 am

ComboFix 09-08-29.01 - Audrey Chriqui 08/29/2009 20:48.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.152 [GMT -4:00]
Running from: c:\documents and settings\Audrey Chriqui\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Audrey Chriqui\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCIINFO
-------\Service_pciinfo


((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 00:47 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-08-30 00:47 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- C:\Combo-Fix
2009-08-25 23:47 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 23:47 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 23:45 . 2009-08-25 23:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 23:45 . 2009-08-25 23:45 -------- d-----w- c:\program files\McAfee.com
2009-08-25 23:35 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 01:13 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Audrey Chriqui\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-18 01:05 . 2009-08-18 01:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-18 01:03 . 2009-08-18 01:03 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-18 01:02 . 2009-08-19 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-18 00:54 . 2009-08-19 22:36 -------- d-----w- C:\downloads
2009-08-18 00:14 . 2009-08-18 00:55 -------- d-----w- c:\documents and settings\Audrey Chriqui\.SunDownloadManager
2009-08-17 02:56 . 2009-08-17 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-08-17 02:52 . 2009-08-17 02:52 -------- d-----w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\Citrix
2009-08-16 06:15 . 2009-07-13 05:42 286880 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-16 04:41 . 2009-08-19 21:12 -------- d-sh--w- c:\windows\Installer
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-08-12 03:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 1:43 am

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 23:18 . 2007-10-31 03:13 -------- d-----w- c:\program files\McAfee
2009-08-25 23:54 . 2007-10-31 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-18 01:12 . 2005-08-16 01:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 02:52 . 2007-11-07 19:59 -------- d-----w- c:\program files\Citrix
2009-08-16 06:11 . 2008-01-26 02:39 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\McAfee
2009-08-16 05:08 . 2006-10-01 02:14 -------- d-----w- c:\program files\iTunes
2009-08-15 23:20 . 2005-08-16 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:08 . 2008-02-22 06:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 14:26 . 2005-04-30 05:39 -------- d-----w- c:\program files\iPod
2009-07-18 14:26 . 2008-02-23 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 14:19 . 2005-04-30 05:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 14:00 . 2009-07-18 14:00 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-03 17:09 . 2004-08-04 08:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 00:20 . 2006-09-08 17:45 63088 ----a-w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 00:18 . 2009-07-03 00:18 -------- d-----w- c:\program files\Microsoft
2009-07-03 00:17 . 2009-07-03 00:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-03 00:16 . 2008-01-31 01:29 -------- d-----w- c:\program files\Windows Live
2009-07-03 00:12 . 2009-07-03 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 03:09 . 2009-06-05 03:09 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-30 01:07 . 2009-08-30 01:07 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-29 21:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-29 21:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-29 21:15 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-24 02:17 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
+ 2005-11-20 05:50 . 2005-07-08 04:55 491520 c:\windows\system32\hphmon05.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-24 19:16 . 2005-06-24 19:16 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

2005-04-30 05:39 . 2005-04-30 05:39 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

2005-04-30 05:30 . 2005-02-02 12:11 692316 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe

2005-04-30 05:30 . 2005-02-02 12:12 102492 c:\program files\Synaptics\SynTP\bak\SynTPLpr.exe

2006-12-24 11:43 . 2006-12-01 02:49 4662776 c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe

.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 1:44 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-17 02:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [4/5/2008 9:45 PM 34136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-11-20 04:55]

2009-08-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2009-08-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2008-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 1:44 am

------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-29 21:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
c:\program files\BUFFALO\Client Manager3\NtCommon\BwcProv.dll

- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Completion time: 2009-08-30 21:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 01:37
ComboFix2.txt 2009-08-29 20:13

Pre-Run: 27,179,814,912 bytes free
Post-Run: 27,147,567,104 bytes free

279 --- E O F --- 2009-08-29 21:45

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 30th August 2009, 5:04 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
c:\program files\Synaptics\SynTP\bak\SynTPLpr.exe
c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 6:25 pm

