Error Starting On Demand Scanner (McAfee)

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 1:59 am

.text C:\WINDOWS\Explorer.EXE[516] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01880FCA
.text C:\WINDOWS\Explorer.EXE[516] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01880058
.text C:\WINDOWS\Explorer.EXE[516] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01880011
.text C:\WINDOWS\Explorer.EXE[516] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01880FE5
.text C:\WINDOWS\Explorer.EXE[516] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0188003D
.text C:\WINDOWS\Explorer.EXE[516] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01880000
.text C:\WINDOWS\Explorer.EXE[516] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01880FA5
.text C:\WINDOWS\Explorer.EXE[516] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [A8, 89] {TEST AL, 0x89}
.text C:\WINDOWS\Explorer.EXE[516] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0188002C
.text C:\WINDOWS\Explorer.EXE[516] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01870051
.text C:\WINDOWS\Explorer.EXE[516] msvcrt.dll!system 77C293C7 5 Bytes JMP 01870FBC
.text C:\WINDOWS\Explorer.EXE[516] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0187001B
.text C:\WINDOWS\Explorer.EXE[516] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01870FEF
.text C:\WINDOWS\Explorer.EXE[516] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0187002C
.text C:\WINDOWS\Explorer.EXE[516] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01870000
.text C:\WINDOWS\Explorer.EXE[516] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01860FEF
.text C:\WINDOWS\Explorer.EXE[516] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01860FD4
.text C:\WINDOWS\Explorer.EXE[516] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01860014
.text C:\WINDOWS\Explorer.EXE[516] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01860025
.text C:\WINDOWS\Explorer.EXE[516] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02030FEF
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00060FEF
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00060F94
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00060093
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00060078
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0006005B
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0006002F
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000600DC
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000600CB
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000600FE
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 000600ED
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 0006010F
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00060040
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00060FDE
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 000600AE
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0006001E
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00060FC3
.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00060F6F
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00050025
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00050076
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00050FD4
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00050FEF
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00050FC3
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00050000
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00050065
.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00050040
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00040FB7
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00040042
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00040027
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00040000
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00040FD2
.text C:\WINDOWS\system32\services.exe[752] msvcrt.dll!_wopen

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:08 am

.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CE0F9E
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CE0FAF
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CE0089
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CE0FC0
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CE0FDB
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CE00BA
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CE0F72
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CE0F46
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CE0F57
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CE0104
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CE0062
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CE0011
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CE0F83
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CE0047
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CE002C
.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CE00CB
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CD0022
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CD0F9E
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CD0011
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CD0000
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CD0FAF
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CD0FEF
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00CD0FC0
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [ED, 88]
.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CD003D
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF002C
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF001B
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF000A
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FE3
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0FB5
.text C:\WINDOWS\system32\lsass.exe[764] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF0FC6
.text C:\WINDOWS\system32\lsass.exe[764] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FEF

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:09 am

.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D20000
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D2007F
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D20F8A
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D20064
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D20FA5
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D20047
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D200A6
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D20F5E
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D200D9
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D200C8
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D20F25
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D20FB6
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D2001B
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D20F6F
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D20036
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D20FDB
.text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D200B7
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D10036
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D10073
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D1001B
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D10FB6
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D10062
.text C:\WINDOWS\system32\svchost.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D10051
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D0004C
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D00FC1
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D00FD2
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D00027
.text C:\WINDOWS\system32\svchost.exe[940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00D00000
.text C:\WINDOWS\system32\svchost.exe[940] WS2_32.dll!socket

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:09 am

.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C10F6B
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C10F86
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C10060
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C10043
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C1001E
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C10F33
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C10F44
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C10F0E
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C100A7
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C100C2
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C10FA1
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C10FD4
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C1007B
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C10FB2
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C10FC3
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C10096
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C0001B
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C00062
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C00051
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BF0FD2
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BF005D
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BF001D
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BF0FEF
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BF0042
.text C:\WINDOWS\system32\svchost.exe[1048] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BF000C
.text C:\WINDOWS\system32\svchost.exe[1048] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE000A

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:10 am

.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02860FE5
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02860F61
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02860F72
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02860F83
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02860F9E
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02860FB9
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02860F15
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02860067
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02860EF0
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02860089
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 028600A4
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02860040
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02860000
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02860F3C
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02860FCA
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0286001B
.text C:\WINDOWS\System32\svchost.exe[1100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02860078
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02850FCD
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02850FA1
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02850FDE
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02850014
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0285005E
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02850FEF
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02850043
.text C:\WINDOWS\System32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02850FBC
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02840F9C
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!system 77C293C7 5 Bytes JMP 02840FAD
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02840FD2
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02840000
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0284001D
.text C:\WINDOWS\System32\svchost.exe[1100] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02840FE3
.text C:\WINDOWS\System32\svchost.exe[1100] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0283000A
.text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02950FEF
.text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02950014
.text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02950025
.text C:\WINDOWS\System32\svchost.exe[1100] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 02950036

