Microsoft .NET Framework error message box, won't go away

Posting Guidelines

Before posting, please make sure you have read the forum FAQ. It's there for a reason.

If you do not have spyware or another parasite and just want a check for anything suspicious, do not post that here. Click here for that.

Please do not post your email address or other personal information. Spammers do lurk here and they also operate email harvester bots to scan for email addresses. If a moderator sees that you have posted an email address, it will be removed.

DO NOT POST YOUR LOG FILE INTO SOMEONE ELSE'S TOPIC!

START YOUR OWN TOPIC.

Please stay with your original topic when posting follow up log files.

(4 Pages)
1
2
3
→
Last »

You cannot start a new topic
You cannot reply to this topic

Microsoft .NET Framework error message box, won't go away

#1 azuleno

Advanced Member

Group: Full Member
Posts: 123
Joined: 16-June 04

Post icon Posted 26 September 2009 - 12:02 PM

Some weeks ago, upon restart, an error message window started to open up with the following information:

**Microsoft .NET Framework [error message box]
An unhandled exception has occurred in a component in your application. Click continue and application will ignore this error and attempt to continue.

Object reference not set to an instance of an object

[Details [down arrow]] [Continue] **

The details listed are as follow (see HJT log after the details). Your advice/help to resolve this is deeply appreciated.

***

See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

************** Exception Text **************
System.NullReferenceException: Object reference not set to an instance of an object.
at HP.CUE.Video.PlaybackControl.UpdateProgressBar()
at HP.CUE.Video.PlaybackControl._ProgressTimer_Tick(Object sender, EventArgs e)
at System.Windows.Forms.Timer.OnTick(EventArgs e)
at System.Windows.Forms.Timer.Callback(IntPtr hWnd, Int32 msg, IntPtr idEvent, IntPtr dwTime)

************** Loaded Assemblies **************
mscorlib
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2407
CodeBase: file:///c:/windows/microsoft.net/framework/v1.1.4322/mscorlib.dll
----------------------------------------
hpqimzone
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///C:/Program%20Files/HP/Digital%20Imaging/bin/hpqimzone.exe
----------------------------------------
hpqiface
Assembly Version: 4.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqiface/4.0.0.0__a53cf5803f4c3827/hpqiface.dll
----------------------------------------
System.Windows.Forms
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: file:///c:/windows/assembly/gac/system.windows.forms/1.0.5000.0__b77a5c561934e089/system.windows.forms.dll
----------------------------------------
System.Drawing
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: file:///c:/windows/assembly/gac/system.drawing/1.0.5000.0__b03f5f7f11d50a3a/system.drawing.dll
----------------------------------------
System
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2407
CodeBase: file:///c:/windows/assembly/gac/system/1.0.5000.0__b77a5c561934e089/system.dll
----------------------------------------
hpqcc2
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqcc2/3.0.0.0__a53cf5803f4c3827/hpqcc2.dll
----------------------------------------
hpqutils
Assembly Version: 4.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqutils/4.0.0.0__a53cf5803f4c3827/hpqutils.dll
----------------------------------------
hpqfmrsc
Assembly Version: 4.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqfmrsc/4.0.0.0__a53cf5803f4c3827/hpqfmrsc.dll
----------------------------------------
hpqtray
Assembly Version: 4.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqtray/4.0.0.0__a53cf5803f4c3827/hpqtray.dll
----------------------------------------
hpqovskn
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqovskn/3.0.0.0__a53cf5803f4c3827/hpqovskn.dll
----------------------------------------
hpqthumb
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqthumb/3.0.0.0__a53cf5803f4c3827/hpqthumb.dll
----------------------------------------
hpqimvlt
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqimvlt/3.0.0.0__a53cf5803f4c3827/hpqimvlt.dll
----------------------------------------
hpqimgrc
Assembly Version: 4.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqimgrc/4.0.0.0__a53cf5803f4c3827/hpqimgrc.dll
----------------------------------------
hpqntrop
Assembly Version: 4.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqntrop/4.0.0.0__a53cf5803f4c3827/hpqntrop.dll
----------------------------------------
Interop.hpqcxm08
Assembly Version: 3.0.0.0
Win32 Version: 70.0.170.000
CodeBase: file:///c:/windows/assembly/gac/interop.hpqcxm08/3.0.0.0__a53cf5803f4c3827/interop.hpqcxm08.dll
----------------------------------------
System.Xml
Assembly Version: 1.0.5000.0
Win32 Version: 1.1.4322.2032
CodeBase: file:///c:/windows/assembly/gac/system.xml/1.0.5000.0__b77a5c561934e089/system.xml.dll
----------------------------------------
HPQDocViewer
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///C:/Program%20Files/HP/Digital%20Imaging/bin/HPQDocViewer.EXE
----------------------------------------
LEAD
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead/13.0.0.113__9cf889f53ea9b907/lead.dll
----------------------------------------
LEAD.Wrapper
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.wrapper/13.0.0.113__9cf889f53ea9b907/lead.wrapper.dll
----------------------------------------
LEAD.Windows.Forms
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.windows.forms/13.0.0.113__9cf889f53ea9b907/lead.windows.forms.dll
----------------------------------------
LEAD.Drawing
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.drawing/13.0.0.113__9cf889f53ea9b907/lead.drawing.dll
----------------------------------------
interop.hpqimgr
Assembly Version: 4.0.0.0
Win32 Version: 4.0.0.0
CodeBase: file:///c:/windows/assembly/gac/interop.hpqimgr/4.0.0.0__a53cf5803f4c3827/interop.hpqimgr.dll
----------------------------------------
hpqasset
Assembly Version: 4.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqasset/4.0.0.0__a53cf5803f4c3827/hpqasset.dll
----------------------------------------
hpqmirsc
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///C:/Program%20Files/HP/Digital%20Imaging/bin/hpqmirsc.DLL
----------------------------------------
hpqedit
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqedit/3.0.0.0__a53cf5803f4c3827/hpqedit.dll
----------------------------------------
hpqvideo
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqvideo/3.0.0.0__a53cf5803f4c3827/hpqvideo.dll
----------------------------------------
LEAD.Windows.Forms.DrawingContainer
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.windows.forms.drawingcontainer/13.0.0.113__9cf889f53ea9b907/lead.windows.forms.drawingcontainer.dll
----------------------------------------
hpqmdmr
Assembly Version: 4.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqmdmr/4.0.0.0__a53cf5803f4c3827/hpqmdmr.dll
----------------------------------------
LEAD.Drawing.Imaging.ImageProcessing
Assembly Version: 13.0.0.113
Win32 Version: 13.0.0.113
CodeBase: file:///c:/windows/assembly/gac/lead.drawing.imaging.imageprocessing/13.0.0.113__9cf889f53ea9b907/lead.drawing.imaging.imageprocessing.dll
----------------------------------------
hpqimlib
Assembly Version: 3.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqimlib/3.0.0.0__a53cf5803f4c3827/hpqimlib.dll
----------------------------------------
hpqglutl
Assembly Version: 4.0.0.0
Win32 Version: 065.000.117.000
CodeBase: file:///c:/windows/assembly/gac/hpqglutl/4.0.0.0__a53cf5803f4c3827/hpqglutl.dll
----------------------------------------
interop.hpqvideo
Assembly Version: 4.0.0.0
Win32 Version: 4.0.0.0
CodeBase: file:///c:/windows/assembly/gac/interop.hpqvideo/4.0.0.0__a53cf5803f4c3827/interop.hpqvideo.dll
----------------------------------------

************** JIT Debugging **************
To enable just in time (JIT) debugging, the config file for this
application or machine (machine.config) must have the
jitDebugging value set in the system.windows.forms section.
The application must also be compiled with debugging
enabled.

For example:

<configuration>
<system.windows.forms jitDebugging="true" />
</configuration>

When JIT debugging is enabled, any unhandled exception
will be sent to the JIT debugger registered on the machine
rather than being handled by this dialog.

****

The HJT log is here:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:07 PM, on 9/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\bak\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061110
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061110
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12371 bytes

#2 SWI Support Robot

Helper robot

Group: SWI Bot
Posts: 21,918
Joined: 12-July 06

Posted 29 September 2009 - 12:17 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]

This is an automated message. It does not count as help.

#3 nasdaq

Forum Deity

Group: Global Moderator
Posts: 40,545
Joined: 24-May 04

Posted 03 October 2009 - 08:56 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:

Run Spybot-S&D
Go to the Mode menu , and make sure "Advanced Mode " is selected
On the left hand side, choose Tools -> Resident
Uncheck "Resident TeaTimer " and OK any prompts
Restart your computer.

When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

Please don't forget this step to disable teatimer.

[*]Press Control-Alt-Del to enter the Task Manager.

Click on the Processes tab and end the process identified below:

C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\bak\ehtray.exe <- Why is this second process running from a backup folder. Just stop this one.

Exit the Task Manager when finished.
===

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally.
===

Download: CCleaner (freeware)
http://www.majorgeek...wnload4191.html
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner click the Windows [tab]
The following should be selected by default, if not, please select:
Posted Image

Next: click Options click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Then click Run Cleaner (bottom right) then Exit
*/*

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===

Include a fresh HijackThis log.

Let me know if the problem persists.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please consider Donating ,
see this topic for details. We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 azuleno

Advanced Member

Group: Full Member
Posts: 123
Joined: 16-June 04

Posted 04 October 2009 - 05:26 PM

Hi nasdaq,
As far as I can tell, the problem persists. The error still reads
In the blue bar: Microsoft .NET Framework
In the box: An unhandled exception has occurred in a component in your application. Click continue and application will ignore this error and attempt to continue. Object reference not set to an instance of an object

If I then click [Continue], the box disappears for a fraction of a second and comes back again. If I click on the [Details] button, I still get:
See the end of this message for details on invoking
just-in-time (JIT) debugging instead of this dialog box.

**plus a long string of information which I didn't include here, but essentially looks the same as the original I posted -- let me know if you want me to provide those details.**

I couldn't find the following in the Task manager:
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\bak\ehtray.exe

Here are the requested logs:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:13 PM, on 10/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\bak\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061110
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11947 bytes

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Uninstaller
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
HijackThis 2.0.2
CCleaner (remove only)
COMODO Registry Cleaner 1.0.17.23
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

#5 nasdaq

Forum Deity

Group: Global Moderator
Posts: 40,545
Joined: 24-May 04

Posted 06 October 2009 - 08:48 AM

Please run this tool.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

#6 azuleno

Advanced Member

Group: Full Member
Posts: 123
Joined: 16-June 04

Posted 06 October 2009 - 09:24 PM

hi nasdaq,

I have to tell you that I tried really hard to see where to disable the McAfee antivirus and couldnt find it. Done this before with other PCs with no problem. Your advice "Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon" is accurate but such app wasn't showing on the Tool Bar. Went to C:\Program Files ... all the way to the [outdated] McAfee [which I guess I should had unistalled based on what I have heard about it being a software with 'potential' malware behavior]. Couldnt find anything that will allow me to disable McAfee. So I ran ComboFix like that.. Just to let you know.

Combofix log:

ComboFix 09-10-06.03 - Mayra Soto 10/06/2009 22:02.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.179 [GMT -4:00]
Running from: c:\documents and settings\Mayra Soto\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\15ec36f.msp
c:\windows\Installer\15ec479.msp
c:\windows\Installer\15ec48d.msp
c:\windows\Installer\15ec4a9.msp
c:\windows\Installer\15ec4bc.msp
c:\windows\Installer\15ec4d2.msp
c:\windows\Installer\15ec4e6.msp
c:\windows\Installer\15ec4f9.msp
c:\windows\Installer\15ec50d.msp
c:\windows\Installer\15ec521.msp
c:\windows\Installer\15ec54a.msp
c:\windows\Installer\479af3.msp
c:\windows\Installer\899d8d.msp
c:\windows\Installer\8eb72.msp
c:\windows\Installer\f78216.msp
c:\windows\Installer\f78229.msp
c:\windows\Installer\f7823c.msp
c:\windows\Installer\f78257.msp
c:\windows\Installer\f78269.msp
c:\windows\Installer\f7827e.msp
c:\windows\Installer\f78291.msp
c:\windows\Installer\f782a4.msp
c:\windows\Installer\f782b7.msp
c:\windows\Installer\f782cc.msp
c:\windows\Installer\f782cd.msp
c:\windows\Installer\f782ef.msp
c:\windows\Installer\f78306.msp
c:\windows\kb913800.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-04 22:10 . 2009-10-04 22:10 -------- d-----w- c:\program files\CCleaner
2009-09-26 16:50 . 2009-09-26 16:50 -------- d-----w- c:\program files\Trend Micro
2009-09-14 06:15 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-14 06:15 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-09-14 06:14 . 2008-06-24 16:23 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2009-09-14 06:14 . 2009-06-25 08:17 56320 ------w- c:\windows\system32\dllcache\secur32.dll
2009-09-14 06:14 . 2009-06-12 11:50 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-09-14 06:14 . 2009-06-12 11:50 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-09-14 06:14 . 2009-07-29 04:53 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-09-14 06:14 . 2009-07-29 04:53 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-09-14 06:14 . 2009-06-26 15:59 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-14 06:14 . 2008-07-07 20:32 253952 ------w- c:\windows\system32\dllcache\es.dll
2009-09-14 06:14 . 2009-06-10 14:21 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-09-14 06:09 . 2009-09-14 06:13 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-14 06:05 . 2009-02-10 22:31 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-14 06:05 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-14 06:05 . 2009-03-06 14:00 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-09-14 06:05 . 2009-02-09 10:01 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-09-14 06:05 . 2009-02-06 10:22 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-09-14 06:05 . 2009-02-06 09:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-09-14 06:05 . 2009-02-09 10:01 617984 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-09-14 06:05 . 2009-02-09 10:01 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-09-14 06:05 . 2009-02-09 10:01 715264 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-09-14 06:05 . 2005-07-26 04:20 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-09-14 06:05 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-14 06:05 . 2009-05-07 15:44 344064 ------w- c:\windows\system32\dllcache\localspl.dll
2009-09-14 06:04 . 2008-06-11 06:58 988672 ------w- c:\windows\system32\dllcache\WMNetmgr.dll
2009-09-14 06:04 . 2008-06-11 06:47 96768 ------w- c:\windows\system32\dllcache\logagent.exe
2009-09-14 06:04 . 2009-07-13 14:08 286720 ------w- c:\windows\system32\dllcache\wmpdxm.dll
2009-09-14 06:04 . 2009-07-13 14:08 5537792 ------w- c:\windows\system32\dllcache\wmp.dll
2009-09-14 06:04 . 2008-06-12 14:16 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2009-09-14 06:04 . 2008-06-12 14:16 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2009-09-14 06:04 . 2008-06-12 14:16 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2009-09-14 06:04 . 2008-06-12 14:16 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2009-09-14 06:04 . 2008-06-12 14:16 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-09-14 06:04 . 2008-06-12 14:16 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2009-09-14 06:04 . 2009-07-17 18:55 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-09-14 06:04 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-09-14 06:02 . 2008-08-14 09:51 138368 ------w- c:\windows\system32\dllcache\afd.sys
2009-09-14 06:02 . 2008-06-20 17:41 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2009-09-14 06:01 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-09-14 06:01 . 2008-12-16 12:47 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-09-14 06:01 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-09-14 06:01 . 2009-06-25 18:36 186880 ------w- c:\windows\system32\dllcache\mqtrig.dll
2009-09-14 06:01 . 2009-06-25 18:36 169472 ------w- c:\windows\system32\dllcache\msmqocm.dll
2009-09-14 06:01 . 2009-06-22 11:49 117248 ------w- c:\windows\system32\dllcache\mqtgsvc.exe
2009-09-14 06:01 . 2009-06-25 18:36 517120 ------w- c:\windows\system32\dllcache\mqsnap.dll
2009-09-14 06:01 . 2009-06-25 18:36 123392 ------w- c:\windows\system32\dllcache\mqrtdep.dll
2009-09-14 06:01 . 2009-06-22 11:49 4608 ------w- c:\windows\system32\dllcache\mqsvc.exe
2009-09-14 06:01 . 2009-06-25 18:36 225280 ------w- c:\windows\system32\dllcache\mqoa.dll
2009-09-14 06:01 . 2009-06-22 11:49 19968 ------w- c:\windows\system32\dllcache\mqbkup.exe
2009-09-14 05:59 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-09-14 05:41 . 2009-09-14 05:41 -------- d-----w- c:\documents and settings\Mayra Soto\Application Data\U3
2009-09-13 16:05 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 16:05 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-13 15:55 . 2009-09-13 15:55 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-12 07:05 . 2009-09-12 07:05 -------- d-----w- c:\windows\ServicePackFiles
2009-09-11 23:21 . 2009-10-04 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 23:21 . 2009-09-13 17:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-11 23:09 . 2009-09-11 23:09 -------- d-----w- c:\program files\COMODO
2009-09-11 22:51 . 2009-09-11 22:51 -------- d-----w- c:\documents and settings\Mayra Soto\Application Data\Malwarebytes
2009-09-11 22:51 . 2009-09-11 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-11 22:51 . 2009-09-13 16:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-06 07:03 . 2006-11-11 00:55 -------- d-----w- c:\program files\Microsoft Works
2009-10-04 22:01 . 2006-11-11 00:53 -------- d-----w- c:\program files\BAE
2009-09-13 16:29 . 2008-03-10 22:42 -------- d-----w- c:\program files\eSoftware
2009-09-13 15:59 . 2006-11-15 23:35 77712 ----a-w- c:\documents and settings\Mayra Soto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 02:15 . 2006-12-03 22:33 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-06 02:14 . 2006-11-20 03:25 -------- d-----w- c:\documents and settings\Mayra Soto\Application Data\Corel
2009-09-06 02:14 . 2006-12-03 22:33 88 --sh--r- c:\windows\system32\22F9E0E6EB.sys
2009-08-05 09:11 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2005-08-16 09:18 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-18 16:00 . 2005-08-16 09:18 1509888 ----a-w- c:\windows\system32\shdocvw(2)(2).dll
2009-07-17 18:55 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 18:55 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl(2)(2).dll
2009-07-13 14:08 . 2005-08-16 09:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-11-11 00:24 . 2004-04-01 13:51 1589248 c:\dell\DellHelp\bak\DellHelp.exe
2006-11-11 00:24 . 2008-02-24 02:47 14348 c:\dell\DellHelp\DellHelp.exe

2006-11-07 15:29 . 2006-11-07 15:29 50736 c:\program files\AIM6\bak\aim6.exe
2008-01-03 16:15 . 2008-01-03 16:15 50528 c:\program files\AIM6\aim6.exe

2004-07-27 21:50 . 2004-07-27 21:50 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2004-07-27 21:50 . 2008-02-24 02:47 14348 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

2004-07-27 21:50 . 2004-07-27 21:50 221184 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
2004-07-27 21:50 . 2008-02-24 02:47 14348 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2007-02-08 05:12 . 2007-02-08 05:12 488984 c:\program files\Common Files\logishrd\LComMgr\bak\Communications_Helper.exe
2007-02-08 05:12 . 2008-02-24 02:47 14348 c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

2007-02-06 21:43 . 2007-02-06 21:43 252704 c:\program files\Common Files\logishrd\LComMgr\bak\LVComSX.exe
2007-02-06 21:43 . 2008-02-24 02:47 14348 c:\program files\Common Files\logishrd\LComMgr\LVComSX.exe

2005-10-05 08:12 . 2005-10-05 08:12 94208 c:\program files\Dell\Media Experience\bak\DMXLauncher.exe
2005-10-05 08:12 . 2008-02-24 02:47 14348 c:\program files\Dell\Media Experience\DMXLauncher.exe

2006-02-19 06:41 . 2006-02-19 06:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2006-02-19 06:41 . 2008-02-24 02:47 14348 c:\program files\HP\HP Software Update\HPWuSchd2.exe

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe
2008-03-30 14:36 . 2008-03-30 14:36 267048 c:\program files\iTunes\iTunesHelper.exe

2007-02-08 05:13 . 2007-02-08 05:13 774168 c:\program files\Logitech\QuickCam10\bak\QuickCam10.exe
2007-02-08 05:13 . 2008-02-24 02:47 14348 c:\program files\Logitech\QuickCam10\QuickCam10.exe

2006-11-11 00:52 . 2005-09-26 15:26 110592 c:\program files\McAfee\SpamKiller\bak\MskAgent.exe
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\program files\McAfee\SpamKiller\MskAgent.exe

2006-11-11 00:52 . 2006-11-07 19:49 1121280 c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\program files\McAfee\SpamKiller\MSKDetct.exe

2006-11-11 00:51 . 2005-09-22 23:29 303104 c:\program files\McAfee.com\Agent\bak\mcagent.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\mcagent.exe

2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-06 00:35 14860 c:\program files\McAfee.com\Agent\mcupdate.exe

2006-11-11 00:51 . 2006-01-11 17:05 212992 c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-06 00:35 14860 c:\program files\McAfee.com\Agent\mcupdate.exe

2006-11-11 00:51 . 2006-01-11 17:05 212992 c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\bak\mcupdate.exe

2006-11-11 00:51 . 2005-11-11 22:00 1005096 c:\program files\McAfee.com\Personal Firewall\bak\MpfTray.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Personal Firewall\MpfTray.exe

2006-11-11 00:51 . 2005-07-08 23:18 151552 c:\program files\McAfee.com\VSO\bak\mcmnhdlr.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\mcmnhdlr.exe

2006-11-11 00:51 . 2005-08-10 17:49 163840 c:\program files\McAfee.com\VSO\bak\mcvsshld.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\mcvsshld.exe

2006-11-11 00:51 . 2005-08-12 03:02 53248 c:\program files\McAfee.com\VSO\bak\oasclnt.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\oasclnt.exe

2007-01-19 16:54 . 2007-01-19 16:54 5674352 c:\program files\MSN Messenger\bak\MsnMsgr.Exe

2005-11-30 00:19 . 2005-11-30 00:19 40960 c:\program files\OLYMPUS\OLYMPUS Master\bak\FirstStart.exe
2005-11-30 00:19 . 2008-02-24 02:47 14348 c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe

2005-11-30 00:19 . 2005-11-30 00:19 57344 c:\program files\OLYMPUS\OLYMPUS Master\bak\Monitor.exe
2005-11-30 00:19 . 2008-02-24 02:47 14348 c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe
2008-03-29 03:37 . 2008-03-29 03:37 413696 c:\program files\QuickTime\QTTask.exe

2006-11-15 23:40 . 2006-10-24 21:10 4662776 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

2005-08-16 09:37 . 2005-09-29 19:01 67584 c:\windows\ehome\bak\ehtray.exe
2005-08-16 09:37 . 2008-02-24 02:47 14348 c:\windows\ehome\ehtray.exe

2005-08-16 09:18 . 2004-08-10 10:00 15360 c:\windows\system32\bak\ctfmon.exe
2005-08-16 09:18 . 2004-08-10 10:00 15360 c:\windows\system32\ctfmon.exe

2006-11-11 00:52 . 2005-09-08 10:20 122940 c:\windows\system32\DLA\bak\DLACTRLW.EXE
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\windows\system32\DLA\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2008-02-24 14348]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-02-24 14348]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2008-02-24 14348]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-02-24 14348]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-02-24 14348]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2008-02-24 14348]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-02-24 14348]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-24 14348]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2008-02-24 14348]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2008-02-24 14348]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/20/2007 12:23 AM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-10-07 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2009-09-11 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (MAYRA-Mayra Soto).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-11-11 02:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 22:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-07 22:13
ComboFix-quarantined-files.txt 2009-10-07 02:13

Pre-Run: 45,628,227,584 bytes free
Post-Run: 45,617,229,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

294 --- E O F --- 2009-10-06 07:07

#7 nasdaq

Forum Deity

Group: Global Moderator
Posts: 40,545
Joined: 24-May 04

Posted 07 October 2009 - 09:17 AM

Open notepad and copy/paste the text in the quote box below into it:

Code

AWF::
c:\dell\DellHelp\bak\DellHelp.exe
c:\program files\AIM6\bak\aim6.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
c:\program files\Common Files\logishrd\LComMgr\bak\Communications_Helper.exe
c:\program files\Common Files\logishrd\LComMgr\bak\LVComSX.exe
c:\program files\Dell\Media Experience\bak\DMXLauncher.exe
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Logitech\QuickCam10\bak\QuickCam10.exe
c:\program files\McAfee\SpamKiller\bak\MskAgent.exe
c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe
c:\program files\McAfee.com\Agent\bak\mcagent.exe
c:\program files\McAfee.com\Agent\bak\mcupdate.exe
c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
c:\program files\McAfee.com\Personal Firewall\bak\MpfTray.exe
c:\program files\McAfee.com\VSO\bak\mcmnhdlr.exe
c:\program files\McAfee.com\VSO\bak\mcvsshld.exe
c:\program files\McAfee.com\VSO\bak\oasclnt.exe
c:\program files\MSN Messenger\bak\MsnMsgr.Exe
c:\program files\OLYMPUS\OLYMPUS Master\bak\FirstStart.exe
c:\program files\OLYMPUS\OLYMPUS Master\bak\Monitor.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
c:\windows\ehome\bak\ehtray.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\DLA\bak\DLACTRLW.EXE

Save this as CFScript on your desktop.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a fresh copy of HijackThis.

Let me know what problems persists.

#8 azuleno

Advanced Member

Group: Full Member
Posts: 123
Joined: 16-June 04

Posted 07 October 2009 - 11:58 PM

Hi nasdaq,
I can see there was a 'facelift' on the Spywareinfoforum website.

I was very frustrated since the 'Document Viewer' was still showing, and after multiple attempts to close the window, a new one with the original Microsoft .NET Framework "exception" box still showed up.

Then I learned that something was done recently to the PC. I went back to the first restore point since COMODO cleaner was dowloaded and used, and the problem seems to be solved. I have rebooted a few times and that .NET Framework box doesn't show up. The problem seems to be resolved!

In case you want to take a last look at Combofix and HJT, I ran the Combofix after going to the restore point, followed by HJT. Here are the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:57 AM, on 10/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11540 bytes

QOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQ

ComboFix 09-10-06.04 - Mayra Soto 10/07/2009 23:51.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.194 [GMT -4:00]
Running from: c:\documents and settings\Mayra Soto\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mayra Soto\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.

2009-10-04 22:10 . 2009-10-04 22:10 -------- d-----w- c:\program files\CCleaner
2009-09-26 16:50 . 2009-09-26 16:50 -------- d-----w- c:\program files\Trend Micro
2009-09-14 06:15 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-14 06:15 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-09-14 06:14 . 2008-06-24 16:23 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2009-09-14 06:14 . 2009-06-25 08:17 56320 ------w- c:\windows\system32\dllcache\secur32.dll
2009-09-14 06:14 . 2009-06-12 11:50 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-09-14 06:14 . 2009-06-12 11:50 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-09-14 06:14 . 2009-07-29 04:53 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-09-14 06:14 . 2009-07-29 04:53 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-09-14 06:14 . 2009-06-26 15:59 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-14 06:14 . 2008-07-07 20:32 253952 ------w- c:\windows\system32\dllcache\es.dll
2009-09-14 06:14 . 2009-06-10 14:21 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-09-14 06:09 . 2009-09-14 06:13 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-14 06:05 . 2009-02-10 22:31 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-14 06:05 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-14 06:05 . 2009-03-06 14:00 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-09-14 06:05 . 2009-02-09 10:01 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-09-14 06:05 . 2009-02-06 10:22 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-09-14 06:05 . 2009-02-06 09:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-09-14 06:05 . 2009-02-09 10:01 617984 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-09-14 06:05 . 2009-02-09 10:01 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-09-14 06:05 . 2009-02-09 10:01 715264 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-09-14 06:05 . 2005-07-26 04:20 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-09-14 06:05 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-14 06:05 . 2009-05-07 15:44 344064 ------w- c:\windows\system32\dllcache\localspl.dll
2009-09-14 06:04 . 2008-06-11 06:58 988672 ------w- c:\windows\system32\dllcache\WMNetmgr.dll
2009-09-14 06:04 . 2008-06-11 06:47 96768 ------w- c:\windows\system32\dllcache\logagent.exe
2009-09-14 06:04 . 2009-07-13 14:08 286720 ------w- c:\windows\system32\dllcache\wmpdxm.dll
2009-09-14 06:04 . 2009-07-13 14:08 5537792 ------w- c:\windows\system32\dllcache\wmp.dll
2009-09-14 06:04 . 2008-06-12 14:16 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2009-09-14 06:04 . 2008-06-12 14:16 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2009-09-14 06:04 . 2008-06-12 14:16 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2009-09-14 06:04 . 2008-06-12 14:16 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2009-09-14 06:04 . 2008-06-12 14:16 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-09-14 06:04 . 2008-06-12 14:16 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2009-09-14 06:04 . 2009-07-17 18:55 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-09-14 06:04 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-09-14 06:02 . 2008-08-14 09:51 138368 ------w- c:\windows\system32\dllcache\afd.sys
2009-09-14 06:02 . 2008-06-20 17:41 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2009-09-14 06:01 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-09-14 06:01 . 2008-12-16 12:47 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-09-14 06:01 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-09-14 06:01 . 2009-06-25 18:36 186880 ------w- c:\windows\system32\dllcache\mqtrig.dll
2009-09-14 06:01 . 2009-06-25 18:36 169472 ------w- c:\windows\system32\dllcache\msmqocm.dll
2009-09-14 06:01 . 2009-06-22 11:49 117248 ------w- c:\windows\system32\dllcache\mqtgsvc.exe
2009-09-14 06:01 . 2009-06-25 18:36 517120 ------w- c:\windows\system32\dllcache\mqsnap.dll
2009-09-14 06:01 . 2009-06-25 18:36 123392 ------w- c:\windows\system32\dllcache\mqrtdep.dll
2009-09-14 06:01 . 2009-06-22 11:49 4608 ------w- c:\windows\system32\dllcache\mqsvc.exe
2009-09-14 06:01 . 2009-06-25 18:36 225280 ------w- c:\windows\system32\dllcache\mqoa.dll
2009-09-14 06:01 . 2009-06-22 11:49 19968 ------w- c:\windows\system32\dllcache\mqbkup.exe
2009-09-14 05:59 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-09-14 05:41 . 2009-09-14 05:41 -------- d-----w- c:\documents and settings\Mayra Soto\Application Data\U3
2009-09-13 16:05 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 16:05 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-13 15:55 . 2009-09-13 15:55 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-12 07:05 . 2009-09-12 07:05 -------- d-----w- c:\windows\ServicePackFiles
2009-09-11 23:21 . 2009-10-04 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 23:21 . 2009-09-13 17:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-11 23:09 . 2009-09-11 23:09 -------- d-----w- c:\program files\COMODO
2009-09-11 22:51 . 2009-09-11 22:51 -------- d-----w- c:\documents and settings\Mayra Soto\Application Data\Malwarebytes
2009-09-11 22:51 . 2009-09-11 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-11 22:51 . 2009-09-13 16:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 02:21 . 2007-09-06 00:23 -------- d-----w- c:\program files\MSN Messenger
2009-10-06 07:03 . 2006-11-11 00:55 -------- d-----w- c:\program files\Microsoft Works
2009-10-04 22:01 . 2006-11-11 00:53 -------- d-----w- c:\program files\BAE
2009-09-13 16:29 . 2008-03-10 22:42 -------- d-----w- c:\program files\eSoftware
2009-09-13 15:59 . 2006-11-15 23:35 77712 ----a-w- c:\documents and settings\Mayra Soto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-06 02:15 . 2006-12-03 22:33 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-06 02:14 . 2006-11-20 03:25 -------- d-----w- c:\documents and settings\Mayra Soto\Application Data\Corel
2009-09-06 02:14 . 2006-12-03 22:33 88 --sh--r- c:\windows\system32\22F9E0E6EB.sys
2009-08-05 09:11 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2005-08-16 09:18 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-18 16:00 . 2005-08-16 09:18 1509888 ----a-w- c:\windows\system32\shdocvw(2)(2).dll
2009-07-17 18:55 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 18:55 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl(2)(2).dll
2009-07-13 14:08 . 2005-08-16 09:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-11-11 00:24 . 2004-04-01 13:51 1589248 c:\dell\DellHelp\bak\DellHelp.exe
2006-11-11 00:24 . 2008-02-24 02:47 14348 c:\dell\DellHelp\DellHelp.exe

2006-11-07 15:29 . 2006-11-07 15:29 50736 c:\program files\AIM6\bak\aim6.exe
2008-01-03 16:15 . 2008-01-03 16:15 50528 c:\program files\AIM6\aim6.exe

2004-07-27 21:50 . 2004-07-27 21:50 81920 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
2004-07-27 21:50 . 2008-02-24 02:47 14348 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

2004-07-27 21:50 . 2004-07-27 21:50 221184 c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
2004-07-27 21:50 . 2008-02-24 02:47 14348 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

2007-02-08 05:12 . 2007-02-08 05:12 488984 c:\program files\Common Files\logishrd\LComMgr\bak\Communications_Helper.exe
2007-02-08 05:12 . 2008-02-24 02:47 14348 c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

2007-02-06 21:43 . 2007-02-06 21:43 252704 c:\program files\Common Files\logishrd\LComMgr\bak\LVComSX.exe
2007-02-06 21:43 . 2008-02-24 02:47 14348 c:\program files\Common Files\logishrd\LComMgr\LVComSX.exe

2005-10-05 08:12 . 2005-10-05 08:12 94208 c:\program files\Dell\Media Experience\bak\DMXLauncher.exe
2005-10-05 08:12 . 2008-02-24 02:47 14348 c:\program files\Dell\Media Experience\DMXLauncher.exe

2006-02-19 06:41 . 2006-02-19 06:41 49152 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
2006-02-19 06:41 . 2008-02-24 02:47 14348 c:\program files\HP\HP Software Update\HPWuSchd2.exe

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe
2008-03-30 14:36 . 2008-03-30 14:36 267048 c:\program files\iTunes\iTunesHelper.exe

2007-02-08 05:13 . 2007-02-08 05:13 774168 c:\program files\Logitech\QuickCam10\bak\QuickCam10.exe
2007-02-08 05:13 . 2008-02-24 02:47 14348 c:\program files\Logitech\QuickCam10\QuickCam10.exe

2006-11-11 00:52 . 2005-09-26 15:26 110592 c:\program files\McAfee\SpamKiller\bak\MskAgent.exe
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\program files\McAfee\SpamKiller\MskAgent.exe

2006-11-11 00:52 . 2006-11-07 19:49 1121280 c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\program files\McAfee\SpamKiller\MSKDetct.exe

2006-11-11 00:51 . 2005-09-22 23:29 303104 c:\program files\McAfee.com\Agent\bak\mcagent.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\mcagent.exe

2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-06 00:35 14860 c:\program files\McAfee.com\Agent\mcupdate.exe

2006-11-11 00:51 . 2006-01-11 17:05 212992 c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-06 00:35 14860 c:\program files\McAfee.com\Agent\mcupdate.exe

2006-11-11 00:51 . 2006-01-11 17:05 212992 c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\bak\mcupdate.exe

2006-11-11 00:51 . 2005-11-11 22:00 1005096 c:\program files\McAfee.com\Personal Firewall\bak\MpfTray.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Personal Firewall\MpfTray.exe

2006-11-11 00:51 . 2005-07-08 23:18 151552 c:\program files\McAfee.com\VSO\bak\mcmnhdlr.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\mcmnhdlr.exe

2006-11-11 00:51 . 2005-08-10 17:49 163840 c:\program files\McAfee.com\VSO\bak\mcvsshld.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\mcvsshld.exe

2006-11-11 00:51 . 2005-08-12 03:02 53248 c:\program files\McAfee.com\VSO\bak\oasclnt.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\oasclnt.exe

2005-11-30 00:19 . 2005-11-30 00:19 40960 c:\program files\OLYMPUS\OLYMPUS Master\bak\FirstStart.exe
2005-11-30 00:19 . 2008-02-24 02:47 14348 c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe

2005-11-30 00:19 . 2005-11-30 00:19 57344 c:\program files\OLYMPUS\OLYMPUS Master\bak\Monitor.exe
2005-11-30 00:19 . 2008-02-24 02:47 14348 c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe
2008-03-29 03:37 . 2008-03-29 03:37 413696 c:\program files\QuickTime\QTTask.exe

2006-11-15 23:40 . 2006-10-24 21:10 4662776 c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

2006-11-11 00:52 . 2005-09-08 10:20 122940 c:\windows\system32\DLA\bak\DLACTRLW.EXE
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\windows\system32\DLA\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2008-02-24 14348]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2008-02-24 14348]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2008-02-24 14348]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2008-02-24 14348]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-02-24 14348]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2008-02-24 14348]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-02-24 14348]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-24 14348]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2008-02-24 14348]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2008-02-24 14348]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [4/20/2007 12:23 AM 24652]
.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-10-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]

2009-09-11 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (MAYRA-Mayra Soto).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe [2006-11-11 02:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 00:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2009-10-08 0:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-08 04:16
ComboFix2.txt 2009-10-08 02:36
ComboFix3.txt 2009-10-07 02:13

Pre-Run: 45,594,370,048 bytes free
Post-Run: 45,587,304,448 bytes free

278 --- E O F --- 2009-10-06 07:07

This post has been edited by azuleno: 08 October 2009 - 12:00 AM

#9 nasdaq

Forum Deity

Group: Global Moderator
Posts: 40,545
Joined: 24-May 04

Posted 08 October 2009 - 09:41 AM

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". Read this article: http://www.clickz.co...cle.php/3561546

Additional info: http://vil.nai.com/v...nt/v_137262.htm

I suggest you remove the program now.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player

Viewpoint Toolbar

My previous script was not run correctly or you may have copied the incorrect information that was probably posted in the new program. Please try this again.

Open notepad and copy/paste the text in the quote box below into it:

Code

AWF::
c:\dell\DellHelp\bak\DellHelp.exe
c:\program files\AIM6\bak\aim6.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe
c:\program files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe
c:\program files\Common Files\logishrd\LComMgr\bak\Communications_Helper.exe
c:\program files\Common Files\logishrd\LComMgr\bak\LVComSX.exe
c:\program files\Dell\Media Experience\bak\DMXLauncher.exe
c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Logitech\QuickCam10\bak\QuickCam10.exe
c:\program files\McAfee\SpamKiller\bak\MskAgent.exe
c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe
c:\program files\McAfee.com\Agent\bak\mcagent.exe
c:\program files\McAfee.com\Agent\bak\mcupdate.exe
c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
c:\program files\McAfee.com\Personal Firewall\bak\MpfTray.exe
c:\program files\McAfee.com\VSO\bak\mcmnhdlr.exe
c:\program files\McAfee.com\VSO\bak\mcvsshld.exe
c:\program files\McAfee.com\VSO\bak\oasclnt.exe
c:\program files\MSN Messenger\bak\MsnMsgr.Exe
c:\program files\OLYMPUS\OLYMPUS Master\bak\FirstStart.exe
c:\program files\OLYMPUS\OLYMPUS Master\bak\Monitor.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Yahoo!\Messenger\bak\YAHOOM~1.EXE
c:\windows\ehome\bak\ehtray.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\DLA\bak\DLACTRLW.EXE

Save this as CFScript on your desktop.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log with a fresh copy of HijackThis.

Let me know what problem persists.

#10 azuleno

Advanced Member

Group: Full Member
Posts: 123
Joined: 16-June 04

Posted 08 October 2009 - 02:26 PM

Hi nasdaq,
Trying to comply with Microsoft updates, I updated a few things, and [not sure if related to that] I am getting an "Active Shield-Resource Dll missing message. Please reinstall the application"
This is McAfee's I assume and since it was preinstalled, i have no disks. I also deleted all McAfee from my other PC by suggestion from one of your advisors six months ago or so. Since the antivirus is out of date, I am thinking about installing a 'good' antivirus, but need to delete all McAfee software to prevent conflict.

Fresh HJT log + Combofix log >> as I mentioned in my last post, I just couldn't find a way to deactivate the antivirus. I have done this before, but I just couldn't find the proper file to shut down the AV. Any tips? I think I just ought to remove all McAfee stuff, as I mentioned above.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:33 PM, on 10/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\bak\OasClnt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10795 bytes

OQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQOQ

ComboFix 09-10-07.05 - Mayra Soto 10/08/2009 14:46.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.200 [GMT -4:00]
Running from: c:\documents and settings\Mayra Soto\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mayra Soto\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-09-08 to 2009-10-08 )))))))))))))))))))))))))))))))
.

2009-10-08 05:05 . 2009-10-08 05:05 -------- d-----w- c:\program files\VS Revo Group
2009-10-04 22:10 . 2009-10-04 22:10 -------- d-----w- c:\program files\CCleaner
2009-09-26 16:50 . 2009-09-26 16:50 -------- d-----w- c:\program files\Trend Micro
2009-09-14 06:15 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-09-14 06:15 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-09-14 06:14 . 2008-06-24 16:23 74240 ------w- c:\windows\system32\dllcache\mscms.dll
2009-09-14 06:14 . 2009-06-25 08:17 56320 ------w- c:\windows\system32\dllcache\secur32.dll
2009-09-14 06:14 . 2009-06-12 11:50 80896 ------w- c:\windows\system32\dllcache\tlntsess.exe
2009-09-14 06:14 . 2009-06-12 11:50 76288 ------w- c:\windows\system32\dllcache\telnet.exe
2009-09-14 06:14 . 2009-07-29 04:53 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
2009-09-14 06:14 . 2009-07-29 04:53 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2009-09-14 06:14 . 2009-06-26 15:59 81920 ------w- c:\windows\system32\dllcache\ieencode.dll
2009-09-14 06:14 . 2008-07-07 20:32 253952 ------w- c:\windows\system32\dllcache\es.dll
2009-09-14 06:14 . 2009-06-10 14:21 84992 ------w- c:\windows\system32\dllcache\avifil32.dll
2009-09-14 06:09 . 2009-09-14 06:13 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-09-14 06:05 . 2009-02-10 22:31 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-14 06:05 . 2009-02-06 09:41 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-14 06:05 . 2009-03-06 14:00 284160 ------w- c:\windows\system32\dllcache\pdh.dll
2009-09-14 06:05 . 2009-02-09 10:01 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-09-14 06:05 . 2009-02-06 10:22 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-09-14 06:05 . 2009-02-06 09:54 35328 ------w- c:\windows\system32\dllcache\sc.exe
2009-09-14 06:05 . 2009-02-09 10:01 617984 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-09-14 06:05 . 2009-02-09 10:01 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-09-14 06:05 . 2009-02-09 10:01 715264 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-09-14 06:05 . 2005-07-26 04:20 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-09-14 06:05 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-14 06:05 . 2009-05-07 15:44 344064 ------w- c:\windows\system32\dllcache\localspl.dll
2009-09-14 06:04 . 2008-06-11 06:58 988672 ------w- c:\windows\system32\dllcache\WMNetmgr.dll
2009-09-14 06:04 . 2008-06-11 06:47 96768 ------w- c:\windows\system32\dllcache\logagent.exe
2009-09-14 06:04 . 2009-07-13 14:08 286720 ------w- c:\windows\system32\dllcache\wmpdxm.dll
2009-09-14 06:04 . 2009-07-13 14:08 5537792 ------w- c:\windows\system32\dllcache\wmp.dll
2009-09-14 06:04 . 2008-06-12 14:16 956928 ------w- c:\windows\system32\dllcache\msdtctm.dll
2009-09-14 06:04 . 2008-06-12 14:16 91648 ------w- c:\windows\system32\dllcache\mtxoci.dll
2009-09-14 06:04 . 2008-06-12 14:16 66560 ------w- c:\windows\system32\dllcache\mtxclu.dll
2009-09-14 06:04 . 2008-06-12 14:16 428032 ------w- c:\windows\system32\dllcache\msdtcprx.dll
2009-09-14 06:04 . 2008-06-12 14:16 161792 ------w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-09-14 06:04 . 2008-06-12 14:16 58880 ------w- c:\windows\system32\dllcache\msdtclog.dll
2009-09-14 06:04 . 2009-07-17 18:55 58880 ------w- c:\windows\system32\dllcache\atl.dll
2009-09-14 06:04 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-09-14 06:02 . 2008-08-14 09:51 138368 ------w- c:\windows\system32\dllcache\afd.sys
2009-09-14 06:02 . 2008-06-20 17:41 245248 ------w- c:\windows\system32\dllcache\mswsock.dll
2009-09-14 06:01 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-09-14 06:01 . 2008-12-16 12:47 351232 ------w- c:\windows\system32\dllcache\winhttp.dll
2009-09-14 06:01 . 2009-08-05 09:11 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-09-14 06:01 . 2009-06-25 18:36 186880 ------w- c:\windows\system32\dllcache\mqtrig.dll
2009-09-14 06:01 . 2009-06-25 18:36 169472 ------w- c:\windows\system32\dllcache\msmqocm.dll
2009-09-14 06:01 . 2009-06-22 11:49 117248 ------w- c:\windows\system32\dllcache\mqtgsvc.exe
2009-09-14 06:01 . 2009-06-25 18:36 517120 ------w- c:\windows\system32\dllcache\mqsnap.dll
2009-09-14 06:01 . 2009-06-25 18:36 123392 ------w- c:\windows\system32\dllcache\mqrtdep.dll
2009-09-14 06:01 . 2009-06-22 11:49 4608 ------w- c:\windows\system32\dllcache\mqsvc.exe
2009-09-14 06:01 . 2009-06-25 18:36 225280 ------w- c:\windows\system32\dllcache\mqoa.dll
2009-09-14 06:01 . 2009-06-22 11:49 19968 ------w- c:\windows\system32\dllcache\mqbkup.exe
2009-09-14 05:59 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-09-14 05:41 . 2009-09-14 05:41 -------- d-----w- c:\documents and settings\Mayra Soto\Application Data\U3
2009-09-13 16:05 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 16:05 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-13 15:55 . 2009-09-13 15:55 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-12 07:05 . 2009-09-12 07:05 -------- d-----w- c:\windows\ServicePackFiles
2009-09-11 23:21 . 2009-10-04 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-11 23:21 . 2009-09-13 17:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-11 23:09 . 2009-09-11 23:09 -------- d-----w- c:\program files\COMODO
2009-09-11 22:51 . 2009-09-11 22:51 -------- d-----w- c:\documents and settings\Mayra Soto\Application Data\Malwarebytes
2009-09-11 22:51 . 2009-09-11 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-11 22:51 . 2009-09-13 16:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 18:38 . 2006-11-11 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-08 17:46 . 2006-11-15 23:35 77712 ----a-w- c:\documents and settings\Mayra Soto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 02:21 . 2007-09-06 00:23 -------- d-----w- c:\program files\MSN Messenger
2009-10-06 07:03 . 2006-11-11 00:55 -------- d-----w- c:\program files\Microsoft Works
2009-10-04 22:01 . 2006-11-11 00:53 -------- d-----w- c:\program files\BAE
2009-09-13 16:29 . 2008-03-10 22:42 -------- d-----w- c:\program files\eSoftware
2009-09-06 02:15 . 2006-12-03 22:33 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-06 02:14 . 2006-11-20 03:25 -------- d-----w- c:\documents and settings\Mayra Soto\Application Data\Corel
2009-09-06 02:14 . 2006-12-03 22:33 88 --sh--r- c:\windows\system32\22F9E0E6EB.sys
2009-08-05 09:11 . 2005-08-16 09:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2005-08-16 09:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2005-08-16 09:18 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-18 16:00 . 2005-08-16 09:18 1509888 ----a-w- c:\windows\system32\shdocvw(2)(2).dll
2009-07-17 18:55 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 18:55 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl(2)(2).dll
2009-07-13 14:08 . 2005-08-16 09:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-08_04.01.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-08 18:56 . 2009-10-08 18:56 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-08 18:56 . 2009-10-08 18:56 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2009-10-08 18:56 . 2009-10-08 18:56 16384 c:\windows\temp\Cookies\index.dat
+ 2006-11-11 00:58 . 2007-04-09 17:23 28552 c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
+ 2006-11-11 00:58 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\w32x86\mdiui.dll
+ 2006-11-11 00:58 . 2007-04-09 17:23 46472 c:\windows\system32\spool\drivers\w32x86\3\mdiui.dll
+ 2006-11-11 00:58 . 2007-04-09 17:23 28040 c:\windows\system32\mdimon.dll
+ 2007-03-22 23:17 . 2007-03-22 23:17 35440 c:\windows\system32\FM20ENU.DLL
+ 2008-04-10 07:04 . 2009-10-08 17:29 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 23040 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-10 07:04 . 2009-10-08 17:29 61440 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-04-10 07:04 . 2009-10-08 17:29 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 27136 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-10 07:04 . 2009-10-08 17:29 11264 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-04-10 07:04 . 2009-10-08 17:29 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 12288 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-05 13:20 . 2007-03-05 13:20 61110 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\XSCAN32.DAT
+ 2001-06-05 13:13 . 2001-06-05 13:13 40972 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRVC.DAT
+ 2001-10-23 05:13 . 2001-10-23 05:13 53260 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\OCRHC.DAT
+ 2001-06-05 13:13 . 2001-06-05 13:13 65536 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\LOOKUP.DAT
+ 2001-06-05 13:13 . 2001-06-05 13:13 18844 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\JFONT.DAT
+ 2001-06-05 13:13 . 2001-06-05 13:13 34168 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGIDX.DAT
+ 2003-07-15 03:57 . 2003-07-15 03:57 59960 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\UNBIND.EXE
+ 2002-10-07 14:49 . 2002-10-07 14:49 81983 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWRECS.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 11848 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SMARTTAGINSTALL.EXE
+ 2003-07-15 03:57 . 2003-07-15 03:57 58944 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SEQCHK10.DLL
+ 2003-07-15 03:44 . 2003-07-15 03:44 66616 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SENDTO.DLL
+ 2002-10-07 14:49 . 2002-10-07 14:49 81984 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REVERSE.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 40512 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REFIEBAR.DLL
+ 2003-05-09 02:54 . 2003-05-09 02:54 77824 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\REFEDIT.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 93752 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PP7X32.DLL
+ 2003-07-15 03:43 . 2003-07-15 03:43 49208 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLWAB.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 13888 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\NPOFFICE.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 56888 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\NAME.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 41528 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSSH.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 16384 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPGIMME.DLL
+ 2003-07-15 03:45 . 2003-07-15 03:45 39488 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOXMLMF.DLL
+ 2003-07-15 03:45 . 2003-07-15 03:45 55360 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOXMLED.EXE
+ 2003-07-15 03:46 . 2003-07-15 03:46 42040 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOXEV.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 39488 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSVFBR.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 55872 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSVABW.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 35896 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSV.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 28224 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOSTYLE.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 54328 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOMSE.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 55360 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOHTMED.EXE
+ 2003-07-15 03:44 . 2003-07-15 03:44 25144 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOEURO.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 27704 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSODCW.DLL
+ 2003-07-15 03:52 . 2003-07-15 03:52 17464 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSMH.DLL
+ 2003-07-15 03:51 . 2003-07-15 03:51 87104 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSENCODE.DLL
+ 2003-07-15 03:56 . 2003-07-15 03:56 40504 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSE7.EXE
+ 2003-07-15 04:12 . 2003-07-15 04:12 47872 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSB1XTOR.DLL
+ 2003-07-15 03:41 . 2003-07-15 03:41 13368 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FINDER.EXE
+ 2003-07-15 03:57 . 2003-07-15 03:57 98360 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\DSSM.EXE
+ 2003-07-15 03:56 . 2003-07-15 03:56 14904 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\DSITF.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 46144 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\BLNMGRPS.DLL
+ 2003-07-15 03:53 . 2003-07-15 03:53 94768 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\AW.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 38968 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\AUTHZAX.DLL
+ 2008-04-10 07:04 . 2009-10-08 17:29 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 4096 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2003-06-18 22:31 . 2003-06-18 22:31 6144 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OCRPS.DLL
+ 2006-11-11 00:58 . 2007-04-09 17:24 758664 c:\windows\system32\spool\drivers\w32x86\mdigraph.dll
+ 2006-11-11 00:58 . 2007-04-09 17:24 758664 c:\windows\system32\spool\drivers\w32x86\3\mdigraph.dll
+ 2005-08-16 09:27 . 2009-10-08 17:45 276560 c:\windows\system32\FNTCACHE.DAT
- 2005-08-16 09:27 . 2009-09-14 07:26 276560 c:\windows\system32\FNTCACHE.DAT
+ 2006-11-11 00:52 . 2005-09-08 10:20 122940 c:\windows\system32\DLA\DLACTRLW.EXE
- 2008-04-10 07:04 . 2009-10-06 07:07 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-10 07:04 . 2009-10-08 17:29 409600 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-04-10 07:04 . 2009-10-08 17:29 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 286720 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-04-10 07:04 . 2009-10-08 17:29 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 249856 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-04-10 07:04 . 2009-10-08 17:29 794624 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-10 07:04 . 2009-10-06 07:07 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-04-10 07:04 . 2009-10-08 17:29 135168 c:\windows\Installer\{91CA0409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2005-05-04 05:06 . 2005-05-04 05:06 199408 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSMDUN80.DLL
+ 2005-05-04 05:06 . 2005-05-04 05:06 465640 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMENG.DLL
+ 2001-06-05 13:13 . 2001-06-05 13:13 289926 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\ENGDIC.DAT
+ 2002-10-07 14:51 . 2002-10-07 14:51 221252 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWSTRUCT.DLL
+ 2002-10-07 14:50 . 2002-10-07 14:50 118847 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWRECE.DLL
+ 2002-10-07 14:51 . 2002-10-07 14:51 102467 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWORIENT.DLL
+ 2002-10-07 14:51 . 2002-10-07 14:51 147520 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWLAY32.DLL
+ 2002-10-07 14:51 . 2002-10-07 14:51 180289 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWCUTLIN.DLL
+ 2002-10-07 14:50 . 2002-10-07 14:50 241729 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\TWCUTCHR.DLL
+ 2002-10-07 14:53 . 2002-10-07 14:53 106561 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\THOCRAPI.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 349248 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\SELFCERT.EXE
+ 2003-07-21 16:46 . 2003-07-21 16:46 390712 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\RTFHTML.DLL
+ 2002-10-07 15:11 . 2002-10-07 15:11 167997 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\PSOM.DLL
+ 2003-07-15 03:44 . 2003-07-15 03:44 102968 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OUTLCTL.DLL
+ 2003-07-15 08:14 . 2003-07-15 08:14 242240 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OISGRAPH.DLL
+ 2003-07-15 04:00 . 2003-07-15 04:00 145984 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSWEBCAP.DLL
+ 2003-07-15 04:02 . 2003-07-15 04:02 637496 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSQRY32.EXE
+ 2003-06-19 21:05 . 2003-06-19 21:05 364648 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPVIEW.EXE
+ 2003-06-19 21:05 . 2003-06-19 21:05 128104 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPSCAN.EXE
+ 2003-06-18 22:31 . 2003-06-18 22:31 788480 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSPFILT.DLL
+ 2003-07-15 08:18 . 2003-07-15 08:18 376888 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSORUN.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 120888 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSOAUTH.DLL
+ 2003-07-15 03:57 . 2003-07-15 03:57 124480 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSB1CORE.DLL
+ 2003-06-18 22:31 . 2003-06-18 22:31 252928 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MDIINK.DLL
+ 2003-07-15 03:40 . 2003-07-15 03:40 165944 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FPLACE.DLL
+ 2003-07-15 03:40 . 2003-07-15 03:40 179768 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FPERSON.DLL
+ 2002-10-07 14:49 . 2002-10-07 14:49 192573 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\FORM.DLL
+ 2007-06-06 14:53 . 2007-06-06 14:53 1195888 c:\windows\system32\FM20.DLL
+ 2005-05-04 05:06 . 2005-05-04 05:06 1411816 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.8173\MSDMINE.DLL
+ 2003-04-30 16:52 . 2003-04-30 16:52 1581120 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XPAGE3C.DLL
+ 2002-10-07 15:03 . 2002-10-07 15:03 1794113 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\XIMAGE3B.DLL
+ 2003-07-15 04:05 . 2003-07-15 04:05 1054264 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\OMFC.DLL
+ 2003-07-11 07:15 . 2003-07-11 07:15 1292872 c:\windows\Installer\$PatchCache$\Managed\9040AC1900063D11C8EF10054038389C\11.0.5614\MSONSEXT.DLL
+ 2009-10-08 17:30 . 2009-08-28 18:38 24689600 c:\windows\system32\MRT.exe
+ 2007-07-27 13:03 . 2007-07-27 13:03 119977472 c:\windows\Installer\ade79.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-11-11 00:24 . 2004-04-01 13:51 1589248 c:\dell\DellHelp\bak\DellHelp.exe
2006-11-11 00:24 . 2008-02-24 02:47 14348 c:\dell\DellHelp\DellHelp.exe