omboFix 09-08-29.01 - Audrey Chriqui 08/30/2009 13:18.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.156 [GMT -4:00]
Running from: c:\documents and settings\Audrey Chriqui\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Audrey Chriqui\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 00:47 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-08-30 00:47 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\eventlog.dll
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- C:\Combo-Fix
2009-08-25 23:47 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 23:47 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 23:45 . 2009-08-25 23:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 23:45 . 2009-08-25 23:45 -------- d-----w- c:\program files\McAfee.com
2009-08-25 23:35 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 01:13 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Audrey Chriqui\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-18 01:05 . 2009-08-18 01:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-18 01:03 . 2009-08-18 01:03 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-18 01:02 . 2009-08-19 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-18 00:54 . 2009-08-19 22:36 -------- d-----w- C:\downloads
2009-08-18 00:14 . 2009-08-18 00:55 -------- d-----w- c:\documents and settings\Audrey Chriqui\.SunDownloadManager
2009-08-17 02:56 . 2009-08-17 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-08-17 02:52 . 2009-08-17 02:52 -------- d-----w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\Citrix
2009-08-16 06:15 . 2009-07-13 05:42 286880 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-16 04:41 . 2009-08-19 21:12 -------- d-sh--w- c:\windows\Installer
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-08-12 03:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 6:26 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 23:18 . 2007-10-31 03:13 -------- d-----w- c:\program files\McAfee
2009-08-25 23:54 . 2007-10-31 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-18 01:12 . 2005-08-16 01:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 02:52 . 2007-11-07 19:59 -------- d-----w- c:\program files\Citrix
2009-08-16 06:11 . 2008-01-26 02:39 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\McAfee
2009-08-16 05:08 . 2006-10-01 02:14 -------- d-----w- c:\program files\iTunes
2009-08-15 23:20 . 2005-08-16 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:08 . 2008-02-22 06:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 14:26 . 2005-04-30 05:39 -------- d-----w- c:\program files\iPod
2009-07-18 14:26 . 2008-02-23 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 14:19 . 2005-04-30 05:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 14:00 . 2009-07-18 14:00 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-03 17:09 . 2004-08-04 08:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 00:20 . 2006-09-08 17:45 63088 ----a-w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 00:18 . 2009-07-03 00:18 -------- d-----w- c:\program files\Microsoft
2009-07-03 00:17 . 2009-07-03 00:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-03 00:16 . 2008-01-31 01:29 -------- d-----w- c:\program files\Windows Live
2009-07-03 00:12 . 2009-07-03 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 03:09 . 2009-06-05 03:09 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-30 17:37 . 2009-08-30 17:37 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-30 15:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-30 15:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-30 15:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-24 02:17 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
+ 2005-11-20 05:50 . 2005-07-08 04:55 491520 c:\windows\system32\hphmon05.exe
.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 6:26 pm

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-24 19:16 . 2005-06-24 19:16 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

2005-04-30 05:39 . 2005-04-30 05:39 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-17 02:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [4/5/2008 9:45 PM 34136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-11-20 04:55]

2009-08-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2009-08-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2008-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 6:27 pm

------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-30 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
c:\program files\BUFFALO\Client Manager3\NtCommon\BwcProv.dll

- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-30 14:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 18:08
ComboFix2.txt 2009-08-30 01:39
ComboFix3.txt 2009-08-29 20:13

Pre-Run: 26,539,192,320 bytes free
Post-Run: 27,127,042,048 bytes free

265 --- E O F --- 2009-08-29 21:45

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 30th August 2009, 8:03 pm

Hello.
Nearly done now.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 9:29 pm

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AIM 6
AIM Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
BUFFALO Client Manager 3
BUM
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Choice Guard
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
Data Fax SoftModem with SmartCP
DYMO Label Software
Easy Internet Sign-up
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.516
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Help and Support
HP Software Update
HP User Guides 0001
HP Wireless Assistant 1.01 A2
ImTOO DVD Copy Express
ImTOO DVD Ripper Platinum 4
InterActual Player
InterVideo WinDVD
iPod for Windows 2005-06-26
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
Java(TM) 6 Update 7
KODAK Gallery Upload Software
LG USB Drivers
LG USB Modem driver
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Live Meeting 2005
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.0 - SE
Nero 7 Essentials
neroxml
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 3
Quick Launch Buttons 5.10 B2
QuickTime
RemoveIT Pro v4 - SE
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Skype™ 4.0
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
V CAST Music
V CAST Music Manager
Verizon Online DSL
Viewpoint Media Player
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip 11.2
Yahoo! Messenger
Zone Deluxe Games

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 30th August 2009, 9:42 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 13
    Java(TM) 6 Update 7
    Viewpoint Media Player

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\Program Files\LimeWire
c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\LimeWire

AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 30th August 2009, 9:54 pm

Limewire is not in my list of programs...(I thought I had previously removed it)

Viewpoint Media player was removed, but the three J2SE's and the 2 java updates wouldn't remove...it gives me an error message saying "error applying transforms. Verify that the specificed transform paths are valid."

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 31st August 2009, 1:26 am

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the items I listed for removal by clicking on them once.

  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 31st August 2009, 2:07 am

The uninstaller found 111 leftover registry items for J2SE runtime update 10...do I check them all? sorry for all of the questions!

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 31st August 2009, 3:34 am

ComboFix 09-08-30.01 - Audrey Chriqui 08/30/2009 22:49.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.159 [GMT -4:00]
Running from: c:\documents and settings\Audrey Chriqui\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Audrey Chriqui\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire.exe