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:11 am

.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008C0FE5
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 008C0F75
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 008C0F86
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 008C0054
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 008C0043
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 008C0028
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 008C0F3F
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 008C0F50
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008C0F10
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 008C00A9
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 008C0EF5
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 008C0FA1
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008C0FD4
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 008C007B
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 008C0FB2
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 008C0FC3
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 008C0098
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008B000A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008B0F68
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008B0FB9
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008B0FCA
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008B0F79
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008B0FE5
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008B0025
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008B0F9E
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 008A005D
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!system 77C293C7 5 Bytes JMP 008A0FC8
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 008A002E
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 008A0000
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 008A0FD9
.text C:\WINDOWS\system32\svchost.exe[1256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 008A0011
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006C0FEF
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20F5C
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20F77
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C20040
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20025
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C20093
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20082
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C20F26
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C200C9
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C20F15
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C20F9E
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C20000
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C20F4B
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C20FCA
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C200A4
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C10047
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C1007D
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C10036
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C10025
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C1006C
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C1000A
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C10FCA
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E1, 88] {LOOPZ 0xffffffffffffff8a}
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C10FDB
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C00FC3
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C00033
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C0000C
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[1324] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1324] WS2_32.dll!socket

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:12 am

.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0FEF
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0F4B
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0F66
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB0F77
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0040
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB0FC3
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB006C
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB005B
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB0EEE
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F09
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BB00AC
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BB0FA8
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BB0014
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BB0F30
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BB0025
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BB0FDE
.text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BB007D
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00660FCA
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00660F94
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00660FE5
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00660FA5
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00660051
.text C:\WINDOWS\system32\svchost.exe[1612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00660040
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00650FB5
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!system 77C293C7 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00650FD7
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00650FC6
.text C:\WINDOWS\system32\svchost.exe[1612] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00630FEF
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00630FDE
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00630FC3
.text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00630FA8
.text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00640000
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A006C
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F77
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0051
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F94
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0025
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F55
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0091
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00DD
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F44
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F29
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0036
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F66
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A000A
.text C:\WINDOWS\System32\svchost.exe[1712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00C2
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FCA
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029004A
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290025
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029000A
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F8D
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FEF
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F9E
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\System32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290FB9
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0F9C
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0FB7
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E000C
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0027
.text C:\WINDOWS\System32\svchost.exe[1712] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FD2
.text C:\WINDOWS\System32\svchost.exe[1712] WS2_32.dll!socket

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:13 am

.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0026009F
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0026008E
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260FC0
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0026007D
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260062
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600C4
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F88
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600FA
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F61
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260115
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FDB
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F99
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260051
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260036
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002600DF
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F79
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350F94
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350036
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360051
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] msvcrt.dll!system 77C293C7 5 Bytes JMP 0036002C
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FC6
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 01BA0FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 01BA0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 01BA0FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 01BA0F94
.text C:\Program Files\Internet Explorer\iexplore.exe[4892] ws2_32.dll!socket

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:14 am

.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F77
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260051
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F94
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260087
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F41
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F02
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F13
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260EE7
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260062
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0026002C
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F24
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350036
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0035005B
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035001B
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0036003A
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360029
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360018
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00CC0000
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00CC0011
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00CC0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00CC0FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[6504] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01430000

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:15 am

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4892] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP935\A0084595.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP935\A0085591.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP935\A0085610.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP935\A0085618.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP936\A0085834.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP936\A0085842.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP937\A0085867.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP939\A0086060.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP940\A0086198.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP940\A0086564.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP940\A0086608.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP940\A0087042.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP940\A0087140.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP940\A0087541.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP940\A0087634.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP944\A0087850.sys:1 8192 bytes executable
ADS C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP944\A0087867.sys:1 8192 bytes executable

---- EOF - GMER 1.0.15 ----

Re: Error Starting On Demand Scanner (McAfee)25th August 2009, 3:53 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Error Starting On Demand Scanner (McAfee) - Page 1 2wg6fte

Re: Error Starting On Demand Scanner (McAfee)25th August 2009, 11:05 pm

Malwarebytes' Anti-Malware 1.40
Database version: 2696
Windows 5.1.2600 Service Pack 3

8/25/2009 6:51:07 PM
mbam-log-2009-08-25 (18-51-07).txt

Scan type: Quick Scan
Objects scanned: 106192
Time elapsed: 23 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AntipPro2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_100 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Re: Error Starting On Demand Scanner (McAfee)28th August 2009, 3:38 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Error Starting On Demand Scanner (McAfee) - Page 1 CF_Cleanup

Error Starting On Demand Scanner (McAfee) - Page 1 CF_Cleanup

This will also reset your restore points.

How is the machine running now?

............................................................................................
While my help is always free, please consider donating to keep this site alive: Donate

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 2:42 am

I tried to run the combofix...when I went to the start menu and followed above directions, it told me that it wasn't installed. I re-installed it using previous instructions, except didn't rename it. Is it still ok to run it?

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 5:19 pm

Hello.
Yes, it's fine.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Error Starting On Demand Scanner (McAfee) - Page 1 VvYDg

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:18 pm

ComboFix 09-08-28.06 - Audrey Chriqui 08/29/2009 15:19.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.111 [GMT -4:00]
Running from: c:\documents and settings\Audrey Chriqui\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1089551744-1120685985-1162132538-1003
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\windows\system32\mdm.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP935\A0084594.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-29 )))))))))))))))))))))))))))))))
.

2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- C:\Combo-Fix
2009-08-25 23:47 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 23:47 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 23:45 . 2009-08-25 23:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 23:45 . 2009-08-25 23:45 -------- d-----w- c:\program files\McAfee.com
2009-08-25 23:35 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 01:13 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Audrey Chriqui\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-18 01:05 . 2009-08-18 01:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-18 01:03 . 2009-08-18 01:03 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-18 01:02 . 2009-08-19 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-18 00:54 . 2009-08-19 22:36 -------- d-----w- C:\downloads
2009-08-18 00:14 . 2009-08-18 00:55 -------- d-----w- c:\documents and settings\Audrey Chriqui\.SunDownloadManager
2009-08-17 02:56 . 2009-08-17 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-08-17 02:52 . 2009-08-17 02:52 -------- d-----w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\Citrix
2009-08-16 06:15 . 2009-07-13 05:42 286880 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-16 04:41 . 2009-08-19 21:12 -------- d-sh--w- c:\windows\Installer
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-08-12 03:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:19 pm

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 23:18 . 2007-10-31 03:13 -------- d-----w- c:\program files\McAfee
2009-08-25 23:54 . 2007-10-31 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-18 01:12 . 2005-08-16 01:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 02:52 . 2007-11-07 19:59 -------- d-----w- c:\program files\Citrix
2009-08-16 06:11 . 2008-01-26 02:39 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\McAfee
2009-08-16 05:08 . 2006-10-01 02:14 -------- d-----w- c:\program files\iTunes
2009-08-15 23:20 . 2005-08-16 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:08 . 2008-02-22 06:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 14:26 . 2005-04-30 05:39 -------- d-----w- c:\program files\iPod
2009-07-18 14:26 . 2008-02-23 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 14:19 . 2005-04-30 05:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 14:00 . 2009-07-18 14:00 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-03 17:09 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 00:20 . 2006-09-08 17:45 63088 ----a-w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 00:18 . 2009-07-03 00:18 -------- d-----w- c:\program files\Microsoft
2009-07-03 00:17 . 2009-07-03 00:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-03 00:16 . 2008-01-31 01:29 -------- d-----w- c:\program files\Windows Live
2009-07-03 00:12 . 2009-07-03 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 03:09 . 2009-06-05 03:09 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:19 pm

------- Sigcheck -------

[7] 2004-08-04 08:00 55808 82B24CB70E5944E6E34662205A2A5B78 c:\windows\$NtServicePackUninstall$\eventlog.dll
[7] 2008-04-14 00:11 56320 6D4FEB43EE538FC5428CC7F0565AA656 c:\windows\ServicePackFiles\i386\eventlog.dll

c:\windows\system32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-04-30 06:04 . 2004-10-14 20:54 253952 c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe

2005-06-07 04:46 . 2005-06-07 04:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

2005-04-30 04:54 . 2005-04-11 17:00 339968 c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe

2007-07-28 23:35 . 2007-07-28 23:35 68856 c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe

2005-11-20 05:50 . 2005-07-08 04:55 49152 c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\bak\hphupd05.exe

2005-02-17 06:11 . 2005-02-17 06:11 49152 c:\program files\Hp\HP Software Update\bak\HPWuSchd2.exe

2003-12-22 13:38 . 2003-12-22 13:38 241664 c:\program files\Hp\hpcoretech\bak\hpcmpmgr.exe

2005-04-30 05:55 . 2005-02-17 21:01 233534 c:\program files\HPQ\Default Settings\bak\cpqset.exe

2005-04-30 05:53 . 2004-12-03 20:24 290816 c:\program files\HPQ\Quick Launch Buttons\bak\EabServr.exe

2005-06-24 19:16 . 2005-06-24 19:16 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

2007-02-18 15:11 . 2006-11-09 20:07 49263 c:\program files\Java\jre1.5.0_10\bin\bak\jusched.exe

2005-04-30 05:39 . 2005-04-30 05:39 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

2005-04-30 05:30 . 2005-02-02 12:11 692316 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe

2005-04-30 05:30 . 2005-02-02 12:12 102492 c:\program files\Synaptics\SynTP\bak\SynTPLpr.exe

2006-12-24 11:43 . 2006-12-01 02:49 4662776 c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe

2004-08-04 08:00 . 2004-08-04 08:00 15360 c:\windows\system32\bak\ctfmon.exe
2004-08-04 08:00 . 2008-04-14 00:12 15360 c:\windows\system32\ctfmon.exe

2005-11-20 05:50 . 2005-07-08 04:55 491520 c:\windows\system32\bak\hphmon05.exe

2005-11-24 02:17 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe

.

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:20 pm

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-17 02:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/23/2007 9:32 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S2 pciinfo;HP Pci Information;\??\c:\docume~1\AUDREY~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\AUDREY~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [4/5/2008 9:45 PM 34136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-11-20 04:55]

2009-08-25 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2009-08-25 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2008-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
.

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:20 pm

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk|http://www.google.com/ig?hl=en
FF - plugin: c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 15:46
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:21 pm

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
c:\program files\BUFFALO\Client Manager3\NtCommon\BwcProv.dll

- - - - - - - > 'explorer.exe'(3316)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************
.
Completion time: 2009-08-29 16:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-29 20:12

Pre-Run: 26,756,845,568 bytes free
Post-Run: 27,131,404,288 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

297 --- E O F --- 2009-08-16 03:50

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 10:49 pm

Now open a new notepad file.
Input this into the notepad file:

FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | c:\windows\system32\eventlog.dll

AWF::
c:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe
c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
c:\program files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
c:\program files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe
c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\bak\hphupd05.exe
c:\program files\Hp\HP Software Update\bak\HPWuSchd2.exe
c:\program files\Hp\hpcoretech\bak\hpcmpmgr.exe
c:\program files\HPQ\Default Settings\bak\cpqset.exe
c:\program files\HPQ\Quick Launch Buttons\bak\EabServr.exe
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\Java\jre1.5.0_10\bin\bak\jusched.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Synaptics\SynTP\bak\SynTPEnh.exec:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe
c:\windows\system32\bak\ctfmon.exe
c:\windows\system32\bak\hphmon05.exe
c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe

Driver::
pciinfo

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Error Starting On Demand Scanner (McAfee) - Page 1 Sfxdaw

Error Starting On Demand Scanner (McAfee) - Page 1 Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:42 am

ComboFix 09-08-29.01 - Audrey Chriqui 08/29/2009 20:48.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.152 [GMT -4:00]
Running from: c:\documents and settings\Audrey Chriqui\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Audrey Chriqui\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PCIINFO
-------\Service_pciinfo

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 00:47 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2009-08-30 00:47 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- C:\Combo-Fix
2009-08-25 23:47 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 23:47 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 23:45 . 2009-08-25 23:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 23:45 . 2009-08-25 23:45 -------- d-----w- c:\program files\McAfee.com
2009-08-25 23:35 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 01:13 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Audrey Chriqui\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-18 01:05 . 2009-08-18 01:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-18 01:03 . 2009-08-18 01:03 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-18 01:02 . 2009-08-19 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-18 00:54 . 2009-08-19 22:36 -------- d-----w- C:\downloads
2009-08-18 00:14 . 2009-08-18 00:55 -------- d-----w- c:\documents and settings\Audrey Chriqui\.SunDownloadManager
2009-08-17 02:56 . 2009-08-17 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-08-17 02:52 . 2009-08-17 02:52 -------- d-----w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\Citrix
2009-08-16 06:15 . 2009-07-13 05:42 286880 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-16 04:41 . 2009-08-19 21:12 -------- d-sh--w- c:\windows\Installer
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-08-12 03:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:43 am

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 23:18 . 2007-10-31 03:13 -------- d-----w- c:\program files\McAfee
2009-08-25 23:54 . 2007-10-31 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-18 01:12 . 2005-08-16 01:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 02:52 . 2007-11-07 19:59 -------- d-----w- c:\program files\Citrix
2009-08-16 06:11 . 2008-01-26 02:39 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\McAfee
2009-08-16 05:08 . 2006-10-01 02:14 -------- d-----w- c:\program files\iTunes
2009-08-15 23:20 . 2005-08-16 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:08 . 2008-02-22 06:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 14:26 . 2005-04-30 05:39 -------- d-----w- c:\program files\iPod
2009-07-18 14:26 . 2008-02-23 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 14:19 . 2005-04-30 05:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 14:00 . 2009-07-18 14:00 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-03 17:09 . 2004-08-04 08:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 00:20 . 2006-09-08 17:45 63088 ----a-w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 00:18 . 2009-07-03 00:18 -------- d-----w- c:\program files\Microsoft
2009-07-03 00:17 . 2009-07-03 00:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-03 00:16 . 2008-01-31 01:29 -------- d-----w- c:\program files\Windows Live
2009-07-03 00:12 . 2009-07-03 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 03:09 . 2009-06-05 03:09 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-29_19.47.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-30 01:07 . 2009-08-30 01:07 16384 c:\windows\Temp\Perflib_Perfdata_21c.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-29 21:15 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-29 21:15 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-29 21:15 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-24 02:17 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
+ 2005-11-20 05:50 . 2005-07-08 04:55 491520 c:\windows\system32\hphmon05.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-24 19:16 . 2005-06-24 19:16 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

2005-04-30 05:39 . 2005-04-30 05:39 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

2005-04-30 05:30 . 2005-02-02 12:11 692316 c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe

2005-04-30 05:30 . 2005-02-02 12:12 102492 c:\program files\Synaptics\SynTP\bak\SynTPLpr.exe

2006-12-24 11:43 . 2006-12-01 02:49 4662776 c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe

.

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:44 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-17 02:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [4/5/2008 9:45 PM 34136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-11-20 04:55]

2009-08-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2009-08-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2008-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
.

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:44 am

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk|http://www.google.com/ig?hl=en

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-29 21:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
c:\program files\BUFFALO\Client Manager3\NtCommon\BwcProv.dll

- - - - - - - > 'explorer.exe'(3672)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\HPQ\Shared\hpqwmi.exe
.
**************************************************************************
.
Completion time: 2009-08-30 21:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 01:37
ComboFix2.txt 2009-08-29 20:13

Pre-Run: 27,179,814,912 bytes free
Post-Run: 27,147,567,104 bytes free

279 --- E O F --- 2009-08-29 21:45

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 5:04 pm

Hello.

Now open a new notepad file.
Input this into the notepad file:

AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe
c:\program files\Synaptics\SynTP\bak\SynTPEnh.exe
c:\program files\Synaptics\SynTP\bak\SynTPLpr.exe
c:\program files\Yahoo!\Messenger\bak\YahooMessenger.exe

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Error Starting On Demand Scanner (McAfee) - Page 1 Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:25 pm

omboFix 09-08-29.01 - Audrey Chriqui 08/30/2009 13:18.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.156 [GMT -4:00]
Running from: c:\documents and settings\Audrey Chriqui\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Audrey Chriqui\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-30 )))))))))))))))))))))))))))))))
.

2009-08-30 00:47 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-08-30 00:47 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\eventlog.dll
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- C:\Combo-Fix
2009-08-25 23:47 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 23:47 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 23:45 . 2009-08-25 23:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 23:45 . 2009-08-25 23:45 -------- d-----w- c:\program files\McAfee.com
2009-08-25 23:35 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 01:13 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Audrey Chriqui\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-18 01:05 . 2009-08-18 01:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-18 01:03 . 2009-08-18 01:03 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-18 01:02 . 2009-08-19 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-18 00:54 . 2009-08-19 22:36 -------- d-----w- C:\downloads
2009-08-18 00:14 . 2009-08-18 00:55 -------- d-----w- c:\documents and settings\Audrey Chriqui\.SunDownloadManager
2009-08-17 02:56 . 2009-08-17 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-08-17 02:52 . 2009-08-17 02:52 -------- d-----w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\Citrix
2009-08-16 06:15 . 2009-07-13 05:42 286880 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-16 04:41 . 2009-08-19 21:12 -------- d-sh--w- c:\windows\Installer
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-08-12 03:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:26 pm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 23:18 . 2007-10-31 03:13 -------- d-----w- c:\program files\McAfee
2009-08-25 23:54 . 2007-10-31 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-18 01:12 . 2005-08-16 01:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 02:52 . 2007-11-07 19:59 -------- d-----w- c:\program files\Citrix
2009-08-16 06:11 . 2008-01-26 02:39 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\McAfee
2009-08-16 05:08 . 2006-10-01 02:14 -------- d-----w- c:\program files\iTunes
2009-08-15 23:20 . 2005-08-16 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:08 . 2008-02-22 06:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 14:26 . 2005-04-30 05:39 -------- d-----w- c:\program files\iPod
2009-07-18 14:26 . 2008-02-23 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 14:19 . 2005-04-30 05:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 14:00 . 2009-07-18 14:00 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-03 17:09 . 2004-08-04 08:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 00:20 . 2006-09-08 17:45 63088 ----a-w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 00:18 . 2009-07-03 00:18 -------- d-----w- c:\program files\Microsoft
2009-07-03 00:17 . 2009-07-03 00:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-03 00:16 . 2008-01-31 01:29 -------- d-----w- c:\program files\Windows Live
2009-07-03 00:12 . 2009-07-03 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 03:09 . 2009-06-05 03:09 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-29_19.47.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-30 17:37 . 2009-08-30 17:37 16384 c:\windows\Temp\Perflib_Perfdata_1e8.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-30 15:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-30 15:53 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-30 15:53 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-24 02:17 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
+ 2005-11-20 05:50 . 2005-07-08 04:55 491520 c:\windows\system32\hphmon05.exe
.

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:26 pm

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-24 19:16 . 2005-06-24 19:16 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

2005-04-30 05:39 . 2005-04-30 05:39 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-17 02:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [4/5/2008 9:45 PM 34136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-11-20 04:55]

2009-08-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2009-08-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2008-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]
.
.

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:27 pm

------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk|http://www.google.com/ig?hl=en

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
c:\program files\BUFFALO\Client Manager3\NtCommon\BwcProv.dll

- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-30 14:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-30 18:08
ComboFix2.txt 2009-08-30 01:39
ComboFix3.txt 2009-08-29 20:13

Pre-Run: 26,539,192,320 bytes free
Post-Run: 27,127,042,048 bytes free

265 --- E O F --- 2009-08-29 21:45

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 8:03 pm

Hello.
Nearly done now.

Open HijackThis.
When Hijack This opens, click "Open the Misc Tools section"
Then select "Open Uninstall Manager"
Click on "Save List..." (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 9:29 pm

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AIM 6
AIM Toolbar 5.0
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bonjour
BUFFALO Client Manager 3
BUM
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Choice Guard
Conexant AC-Link Audio
Critical Update for Windows Media Player 11 (KB959772)
Data Fax SoftModem with SmartCP
DYMO Label Software
Easy Internet Sign-up
Google Toolbar for Internet Explorer
GoToAssist 8.0.0.516
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HP Help and Support
HP Software Update
HP User Guides 0001
HP Wireless Assistant 1.01 A2
ImTOO DVD Copy Express
ImTOO DVD Ripper Platinum 4
InterActual Player
InterVideo WinDVD
iPod for Windows 2005-06-26
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 13
Java(TM) 6 Update 7
KODAK Gallery Upload Software
LG USB Drivers
LG USB Modem driver
Malwarebytes' Anti-Malware
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Live Meeting 2005
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.11)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 4.0 - SE
Nero 7 Essentials
neroxml
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 3
Quick Launch Buttons 5.10 B2
QuickTime
RemoveIT Pro v4 - SE
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Skype

4.0
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
V CAST Music
V CAST Music Manager
Verizon Online DSL
Viewpoint Media Player
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip 11.2
Yahoo! Messenger
Zone Deluxe Games

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 9:42 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Now open a new notepad file.
Input this into the notepad file:

Folder::
c:\Program Files\LimeWire
c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\LimeWire

AWF::
c:\program files\iTunes\bak\iTunesHelper.exe
c:\program files\QuickTime\bak\qttask.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Error Starting On Demand Scanner (McAfee) - Page 1 Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 9:54 pm

Limewire is not in my list of programs...(I thought I had previously removed it)

Viewpoint Media player was removed, but the three J2SE's and the 2 java updates wouldn't remove...it gives me an error message saying "error applying transforms. Verify that the specificed transform paths are valid."

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 1:26 am

Please download Revo Uninstall from here: Revo Uinstaller

Download and run the setup file for Revo Uninstaller.
Once setup, run Revo Uninstaller.
Select the items I listed for removal by clicking on them once.
Then hit the "Uninstall" button at the top.
Close Revo Uninstaller.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 2:07 am

The uninstaller found 111 leftover registry items for J2SE runtime update 10...do I check them all? sorry for all of the questions!

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:34 am

ComboFix 09-08-30.01 - Audrey Chriqui 08/30/2009 22:49.4.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.159 [GMT -4:00]
Running from: c:\documents and settings\Audrey Chriqui\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Audrey Chriqui\Desktop\cfscript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\LimeWire
c:\program files\LimeWire\lib\aopalliance.jar
c:\program files\LimeWire\lib\clink.jar
c:\program files\LimeWire\lib\commons-codec-1.3.jar
c:\program files\LimeWire\lib\commons-logging.jar
c:\program files\LimeWire\lib\commons-net.jar
c:\program files\LimeWire\lib\daap.jar
c:\program files\LimeWire\lib\dnsjava.jar
c:\program files\LimeWire\lib\forms.jar
c:\program files\LimeWire\lib\foxtrot.jar
c:\program files\LimeWire\lib\gettext-commons.jar
c:\program files\LimeWire\lib\guice-1.0.jar
c:\program files\LimeWire\lib\hsqldb.jar
c:\program files\LimeWire\lib\httpclient-4.0-alpha5-20080522.192134-5.jar
c:\program files\LimeWire\lib\httpcore-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\httpcore-nio-4.0-beta2-20080510.140437-10.jar
c:\program files\LimeWire\lib\icu4j.jar
c:\program files\LimeWire\lib\jaudiotagger.jar
c:\program files\LimeWire\lib\jcraft.jar
c:\program files\LimeWire\lib\jdic.dll
c:\program files\LimeWire\lib\jdic.jar
c:\program files\LimeWire\lib\jdic_stub.jar
c:\program files\LimeWire\lib\jflac.jar
c:\program files\LimeWire\lib\jl.jar
c:\program files\LimeWire\lib\jmdns.jar
c:\program files\LimeWire\lib\jogg.jar
c:\program files\LimeWire\lib\jorbis.jar
c:\program files\LimeWire\lib\LimeWire.jar
c:\program files\LimeWire\lib\log4j.jar
c:\program files\LimeWire\lib\looks.jar
c:\program files\LimeWire\lib\messages.jar
c:\program files\LimeWire\lib\mp3spi.jar
c:\program files\LimeWire\lib\onion-common.jar
c:\program files\LimeWire\lib\onion-fec.jar
c:\program files\LimeWire\lib\ProgressTabs.jar
c:\program files\LimeWire\lib\swt.jar
c:\program files\LimeWire\lib\SystemUtilities.dll
c:\program files\LimeWire\lib\themes.jar
c:\program files\LimeWire\lib\tray.dll
c:\program files\LimeWire\lib\tritonus.jar
c:\program files\LimeWire\lib\vorbisspi.jar
c:\program files\LimeWire\LimeWire.exe

.

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:34 am

((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-31 )))))))))))))))))))))))))))))))
.

2009-08-31 01:55 . 2009-08-31 01:55 -------- d-----w- c:\program files\VS Revo Group
2009-08-30 00:47 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-08-30 00:47 . 2008-04-14 00:11 56320 ------w- c:\windows\system32\eventlog.dll
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-29 19:36 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-08-28 22:21 . 2009-08-28 22:21 -------- d-----w- C:\Combo-Fix
2009-08-25 23:47 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-08-25 23:47 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-25 23:47 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-08-25 23:45 . 2009-08-25 23:47 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 23:45 . 2009-08-25 23:45 -------- d-----w- c:\program files\McAfee.com
2009-08-25 23:35 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-19 21:56 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-19 21:56 . 2009-08-19 21:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-18 01:13 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Audrey Chriqui\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-08-18 01:05 . 2009-08-18 01:06 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-08-18 01:03 . 2009-08-18 01:03 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-08-18 01:02 . 2009-08-19 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-18 00:54 . 2009-08-19 22:36 -------- d-----w- C:\downloads
2009-08-18 00:14 . 2009-08-18 00:55 -------- d-----w- c:\documents and settings\Audrey Chriqui\.SunDownloadManager
2009-08-17 02:56 . 2009-08-17 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-08-17 02:52 . 2009-08-17 02:52 -------- d-----w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\Citrix
2009-08-16 06:15 . 2009-07-13 05:42 286880 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-08-16 04:41 . 2009-08-31 02:26 -------- d-sh--w- c:\windows\Installer
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-08-16 01:49 . 2009-08-16 01:49 49152 ----a-r- c:\documents and settings\Audrey Chriqui\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-08-12 03:46 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-31 02:28 . 2005-04-30 05:08 -------- d-----w- c:\program files\Java
2009-08-30 21:50 . 2007-01-23 03:13 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\Viewpoint
2009-08-30 21:50 . 2005-08-28 13:22 -------- d-----w- c:\program files\Viewpoint
2009-08-27 23:18 . 2007-10-31 03:13 -------- d-----w- c:\program files\McAfee
2009-08-25 23:54 . 2007-10-31 03:07 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-18 01:12 . 2005-08-16 01:29 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-17 02:52 . 2007-11-07 19:59 -------- d-----w- c:\program files\Citrix
2009-08-16 06:11 . 2008-01-26 02:39 -------- d-----w- c:\documents and settings\Audrey Chriqui\Application Data\McAfee
2009-08-16 05:08 . 2006-10-01 02:14 -------- d-----w- c:\program files\iTunes
2009-08-15 23:20 . 2005-08-16 15:28 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 21:08 . 2008-02-22 06:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-18 14:26 . 2005-04-30 05:39 -------- d-----w- c:\program files\iPod
2009-07-18 14:26 . 2008-02-23 16:09 -------- d-----w- c:\program files\Common Files\Apple
2009-07-18 14:19 . 2005-04-30 05:39 -------- d-----w- c:\program files\QuickTime
2009-07-18 14:00 . 2009-07-18 14:00 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-03 17:09 . 2004-08-04 08:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 00:20 . 2006-09-08 17:45 63088 ----a-w- c:\documents and settings\Audrey Chriqui\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 00:18 . 2009-07-03 00:18 -------- d-----w- c:\program files\Microsoft
2009-07-03 00:17 . 2009-07-03 00:17 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-03 00:16 . 2008-01-31 01:29 -------- d-----w- c:\program files\Windows Live
2009-07-03 00:12 . 2009-07-03 00:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-25 08:25 . 2004-08-04 08:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 08:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 08:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 08:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 08:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 08:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 08:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-04 08:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-04 08:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-04 08:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 03:09 . 2009-06-05 03:09 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:35 am

((((((((((((((((((((((((((((( SnapShot@2009-08-29_19.47.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-31 03:05 . 2009-08-31 03:05 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-31 01:50 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-31 01:50 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2005-08-16 15:21 . 2009-08-31 01:50 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2005-08-16 15:21 . 2009-08-29 16:34 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-11-24 02:17 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
+ 2005-11-20 05:50 . 2005-07-08 04:55 491520 c:\windows\system32\hphmon05.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2005-06-24 19:16 . 2005-06-24 19:16 278528 c:\program files\iTunes\bak\iTunesHelper.exe
2009-07-13 18:03 . 2009-07-13 18:03 292128 c:\program files\iTunes\iTunesHelper.exe

2005-04-30 05:39 . 2005-04-30 05:39 98304 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 21:18 . 2009-05-26 21:18 413696 c:\program files\QuickTime\QTTask.exe

.

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:36 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [N/A]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-17 02:52 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\BWSVC\\bwsvc.exe"=
"c:\\Program Files\\BUFFALO\\Client Manager3\\AOSS\\aoss.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]
S3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;c:\windows\system32\drivers\nx6000.sys [4/5/2008 9:45 PM 34136]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-08-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2005-11-20 04:55]

2009-08-30 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2009-08-30 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-08-25 01:26]

2008-04-06 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job
- c:\program files\Microsoft LifeCam\LifeExp.exe [2007-05-17 21:45]

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:36 am

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Audrey Chriqui\Application Data\Mozilla\Firefox\Profiles\48uzsjtp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk|http://www.google.com/ig?hl=en

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-30 23:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll
c:\program files\BUFFALO\Client Manager3\NtCommon\BwcProv.dll

- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\BUFFALO\Client Manager3\bwsvc\Bwsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\VirusScan\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-31 23:31 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-31 03:29
ComboFix2.txt 2009-08-30 18:10
ComboFix3.txt 2009-08-30 01:39
ComboFix4.txt 2009-08-29 20:13

Pre-Run: 26,944,831,488 bytes free
Post-Run: 26,918,457,344 bytes free

293 --- E O F --- 2009-08-29 21:45

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 5:33 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Error Starting On Demand Scanner (McAfee) - Page 1 CF_Cleanup

This will also reset your restore points.

How is the machine running now?

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 10:28 pm

It's not letting me run it...it says windows cannot find combofix. Make sure you typed the name correctly then try again...

also since the last combofix scan, my computer is having a hard time connecting to the internet on start up. It takes about 5 minutes of it bouncing on networks before it finally stays on my network.

Re: Error Starting On Demand Scanner (McAfee)1st September 2009, 5:47 pm

Do you have the drivers for your wireless? we can try re-installing them.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Re: Error Starting On Demand Scanner (McAfee)1st September 2009, 6:00 pm

I'm sure I do somewhere, but I'm in the middle of moving and I believe they're packed! It was doing it for some time and then when I ran one of these scans, it worked normally again. Until the last one, I think. Anyway, that part is minor right now, but thanks!!

As to combofix. It's now disappeared from my desktop again. I'll re-download it and try running it through the start, run menu...

Re: Error Starting On Demand Scanner (McAfee)2nd September 2009, 12:29 am

I re-installed Combofix and did the combofix /u...does that uninstall it? I got a message saying that it is uninstalled. I think the computer is better - other than connecting to the internet, but I'm going to get a new wireless router shortly.

Re: Error Starting On Demand Scanner (McAfee)2nd September 2009, 1:07 am

Hello.
No need to download it again. The malware is removed.

If Combofix wont uninstall that way, just delete this folder in bold:

C:\Qoobox

and delete combofix.exe from your Desktop.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Re: Error Starting On Demand Scanner (McAfee)2nd September 2009, 1:11 am

it's uninstalled...should I periodically be running the malware, or any other program you had me download?

Re: Error Starting On Demand Scanner (McAfee)2nd September 2009, 1:12 am

Keep MBAM, it's a good scanner for on demand scanning. Just remember to keep it updated.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Error Starting On Demand Scanner (McAfee) - Page 1 DXwU4

Error Starting On Demand Scanner (McAfee)

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 1:59 am

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:08 am

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:09 am

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:09 am

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:10 am

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:11 am

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:12 am

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:13 am

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:14 am

descriptionRe: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:15 am

descriptionRe: Error Starting On Demand Scanner (McAfee)25th August 2009, 3:53 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)25th August 2009, 11:05 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)28th August 2009, 3:38 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)29th August 2009, 2:42 am

descriptionRe: Error Starting On Demand Scanner (McAfee)29th August 2009, 5:19 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:18 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:19 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:19 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:20 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:20 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:21 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)29th August 2009, 10:49 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:42 am

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:43 am

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:44 am

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:44 am

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 5:04 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:25 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:26 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:26 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:27 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 8:03 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 9:29 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 9:42 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)30th August 2009, 9:54 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)31st August 2009, 1:26 am

descriptionRe: Error Starting On Demand Scanner (McAfee)31st August 2009, 2:07 am

descriptionRe: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:34 am

descriptionRe: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:34 am

descriptionRe: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:35 am

descriptionRe: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:36 am

descriptionRe: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:36 am

descriptionRe: Error Starting On Demand Scanner (McAfee)31st August 2009, 5:33 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)31st August 2009, 10:28 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)1st September 2009, 5:47 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)1st September 2009, 6:00 pm

descriptionRe: Error Starting On Demand Scanner (McAfee)2nd September 2009, 12:29 am

descriptionRe: Error Starting On Demand Scanner (McAfee)2nd September 2009, 1:07 am

descriptionRe: Error Starting On Demand Scanner (McAfee)2nd September 2009, 1:11 am

descriptionRe: Error Starting On Demand Scanner (McAfee)2nd September 2009, 1:12 am

descriptionRe: Error Starting On Demand Scanner (McAfee)

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 1:59 am

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:08 am

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:09 am

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:09 am

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:10 am

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:11 am

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:12 am

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:13 am

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:14 am

Re: Error Starting On Demand Scanner (McAfee)23rd August 2009, 2:15 am

Re: Error Starting On Demand Scanner (McAfee)25th August 2009, 3:53 pm

Re: Error Starting On Demand Scanner (McAfee)25th August 2009, 11:05 pm

Re: Error Starting On Demand Scanner (McAfee)28th August 2009, 3:38 pm

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 2:42 am

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 5:19 pm

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:18 pm

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:19 pm

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:19 pm

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:20 pm

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:20 pm

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 8:21 pm

Re: Error Starting On Demand Scanner (McAfee)29th August 2009, 10:49 pm

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:42 am

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:43 am

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:44 am

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 1:44 am

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 5:04 pm

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:25 pm

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:26 pm

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:26 pm

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 6:27 pm

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 8:03 pm

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 9:29 pm

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 9:42 pm

Re: Error Starting On Demand Scanner (McAfee)30th August 2009, 9:54 pm

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 1:26 am

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 2:07 am

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:34 am

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:34 am

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:35 am

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:36 am

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 3:36 am

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 5:33 pm

Re: Error Starting On Demand Scanner (McAfee)31st August 2009, 10:28 pm

Re: Error Starting On Demand Scanner (McAfee)1st September 2009, 5:47 pm

Re: Error Starting On Demand Scanner (McAfee)1st September 2009, 6:00 pm

Re: Error Starting On Demand Scanner (McAfee)2nd September 2009, 12:29 am

Re: Error Starting On Demand Scanner (McAfee)2nd September 2009, 1:07 am

Re: Error Starting On Demand Scanner (McAfee)2nd September 2009, 1:11 am

Re: Error Starting On Demand Scanner (McAfee)2nd September 2009, 1:12 am

Re: Error Starting On Demand Scanner (McAfee)