2006-11-07 15:29 . 2006-11-07 15:29 50736 c:\program files\AIM6\bak\aim6.exe
2008-01-03 16:15 . 2008-01-03 16:15 50528 c:\program files\AIM6\aim6.exe

2005-10-05 08:12 . 2005-10-05 08:12 94208 c:\program files\Dell\Media Experience\bak\DMXLauncher.exe
2005-10-05 08:12 . 2008-02-24 02:47 14348 c:\program files\Dell\Media Experience\DMXLauncher.exe

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe
2008-03-30 14:36 . 2008-03-30 14:36 267048 c:\program files\iTunes\iTunesHelper.exe

2006-11-11 00:52 . 2005-09-26 15:26 110592 c:\program files\McAfee\SpamKiller\bak\MskAgent.exe
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\program files\McAfee\SpamKiller\MskAgent.exe

2006-11-11 00:52 . 2006-11-07 19:49 1121280 c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\program files\McAfee\SpamKiller\MSKDetct.exe

2006-11-11 00:51 . 2005-09-22 23:29 303104 c:\program files\McAfee.com\Agent\bak\mcagent.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\mcagent.exe

2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-06 00:35 14860 c:\program files\McAfee.com\Agent\mcupdate.exe

2006-11-11 00:51 . 2006-01-11 17:05 212992 c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-06 00:35 14860 c:\program files\McAfee.com\Agent\mcupdate.exe

2006-11-11 00:51 . 2006-01-11 17:05 212992 c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\bak\mcupdate.exe

2006-11-11 00:51 . 2005-11-11 22:00 1005096 c:\program files\McAfee.com\Personal Firewall\bak\MpfTray.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Personal Firewall\MpfTray.exe

2006-11-11 00:51 . 2005-08-10 17:49 163840 c:\program files\McAfee.com\VSO\bak\mcvsshld.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\mcvsshld.exe

2006-11-11 00:51 . 2005-08-12 03:02 53248 c:\program files\McAfee.com\VSO\bak\oasclnt.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\oasclnt.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe
2008-03-29 03:37 . 2008-03-29 03:37 413696 c:\program files\QuickTime\QTTask.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

.
Contents of the 'Scheduled Tasks' folder

2009-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-10-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-08 14:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\sqlite_tEVtwjh1S5KLmIc 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3140)
c:\progra~1\mcafee.com\vso\McVSSkt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\progra~1\McAfee.com\VSO\bak\oasclnt.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\progra~1\McAfee.com\VSO\McVSEscn.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\McAfee.com\VSO\mcvsftsn.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Messenger\msmsgs.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\windows\system32\rundll32.exe
c:\program files\McAfee.com\VSO\mcvsshld.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-10-08 15:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-08 19:13
ComboFix2.txt 2009-10-08 04:16
ComboFix3.txt 2009-10-08 02:36
ComboFix4.txt 2009-10-07 02:13

Pre-Run: 45,250,813,952 bytes free
Post-Run: 45,235,003,392 bytes free

381 --- E O F --- 2009-10-08 17:33

#11 nasdaq

Forum Deity

Group: Global Moderator
Posts: 40,545
Joined: 24-May 04

Posted 08 October 2009 - 03:14 PM

For what ever reasons the ComboFix is not repairing the AWF infection.

Let try the old fashion way.

Please download FindAWF:
http://noahdfear.net...ads/FindAWF.exe

Save the file to the Desktop
Double-click the FindAWF icon.

If a Security alert shows, allow the program to run.
As instructed, press any key to continue.
Use the following option: Press 1 then Enter to scan for bak folders
The scan may take a while, please be patient.

When done, a text file, Find AWF report is produced.
Please provide Find AWF report in your reply.

#12 azuleno

Advanced Member

Group: Full Member
Posts: 123
Joined: 16-June 04

Posted 10 October 2009 - 02:43 PM

I downloaded FindAWF, but after multiple attempts to run (even after reboot, and downloading FIndAWF again), after I click on the FindAWF icon a box shows up for a fraction of a second then disappears, and nothing happens ... sorry, cannot provide a log. The PC seems to be working fine, but obviously don't want to compromise security. The improvement I saw on the PC a few days ago occurred when I went back to a previous restored point of COMODO cleaner.

#13 nasdaq

Forum Deity

Group: Global Moderator
Posts: 40,545
Joined: 24-May 04

Posted 11 October 2009 - 08:24 AM

Quote

The improvement I saw on the PC a few days ago occurred when I went back to a previous restored point of COMODO cleaner.

Can you then run Combofix again and post the results.

#14 azuleno

Advanced Member

Group: Full Member
Posts: 123
Joined: 16-June 04

Posted 15 October 2009 - 01:02 PM

nasdaq, on 11 October 2009 - 09:24 AM, said:

Quote

The improvement I saw on the PC a few days ago occurred when I went back to a previous restored point of COMODO cleaner.

Can you then run Combofix again and post the results.

Regarding above, I don't know what happened but the PC is back to its old ways of coming up with [Active Shield > Resource dll is missing >> Please reinstall the application] error message. Surprisingly, I can run the PC but it is anoying to have hide the error window by sliding it out of the way. If you close it, it simply reappears.

Windows Installer still insists on having Document Viewer installed. Says feature is on CD-ROM (?) but since PC was purchased with XP installed I cannot do anything. Same thing here, I have to ignore the [Document Viewer] error window, and PC works.

I wonder if the McAfee Uninstaller I see in Add/Remove programs will unistall the app. I cannot disable the antivirus, and ComboFix was ran with [supposedly] the enabled antivirus [per security warning from ComboFix]. There are no other McAfee Add/Remove programs (!?)

I also noticed that there are two Microsoft .NET [Framework 1.1 and Framework 1.1 Hotfix] Add/Remove options. Can I just safely delete these? Can they be part of the problem?

Reposting ComboFix log. ComboFix I got yesterday was much longer than today's, and there is no apparent reason why this may have been the case. If you need I can post later; I saved it. Seems like the ComboFix log disappeared between yesterday and today. Not sure if HJT log will be useful, but included as well:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:00:17 PM, on 10/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0061110
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebo...toUploader3.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 10194 bytes

ComboFix 09-10-15.01 - Mayra Soto 10/15/2009 13:05.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.208 [GMT -4:00]
Running from: c:\documents and settings\Mayra Soto\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mayra Soto\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-09 22:58 . 2009-10-09 22:58 -------- dc----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-08 05:05 . 2009-10-08 05:05 -------- dc----w- c:\program files\VS Revo Group
2009-10-04 22:10 . 2009-10-04 22:10 -------- dc----w- c:\program files\CCleaner
2009-09-26 16:50 . 2009-09-26 16:50 -------- dc----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 18:38 . 2006-11-11 00:49 -------- dc----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-08 17:46 . 2006-11-15 23:35 77712 -c--a-w- c:\documents and settings\Mayra Soto\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-08 02:21 . 2007-09-06 00:23 -------- dc----w- c:\program files\MSN Messenger
2009-10-06 07:03 . 2006-11-11 00:55 -------- dc----w- c:\program files\Microsoft Works
2009-10-04 22:12 . 2009-09-11 23:21 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-04 22:01 . 2006-11-11 00:53 -------- dc----w- c:\program files\BAE
2009-09-14 05:41 . 2009-09-14 05:41 -------- dc----w- c:\documents and settings\Mayra Soto\Application Data\U3
2009-09-13 17:05 . 2009-09-11 23:21 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-09-13 16:29 . 2008-03-10 22:42 -------- dc----w- c:\program files\eSoftware
2009-09-13 16:05 . 2009-09-11 22:51 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 23:09 . 2009-09-11 23:09 -------- dc----w- c:\program files\COMODO
2009-09-11 22:51 . 2009-09-11 22:51 -------- dc----w- c:\documents and settings\Mayra Soto\Application Data\Malwarebytes
2009-09-11 22:51 . 2009-09-11 22:51 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-10 18:54 . 2009-09-13 16:05 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-09-13 16:05 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-09-06 02:15 . 2006-12-03 22:33 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-06 02:14 . 2006-11-20 03:25 -------- dc----w- c:\documents and settings\Mayra Soto\Application Data\Corel
2009-09-06 02:14 . 2006-12-03 22:33 88 -csh--r- c:\windows\system32\22F9E0E6EB.sys
2009-08-05 09:11 . 2005-08-16 09:18 204800 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2005-08-16 09:18 119808 -c--a-w- c:\windows\system32\t2embed.dll
2009-07-29 04:53 . 2005-08-16 09:18 82432 -c--a-w- c:\windows\system32\fontsub.dll
2009-07-18 16:00 . 2005-08-16 09:18 1509888 -c--a-w- c:\windows\system32\shdocvw(2)(2).dll
2009-07-17 18:55 . 2005-08-16 09:18 58880 -c--a-w- c:\windows\system32\atl(2)(2).dll
2009-07-17 18:55 . 2005-08-16 09:18 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-10-14_22.15.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-15 17:15 . 2009-10-15 17:15 32768 c:\windows\temp\History\History.IE5\MSHist012009101520091016\index.dat
+ 2009-10-14 04:28 . 2009-10-15 03:58 81920 c:\windows\temp\History\History.IE5\MSHist012009101420091015\index.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-11-11 00:24 . 2004-04-01 13:51 1589248 c:\dell\DellHelp\bak\DellHelp.exe
2006-11-11 00:24 . 2008-02-24 02:47 14348 c:\dell\DellHelp\DellHelp.exe

2006-11-07 15:29 . 2006-11-07 15:29 50736 c:\program files\AIM6\bak\aim6.exe
2008-01-03 16:15 . 2008-01-03 16:15 50528 c:\program files\AIM6\aim6.exe

2005-10-05 08:12 . 2005-10-05 08:12 94208 c:\program files\Dell\Media Experience\bak\DMXLauncher.exe
2005-10-05 08:12 . 2008-02-24 02:47 14348 c:\program files\Dell\Media Experience\DMXLauncher.exe

2006-10-30 14:36 . 2006-10-30 14:36 256576 c:\program files\iTunes\bak\iTunesHelper.exe
2008-03-30 14:36 . 2008-03-30 14:36 267048 c:\program files\iTunes\iTunesHelper.exe

2006-11-11 00:52 . 2005-09-26 15:26 110592 c:\program files\McAfee\SpamKiller\bak\MskAgent.exe
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\program files\McAfee\SpamKiller\MskAgent.exe

2006-11-11 00:52 . 2006-11-07 19:49 1121280 c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe
2006-11-11 00:52 . 2008-02-24 02:47 14348 c:\program files\McAfee\SpamKiller\MSKDetct.exe

2006-11-11 00:51 . 2005-09-22 23:29 303104 c:\program files\McAfee.com\Agent\bak\mcagent.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\mcagent.exe

2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-06 00:35 14860 c:\program files\McAfee.com\Agent\mcupdate.exe

2006-11-11 00:51 . 2006-01-11 17:05 212992 c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-06 00:35 14860 c:\program files\McAfee.com\Agent\mcupdate.exe

2006-11-11 00:51 . 2006-01-11 17:05 212992 c:\program files\McAfee.com\Agent\bak\bak\mcupdate.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Agent\bak\mcupdate.exe

2006-11-11 00:51 . 2005-11-11 22:00 1005096 c:\program files\McAfee.com\Personal Firewall\bak\MpfTray.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\Personal Firewall\MpfTray.exe

2006-11-11 00:51 . 2005-08-10 17:49 163840 c:\program files\McAfee.com\VSO\bak\mcvsshld.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\mcvsshld.exe

2006-11-11 00:51 . 2005-08-12 03:02 53248 c:\program files\McAfee.com\VSO\bak\oasclnt.exe
2006-11-11 00:51 . 2008-02-24 02:47 14348 c:\program files\McAfee.com\VSO\oasclnt.exe

2006-10-25 23:58 . 2006-10-25 23:58 282624 c:\program files\QuickTime\bak\qttask.exe
2008-03-29 03:37 . 2008-03-29 03:37 413696 c:\program files\QuickTime\QTTask.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-23 1617920]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-10 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

.
Contents of the 'Scheduled Tasks' folder

2009-10-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:57]

2009-10-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.dell.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-15 13:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\McAfee.com\Agent\Mcdetect.exe
c:\progra~1\McAfee.com\VSO\McShield.exe
c:\progra~1\McAfee.com\Agent\McTskshd.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2009-10-15 13:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-15 17:24
ComboFix2.txt 2009-10-14 22:30
ComboFix3.txt 2009-10-08 19:13
ComboFix4.txt 2009-10-08 04:16
ComboFix5.txt 2009-10-15 17:03

Pre-Run: 47,648,219,136 bytes free
Post-Run: 47,675,449,344 bytes free

202 --- E O F --- 2009-10-08 17:33

#15 nasdaq

Forum Deity

Group: Global Moderator
Posts: 40,545
Joined: 24-May 04

Posted 15 October 2009 - 06:23 PM

Let take this one at A time.

Quote

I suggest you remove McAfee and reinstall.

How to uninstall or reinstall supported McAfee consumer products using the McAfee Consumer Products Removal tool (MCPR.exe)
http://service.mcafe...spx?id=TS100507

Reinstall your version of McAFee.

Let me know what problems remains.

(4 Pages)
1
2
3
→
Last »

You cannot start a new topic
You cannot reply to this topic

SpywareInfo Forum: Microsoft .NET Framework error message box, won't go away - SpywareInfo Forum

Posting Guidelines

Microsoft .NET Framework error message box, won't go away

#1 azuleno

#2 SWI Support Robot

#3 nasdaq

#4 azuleno

#5 nasdaq

#6 azuleno

#7 nasdaq

#8 azuleno

#9 nasdaq

#10 azuleno

#11 nasdaq

#12 azuleno

#13 nasdaq

#14 azuleno

#15 nasdaq

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

SpywareInfo Forum: Microsoft .NET Framework error message box, won't go away - SpywareInfo Forum

Posting Guidelines

Microsoft .NET Framework error message box, won't go away

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users