.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 31st August 2009, 3:34 am

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-31 01:55 . 2009-08-31 01:55 -------- d-----w- c:\program files\VS Revo Group
2009-08-30 00:47 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-08-30 00:47 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\eventlog.dll
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- C:\Combo-Fix
2009-08-25 23:47 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 23:47 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 23:45 . 2009-08-25 23:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 23:45 . 2009-08-25 23:45 -------- d-----w- c:\program files\McAfee.com
2009-08-25 23:35 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 01:13 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Audrey Chriqui\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2009-08-18 01:05 . 2009-08-18 01:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-18 01:03 . 2009-08-18 01:03 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-18 01:02 . 2009-08-19 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-18 00:54 . 2009-08-19 22:36 -------- d-----w- C:\downloads
2009-08-18 00:14 . 2009-08-18 00:55 -------- d-----w- c:\documents and settings\Audrey Chriqui\.SunDownloadManager
2009-08-17 02:56 . 2009-08-17 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-08-17 02:52 . 2009-08-17 02:52 -------- d-----w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\Citrix
2009-08-16 06:15 . 2009-07-13 05:42 286880 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-16 04:41 . 2009-08-31 02:26 -------- d-sh--w- c:\windows\Installer
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-08-12 03:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 02:28 . 2005-04-30 05:08 -------- d-----w- c:\program files\Java
2009-08-30 21:50 . 2007-01-23 03:13 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Viewpoint
2009-08-30 21:50 . 2005-08-28 13:22 -------- d-----w- c:\program files\Viewpoint
2009-08-27 23:18 . 2007-10-31 03:13 -------- d-----w- c:\program files\McAfee
2009-08-25 23:54 . 2007-10-31 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-18 01:12 . 2005-08-16 01:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 02:52 . 2007-11-07 19:59 -------- d-----w- c:\program files\Citrix
2009-08-16 06:11 . 2008-01-26 02:39 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\McAfee
2009-08-16 05:08 . 2006-10-01 02:14 -------- d-----w- c:\program files\iTunes
2009-08-15 23:20 . 2005-08-16 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:08 . 2008-02-22 06:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 14:26 . 2005-04-30 05:39 -------- d-----w- c:\program files\iPod
2009-07-18 14:26 . 2008-02-23 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 14:19 . 2005-04-30 05:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 14:00 . 2009-07-18 14:00 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-03 17:09 . 2004-08-04 08:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 00:20 . 2006-09-08 17:45 63088 ----a-w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 00:18 . 2009-07-03 00:18 -------- d-----w- c:\program files\Microsoft
2009-07-03 00:17 . 2009-07-03 00:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-03 00:16 . 2008-01-31 01:29 -------- d-----w- c:\program files\Windows Live
2009-07-03 00:12 . 2009-07-03 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 03:09 . 2009-06-05 03:09 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 31st August 2009, 3:35 am

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-31 03:05 . 2009-08-31 03:05 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-31 01:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-31 01:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-31 01:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-24 02:17 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
+ 2005-11-20 05:50 . 2005-07-08 04:55 491520 c:\windows\system32\hphmon05.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-24 19:16 . 2005-06-24 19:16 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

2005-04-30 05:39 . 2005-04-30 05:39 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 31st August 2009, 3:36 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-17 02:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [4/5/2008 9:45 PM 34136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-11-20 04:55]

2009-08-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2009-08-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2008-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 31st August 2009, 3:36 am

.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-08-30 23:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
c:\program files\BUFFALO\Client Manager3\NtCommon\BwcProv.dll

- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-31 23:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-31 03:29
ComboFix2.txt 2009-08-30 18:10
ComboFix3.txt 2009-08-30 01:39
ComboFix4.txt 2009-08-29 20:13

Pre-Run: 26,944,831,488 bytes free
Post-Run: 26,918,457,344 bytes free

293 --- E O F --- 2009-08-29 21:45

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 31st August 2009, 5:33 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u



This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 31st August 2009, 10:28 pm

It's not letting me run it...it says windows cannot find combofix. Make sure you typed the name correctly then try again...

also since the last combofix scan, my computer is having a hard time connecting to the internet on start up. It takes about 5 minutes of it bouncing on networks before it finally stays on my network.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 1st September 2009, 5:47 pm

Do you have the drivers for your wireless? we can try re-installing them.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 1st September 2009, 6:00 pm

I'm sure I do somewhere, but I'm in the middle of moving and I believe they're packed! It was doing it for some time and then when I ran one of these scans, it worked normally again. Until the last one, I think. Anyway, that part is minor right now, but thanks!!

As to combofix. It's now disappeared from my desktop again. I'll re-download it and try running it through the start, run menu...

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 2nd September 2009, 12:29 am

I re-installed Combofix and did the combofix /u...does that uninstall it? I got a message saying that it is uninstalled. I think the computer is better - other than connecting to the internet, but I'm going to get a new wireless router shortly.

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 2nd September 2009, 1:07 am

Hello.
No need to download it again. The malware is removed.

If Combofix wont uninstall that way, just delete this folder in bold:

C:\Qoobox

and delete combofix.exe from your Desktop.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 2nd September 2009, 1:11 am

it's uninstalled...should I periodically be running the malware, or any other program you had me download?

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Belahzur on 2nd September 2009, 1:12 am

Keep MBAM, it's a good scanner for on demand scanning. Just remember to keep it updated.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Error Starting On Demand Scanner (McAfee)

Post by Audrey on 2nd September 2009, 1:14 am

great! well, thanks so much for all of your help and patience!!

Audrey
Novice
Novice

Posts Posts : 48
Joined Joined : 2009-08-17
OS OS : XP
Points Points : 26770
# Likes # Likes : 0

View user profile

Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum