Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: An unhandled win32 exception has occurred in xxx.exe  (Read 45306 times)

0 Members and 1 Guest are viewing this topic.

friday

    Topic Starter


    Greenhorn

    An unhandled win32 exception has occurred in xxx.exe
    « on: July 15, 2009, 11:32:41 PM »
    Hi,

    It looks like my Windows XP Professional with SP2 Laptop has problems with some kind of virus.

    I have followed the recommended process but unfortunately could not carry out steps 3, 4 and 6 as the applications could not be installed.

    Your suggestions and recommendations would be greatly appreciated.

    Initial Symptoms:

    Firefox 3.1 crashes
    get error "An unhandled WIN32 exception..." quite often
    Cannot scan using McAfee Anti-virus


    Step 1
    Add / Rem programs - Do not find any unknown application to remove


    Step 2
    CCleaner OK

    Step 3
    Super Anti Spyware -
    Unable to install
    Unhandled WIN32 exception

    Step 4
    MBAM - Installer would not execute

    Step 5
    Log Files:

    JavaRa 1.15 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Thu Jul 16 01:05:17 2009

    Found and removed: C:\Program Files\Java\jre1.5.0_06
    Found and removed: C:\Program Files\Java\jre1.5.0_15
    Found and removed: C:\Program Files\Java\jre1.6.0_05
    Found and removed: C:\Program Files\Java\jre1.6.0_07
    Found and removed: Software\JavaSoft\Java2D\1.5.0_05
    Found and removed: Software\JavaSoft\Java2D\1.5.0_06
    Found and removed: Software\JavaSoft\Java2D\1.5.0_11
    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006
    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006Found and removed:

    SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006Found and removed:

    SOFTWARE\Classes\JavaPlugin.150_06Found and removed:

    SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0Found and removed: SOFTWARE\JavaSoft\Java Plug-

    in\1.5.0_06Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5Found and removed:

    SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06Found and removed: SOFTWARE\Microsoft\Code

    Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

    \Components\ACBB9B2318A96D117A58000B0D510006Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

    \Products\8A0F842331866D117AB7000B0D510006Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}Found

    and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}Found and removed:

    SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}Found and removed:

    SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}Found and removed:

    SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005Found and removed:

    SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005Found and removed:

    SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005Found and removed:

    SOFTWARE\Classes\JavaPlugin.160_05Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05Found

    and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05Found and removed:

    SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

    \Components\ACBB9B2318A96D117A58000B0D610005Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

    \Products\8A0F842331866D117AB7000B0D610005Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}Found

    and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06Found and removed:

    Software\Classes\JavaPlugin.160_05Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-

    0003-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-

    ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1Found and removed:

    SOFTWARE\JavaSoft\Java Web Start\1.0.1_02Found and removed: SOFTWARE\JavaSoft\Java Web

    Start\1.0.1_03Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04Found and removed:

    SOFTWARE\JavaSoft\Java Web Start\1.2Found and removed: SOFTWARE\JavaSoft\Java Web

    Start\1.2.0_01Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05Found and removed:

    Software\JavaSoft\Java2D\1.5.0_15Found and removed: Software\JavaSoft\Java2D\1.6.0Found and

    removed: Software\JavaSoft\Java2D\1.6.0_03Found and removed:

    Software\JavaSoft\Java2D\1.6.0_05Found and removed: Software\JavaSoft\Java Runtime

    Environment\1.6.0_05Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_15Found and removed:

    SOFTWARE\Classes\JavaPlugin.150_15Found and removed: SOFTWARE\JavaSoft\Java Runtime

    Environment\1.5.0_15Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution

    Units\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-

    0013-0001-0000-ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-

    ABCDEFFEDCBA}Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}Found and

    removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}Found and removed:

    Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}Found and removed:

    SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07Found and removed: SOFTWARE\JavaSoft\Java Runtime

    Environment\1.6.0_07Found and removed: SOFTWARE\Microsoft\Active Setup\Installed

    Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

    \Components\ACBB9B2318A96D117A58000B0D610007Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18

    \Products\8A0F842331866D117AB7000B0D610007Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}Found

    and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common

    Files\Java\Update\Base Images\jre1.5.0.b64\Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06

    \Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

    Files\Java\jre1.6.0_05\Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05

    \bin\Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program

    Files\Java\jre1.6.0_07\bin\Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common

    Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\Found and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common

    Files\Java\Update\Base Images\jre1.5.0.b64\core1.zipFound and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common

    Files\Java\Update\Base Images\jre1.5.0.b64\core2.zipFound and removed:

    SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common

    Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip

    ------------------------------------

    Finished reporting.

    Step 6
    Hijack This -  - Installer would not execute

    Karnac



      Specialist

      Thanked: 211
      Re: An unhandled win32 exception has occurred in xxx.exe
      « Reply #1 on: July 16, 2009, 07:16:37 AM »
      Try renaming the installation files to any other name and run them in safe mode....Did you follow Step#6 and rename HJT?


      Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

      harry 48



        Egghead

      • lay back , relax and chill out
      • Thanked: 129
        • Yes
        • Yes
        • Yes
        • Dribbling Pensioner
      • Certifications: List
      • Experience: Familiar
      • OS: Windows 7
      Re: An unhandled win32 exception has occurred in xxx.exe
      « Reply #2 on: July 16, 2009, 03:54:25 PM »
      Mbam   renamer


      Try the renamer download for Malwarbytes.

      http://kixhelp.com/wr/files/mb/randmbam.exe

      The randmbam.exe will try to create random names and shortcuts for Malwarebytes Anti Malware (MBAM) if you have it installed already.

      If it installs then use this link to download the updates.

      Download Malwarebytes' Anti-Malware Database - GT500.org

      Just download it to the desktop and run the exe then run Malwarebytes


      harry

      friday

        Topic Starter


        Greenhorn

        Re: An unhandled win32 exception has occurred in xxx.exe
        « Reply #3 on: July 16, 2009, 05:42:55 PM »
        Jeese...why didn't I get that idea.

        After renaming I am able to install all files. I will complete all steps and get back to you with logs.

        Thanks a ton Karnac!

        Thank you harry 48!

        Regards,

        Friday

        friday

          Topic Starter


          Greenhorn

          Re: An unhandled win32 exception has occurred in xxx.exe
          « Reply #4 on: July 17, 2009, 09:05:35 PM »
          Hi Karnac,

          Step A: Not Applicable

          Step 1: Not Applicable

          Step 2: Done!

          Step 3: SAS - Log attached.

          Step 4: MBAM - Log attached.

          Step 5: Done!

          Step 6: HJT - Log attached.

          Please let me know if I need to do anything else.

          Regards,

          Fred

          [attachment deleted by admin]

          Karnac



            Specialist

            Thanked: 211
            Re: An unhandled win32 exception has occurred in xxx.exe
            « Reply #5 on: July 18, 2009, 08:31:10 AM »
            Sit tight , wait for Evilfantasy or kpac......


            Never argue with a stupid person, they'll drag you down to their level and beat you with experience.

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 489
            • Experience: Familiar
            • OS: Windows 10
            Re: An unhandled win32 exception has occurred in xxx.exe
            « Reply #6 on: July 18, 2009, 05:22:42 PM »
            Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

            Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

            * XP users Double click on dds to run it.
            * If your antivirus or firewall try to block DDS then please allow it to run.
            * When finished DDS will open two (2) logs.

            1) DDS.txt
            2) Attach.txt

            * Save both logs to your desktop.
            * Please copy and paste the entire contents of both logs in your next reply.

            Note: DDS will instruct you to post the Attach.txt log as an attachment.
            Please just post it as you would any other log by copy and pasting it into the reply.

            friday

              Topic Starter


              Greenhorn

              Re: An unhandled win32 exception has occurred in xxx.exe
              « Reply #7 on: July 19, 2009, 08:36:42 AM »
              Hi evilfantasy,

              Please find both DDS.txt and Attach.txt logs below -

              ============= DDS.txt File Content ===============

              DDS (Ver_09-06-26.01) - NTFSx86 
              Run by Friedey at 10:26:02.56 on Sun 07/19/2009
              Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
              Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2038.1370 [GMT -4:00]

              AV: McAfee VirusScan *On-access scanning enabled* (Updated)   {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
              FW: McAfee Personal Firewall *enabled*   {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

              ============== Running Processes ===============

              C:\WINDOWS\system32\svchost -k DcomLaunch
              svchost.exe
              C:\WINDOWS\System32\svchost.exe -k netsvcs
              svchost.exe
              svchost.exe
              C:\WINDOWS\System32\WLTRYSVC.EXE
              C:\WINDOWS\System32\bcmwltry.exe
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\system32\inetsrv\inetinfo.exe
              C:\Program Files\Java\jre6\bin\jqs.exe
              C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
              C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
              C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
              c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
              c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
              C:\Program Files\McAfee\MSK\MskSrver.exe
              C:\WINDOWS\system32\IoctlSvc.exe
              C:\Program Files\Print Distributor 4\pd3service.exe
              C:\WINDOWS\system32\svchost.exe -k imgsvc
              C:\WINDOWS\system32\tlntsvr.exe
              C:\Program Files\McAfee\MPF\MPFSrv.exe
              C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
              c:\PROGRA~1\mcafee.com\agent\mcagent.exe
              C:\WINDOWS\system32\ctfmon.exe
              C:\WINDOWS\Explorer.EXE
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\WINDOWS\system32\igfxpers.exe
              C:\WINDOWS\OEM02Mon.exe
              C:\WINDOWS\system32\igfxsrvc.exe
              C:\WINDOWS\system32\WLTRAY.exe
              C:\WINDOWS\stsystra.exe
              C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
              C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
              C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
              C:\Program Files\Dell\MediaDirect\PCMService.exe
              C:\Program Files\Java\jre6\bin\jusched.exe
              C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
              C:\Program Files\Common Files\Real\Update_OB\realsched.exe
              C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
              C:\WINDOWS\system32\LVCOMSX.EXE
              C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
              C:\Program Files\Logitech\QuickCam\Quickcam.exe
              C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
              C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
              C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
              C:\Program Files\McAfee\MBK\MBackMonitor.exe
              C:\Program Files\Mozilla Firefox\firefox.exe
              C:\WINDOWS\system32\NOTEPAD.EXE
              C:\Documents and Settings\Friedey\Desktop\dds.pif

              ============== Pseudo HJT Report ===============

              uStart Page = about:blank
              uSearchURL,(Default) = hxxp://ca.search.yahoo.com/search?fr=mcafee&p=%s
              BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
              BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
              BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
              BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
              BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
              BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
              BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
              BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
              BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
              TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
              uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
              uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
              uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
              mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
              mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
              mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
              mRun: [Persistence] c:\windows\system32\igfxpers.exe
              mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
              mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
              mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
              mRun: [SigmatelSysTrayApp] stsystra.exe
              mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
              mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
              mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
              mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
              mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
              mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
              mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
              mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
              mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
              mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
              mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
              mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
              mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
              mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
              mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
              mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
              mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
              mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
              mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
              mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
              mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
              mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
              mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
              mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
              mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe"
              dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
              StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
              StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe
              StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{14fcfe7c-ab86-428a-9d2e-bfb6f5a7aa6e}\Icon3E5562ED7.ico
              IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
              IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
              IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
              IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
              IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
              IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
              TCP: {3A83FA37-BB81-4009-9EA4-3E9A4E328A8F} = 192.168.1.4
              Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
              Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
              Notify: igfxcui - igfxdev.dll
              Notify: PCANotify - PCANotify.dll
              SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

              ================= FIREFOX ===================

              FF - ProfilePath - c:\docume~1\friedey\applic~1\mozilla\firefox\profiles\n0hewecp.default\
              FF - prefs.js: browser.search.selectedEngine - Yahoo Search
              FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
              FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
              FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
              FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
              FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
              FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
              FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
              FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

              ---- FIREFOX POLICIES ----
              FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

              ============= SERVICES / DRIVERS ===============

              R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2005-11-21 11008]
              R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-11-17 11165]
              R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-20 214024]
              R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
              R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
              R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-20 210216]
              R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-20 359952]
              R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-20 144704]
              R2 Print Distributor 4;Print Distributor 4;c:\program files\print distributor 4\pd3service.exe [2009-5-11 860920]
              R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-20 606736]
              R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-5-16 79880]
              R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-5-16 35272]
              R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-5-16 40552]
              R3 NsSmrCap;NsSmrCap;c:\windows\system32\drivers\NsSmrCap.sys [2008-4-23 26624]
              R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-3-6 235520]
              R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-3-6 7424]
              S2 gupdate1c9867475d96ba2;Google Update Service (gupdate1c9867475d96ba2);c:\program files\google\update\GoogleUpdate.exe [2009-2-3 133104]
              S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-5-16 34216]
              S3 MySQL5;MySQL5;"c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql5 --> c:\program files\mysql\mysql server 5.0\bin\mysqld-nt [?]
              S3 OracleDBConsolemes;OracleDBConsolemes;c:\app\friedey\product\11.1.0\db_1\bin\nmesrvc.exe [2008-3-16 25600]
              S3 OracleOraDb11g_home1TNSListener;OracleOraDb11g_home1TNSListener;c:\app\friedey\product\11.1.0\db_1\bin\tnslsnr  --> c:\app\friedey\product\11.1.0\db_1\bin\TNSLSNR  [?]
              S3 OracleServiceMES;OracleServiceMES;c:\app\friedey\product\11.1.0\db_1\bin\oracle.exe mes --> c:\app\friedey\product\11.1.0\db_1\bin\ORACLE.EXE MES [?]
              S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
              S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
              S4 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2008-1-18 24635]
              S4 awhost32;Symantec pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2006-2-14 106496]
              S4 Eyelit_Factory_Connect;Eyelit Factory Connect;c:\eyelit\eyelitfc\factoryconnect\startfc.exe -zglaxservice eyelit_factory_connect --> c:\eyelit\eyelitfc\factoryconnect\StartFC.exe -zglaxservice Eyelit_Factory_Connect [?]
              S4 OracleJobSchedulerMES;OracleJobSchedulerMES;c:\app\friedey\product\11.1.0\db_1\bin\extjob.exe mes --> c:\app\friedey\product\11.1.0\db_1\bin\extjob.exe MES [?]

              =============== Created Last 30 ================

              2009-07-19 10:23   <DIR>   --d-h---   c:\windows\PIF
              2009-07-18 00:09   203,136   --------   c:\windows\system32\dllcache\rmcast.sys
              2009-07-18 00:09   455,296   --------   c:\windows\system32\dllcache\mrxsmb.sys
              2009-07-18 00:09   333,952   --------   c:\windows\system32\dllcache\srv.sys
              2009-07-18 00:09   691,712   --------   c:\windows\system32\dllcache\inetcomm.dll
              2009-07-18 00:09   337,408   --------   c:\windows\system32\dllcache\netapi32.dll
              2009-07-17 23:33   <DIR>   --d-----   c:\windows\system32\scripting
              2009-07-17 23:33   <DIR>   --d-----   c:\windows\l2schemas
              2009-07-17 23:33   <DIR>   --d-----   c:\windows\system32\en
              2009-07-17 23:33   <DIR>   --d-----   c:\windows\system32\bits
              2009-07-17 23:30   <DIR>   --d-----   c:\windows\ServicePackFiles
              2009-07-17 22:17   <DIR>   --d-----   c:\docume~1\friedey\applic~1\Malwarebytes
              2009-07-16 19:17   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
              2009-07-16 16:52   <DIR>   --d-----   c:\windows\system32\dllcache\cache
              2009-07-16 16:06   219,648   a-------   c:\windows\PEV.exe
              2009-07-16 16:06   161,792   a-------   c:\windows\SWREG.exe
              2009-07-16 16:06   98,816   a-------   c:\windows\sed.exe
              2009-07-16 15:20   38,160   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
              2009-07-16 15:20   19,096   a-------   c:\windows\system32\drivers\mbam.sys
              2009-07-16 15:20   <DIR>   --d-----   c:\docume~1\alluse~1\applic~1\Malwarebytes
              2009-07-16 15:20   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
              2009-07-16 15:19   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
              2009-07-16 15:19   <DIR>   --d-----   c:\docume~1\friedey\applic~1\SUPERAntiSpyware.com
              2009-07-16 01:52   <DIR>   --d-----   c:\windows\ERUNT
              2009-07-16 01:40   <DIR>   --d-----   C:\SDFix
              2009-07-16 01:01   <DIR>   --d-----   c:\program files\Sun
              2009-07-16 00:49   <DIR>   --d-----   c:\documents and settings\friedey\.SunDownloadManager
              2009-07-15 23:02   <DIR>   --d-----   c:\program files\CCleaner
              2009-07-15 11:13   3,248   a-------   c:\windows\system32\wbem\Outlook_01ca055ec2d84ae0.mof

              ==================== Find3M  ====================

              2009-07-17 23:38   87,643   a-------   c:\windows\pchealth\helpctr\offlinecache\index.dat
              2009-07-16 00:59   410,984   a-------   c:\windows\system32\deploytk.dll
              2009-07-03 17:01   1,890   a-------   c:\docume~1\friedey\applic~1\wklnhst.dat
              2009-06-16 10:36   119,808   a-------   c:\windows\system32\t2embed.dll
              2009-06-16 10:36   81,920   a-------   c:\windows\system32\fontsub.dll
              2009-06-16 10:36   119,808   --------   c:\windows\system32\dllcache\t2embed.dll
              2009-06-16 10:36   81,920   --------   c:\windows\system32\dllcache\fontsub.dll
              2009-06-03 15:09   1,291,264   a-------   c:\windows\system32\quartz.dll
              2009-06-03 15:09   1,291,264   --------   c:\windows\system32\dllcache\quartz.dll
              2009-05-25 13:19   170,454   a-------   c:\windows\hpqins00.dat
              2009-05-21 14:46   268,288   --------   c:\windows\system32\dllcache\httpext.dll
              2009-05-07 11:32   345,600   a-------   c:\windows\system32\localspl.dll
              2009-05-07 11:32   345,600   --------   c:\windows\system32\dllcache\localspl.dll
              2009-04-29 00:56   827,392   a-------   c:\windows\system32\wininet.dll
              2009-04-29 00:56   827,392   --------   c:\windows\system32\dllcache\wininet.dll
              2009-04-29 00:56   233,472   --------   c:\windows\system32\dllcache\webcheck.dll
              2009-04-29 00:56   1,159,680   --------   c:\windows\system32\dllcache\urlmon.dll
              2009-04-29 00:56   671,232   --------   c:\windows\system32\dllcache\mstime.dll
              2009-04-29 00:56   105,984   --------   c:\windows\system32\dllcache\url.dll
              2009-04-29 00:56   102,912   --------   c:\windows\system32\dllcache\occache.dll
              2009-04-29 00:56   44,544   --------   c:\windows\system32\dllcache\pngfilt.dll
              2009-04-29 00:56   3,596,288   --------   c:\windows\system32\dllcache\mshtml.dll
              2009-04-29 00:56   477,696   --------   c:\windows\system32\dllcache\mshtmled.dll
              2009-04-29 00:56   193,024   --------   c:\windows\system32\dllcache\msrating.dll
              2009-04-28 05:05   70,656   --------   c:\windows\system32\dllcache\ie4uinit.exe
              2009-04-28 05:05   13,824   --------   c:\windows\system32\dllcache\ieudinit.exe
              2009-04-25 01:27   636,088   --------   c:\windows\system32\dllcache\iexplore.exe
              2009-04-25 01:26   161,792   --------   c:\windows\system32\dllcache\ieakui.dll
              2008-03-06 03:41   76   -c-shr--   c:\windows\CT4CET.bin

              ============= FINISH: 10:26:52.79 ===============

              ============= Attach.txt File Content ===============


              UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
              IF REQUESTED, ZIP IT UP & ATTACH IT

              DDS (Ver_09-06-26.01)

              Microsoft Windows XP Professional
              Boot Device: \Device\HarddiskVolume2
              Install Date: 3/12/2008 7:31:50 PM
              System Uptime: 7/19/2009 7:01:53 AM (3 hours ago)

              Motherboard: Dell Inc. |  | 0KY767
              Processor: Intel(R) Pentium(R) Dual  CPU  T2330  @ 1.60GHz | Microprocessor | 1595/133mhz

              ==== Disk Partitions =========================

              C: is FIXED (NTFS) - 143 GiB total, 18.105 GiB free.
              D: is CDROM ()
              E: is CDROM ()

              ==== Disabled Device Manager Items =============

              Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
              Description: Microsoft Loopback Adapter
              Device ID: ROOT\NET\0000
              Manufacturer: Microsoft
              Name: Microsoft Loopback Adapter
              PNP Device ID: ROOT\NET\0000
              Service: msloop

              Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
              Description: Cisco Systems VPN Adapter
              Device ID: ROOT\NET\0001
              Manufacturer: Cisco Systems
              Name: Cisco Systems VPN Adapter
              PNP Device ID: ROOT\NET\0001
              Service: CVirtA

              ==== System Restore Points ===================

              RP334: 7/12/2009 8:16:47 PM - System Checkpoint
              RP335: 7/12/2009 8:16:47 PM - System Checkpoint
              RP336: 7/12/2009 8:16:47 PM - System Checkpoint
              RP337: 7/12/2009 8:16:48 PM - System Checkpoint
              RP338: 7/12/2009 8:16:49 PM - System Checkpoint
              RP339: 7/12/2009 8:16:49 PM - System Checkpoint
              RP340: 7/12/2009 8:16:50 PM - System Checkpoint
              RP341: 7/12/2009 8:16:50 PM - System Checkpoint
              RP342: 7/12/2009 8:16:51 PM - System Checkpoint
              RP343: 7/12/2009 8:16:51 PM - System Checkpoint
              RP344: 7/12/2009 8:16:52 PM - System Checkpoint
              RP345: 7/12/2009 8:16:53 PM - System Checkpoint
              RP346: 7/12/2009 8:16:53 PM - System Checkpoint
              RP347: 7/12/2009 8:16:54 PM - System Checkpoint
              RP348: 7/12/2009 8:16:55 PM - Installed 32 Bit HP CIO Components Installer
              RP349: 7/12/2009 8:16:57 PM - Removed 32 Bit HP CIO Components Installer
              RP350: 7/12/2009 8:17:01 PM - System Checkpoint
              RP351: 7/12/2009 8:17:03 PM - System Checkpoint
              RP352: 7/12/2009 8:17:04 PM - System Checkpoint
              RP353: 7/12/2009 8:17:04 PM - System Checkpoint
              RP354: 7/12/2009 8:17:05 PM - System Checkpoint
              RP355: 7/12/2009 8:17:05 PM - System Checkpoint
              RP356: 7/12/2009 8:17:06 PM - System Checkpoint
              RP357: 7/12/2009 8:17:07 PM - System Checkpoint
              RP358: 7/12/2009 8:17:09 PM - System Checkpoint
              RP359: 7/12/2009 8:17:11 PM - System Checkpoint
              RP360: 7/12/2009 8:17:13 PM - System Checkpoint
              RP361: 7/12/2009 8:17:14 PM - System Checkpoint
              RP362: 7/12/2009 8:17:16 PM - System Checkpoint
              RP363: 7/12/2009 8:17:20 PM - System Checkpoint
              RP364: 7/12/2009 8:17:24 PM - System Checkpoint
              RP365: 7/12/2009 8:17:26 PM - System Checkpoint
              RP366: 7/12/2009 8:17:26 PM - System Checkpoint
              RP367: 7/12/2009 8:17:27 PM - System Checkpoint
              RP368: 7/12/2009 8:17:29 PM - System Checkpoint
              RP369: 7/12/2009 8:17:30 PM - System Checkpoint
              RP370: 7/12/2009 8:17:30 PM - System Checkpoint
              RP371: 7/12/2009 8:17:31 PM - System Checkpoint
              RP372: 7/12/2009 8:17:31 PM - System Checkpoint
              RP373: 7/12/2009 8:17:32 PM - System Checkpoint
              RP374: 7/12/2009 8:17:32 PM - System Checkpoint
              RP375: 7/12/2009 8:17:32 PM - System Checkpoint
              RP376: 7/12/2009 8:17:33 PM - System Checkpoint
              RP377: 7/12/2009 8:17:34 PM - Installed Windows Media Player 10
              RP378: 7/12/2009 8:17:35 PM - Software Distribution Service 3.0
              RP379: 7/12/2009 8:17:41 PM - System Checkpoint
              RP380: 7/12/2009 8:17:43 PM - System Checkpoint
              RP381: 7/12/2009 8:17:44 PM - System Checkpoint
              RP382: 7/12/2009 8:17:45 PM - System Checkpoint
              RP383: 7/12/2009 8:17:46 PM - System Checkpoint
              RP384: 7/12/2009 8:17:46 PM - System Checkpoint
              RP385: 7/12/2009 8:17:47 PM - System Checkpoint
              RP386: 7/12/2009 8:17:49 PM - System Checkpoint
              RP387: 7/12/2009 8:17:49 PM - System Checkpoint
              RP388: 7/12/2009 8:17:50 PM - Software Distribution Service 3.0
              RP389: 7/12/2009 8:17:51 PM - System Checkpoint
              RP390: 7/12/2009 8:17:51 PM - System Checkpoint
              RP391: 7/12/2009 8:17:51 PM - System Checkpoint
              RP392: 7/12/2009 8:17:52 PM - System Checkpoint
              RP393: 7/12/2009 8:17:52 PM - System Checkpoint
              RP394: 7/12/2009 8:17:52 PM - System Checkpoint
              RP395: 7/12/2009 8:17:53 PM - System Checkpoint
              RP396: 7/12/2009 8:17:53 PM - System Checkpoint
              RP397: 7/12/2009 8:17:54 PM - System Checkpoint
              RP398: 7/12/2009 8:17:56 PM - System Checkpoint
              RP399: 7/12/2009 8:17:56 PM - System Checkpoint
              RP400: 7/12/2009 8:17:56 PM - System Checkpoint
              RP401: 7/12/2009 8:17:57 PM - System Checkpoint
              RP402: 7/12/2009 8:17:57 PM - System Checkpoint
              RP403: 7/12/2009 8:17:58 PM - System Checkpoint
              RP404: 7/12/2009 8:17:58 PM - System Checkpoint
              RP405: 7/12/2009 8:17:59 PM - System Checkpoint
              RP406: 7/17/2009 12:39:36 AM - Software Distribution Service 3.0
              RP407: 7/17/2009 9:20:04 AM - Installed Windows XP WgaNotify.
              RP408: 7/17/2009 11:12:28 PM - Software Distribution Service 3.0
              RP409: 7/18/2009 3:00:29 AM - Software Distribution Service 3.0
              RP410: 7/19/2009 3:00:23 AM - Software Distribution Service 3.0

              ==== Installed Programs ======================

              32 Bit HP CIO Components Installer
              Acrobat.com
              Adobe AIR
              Adobe Flash Player 10 Plugin
              Adobe Flash Player ActiveX
              Adobe Reader 9.1.2
              AIO_Scan
              Apache HTTP Server 2.2.8
              Asset Management 5.0 Integration
              Asset Management Modeler
              Broadcom Management Programs
              BufferChm
              CAPA 2.0 Integration
              Cards_Calendar_OrderGift_DoMorePlugout
              CCleaner (remove only)
              Cisco Systems VPN Client 5.0.01.0600
              Conexant HDA D330 MDC V.92 Modem
              Copy
              CustomerResearchQFolder
              Dell DataSafe Online
              Dell Support Center (Support Software)
              Dell System Restore
              Dell Touchpad
              Dell Webcam Center
              Dell Webcam Manager
              Dell Wireless WLAN Card
              Destination Component
              DeviceDiscovery
              DeviceManagementQFolder
              DivX Web Player
              DJ_AIO_ProductContext
              DJ_AIO_Software
              DJ_AIO_Software_min
              Documentation & Support Launcher
              DreamCoder for Oracle  2.5
              DScaler 5 Mpeg Decoders
              eSupportQFolder
              eyelit CAPA 2.0 Modeler
              eyelit CAPA 2.0 Operator
              eyelit CAPA Modeler
              eyelit CAPA Operator
              eyelit MES 3.0 - Control Centre
              eyelit MES 3.0 - Modeler
              eyelit MES 3.0 - Operator
              eyelit MES 3.0 - Proxy
              eyelit MES 4.0 BASE
              eyelit MES 4.0 Modeler
              eyelit MES 4.0 Operator
              EyelitFC Control Center
              F4100
              F4100_doccd
              F4100_Help
              Factory Connect 4.5
              ffdshow [rev 1685] [2007-12-06]
              Games, Music, & Photos Launcher
              Google Chrome
              Google Earth
              Google Update Helper
              Google Updater
              Haali Media Splitter
              HeidiSQL 3.2
              HijackThis 2.0.2
              Hotfix for Windows Internet Explorer 7 (KB947864)
              HP Customer Participation Program 9.0
              HP Deskjet All-In-One Software 9.0
              HP Imaging Device Functions 9.0
              HP Photosmart Essential 2.5
              HP Photosmart Essential 3.0
              HP Product Assistant
              HP Smart Web Printing
              HP Solution Center 9.0
              HP Update
              HPPhotoSmartPhotobookWebPack1
              HPProductAssistant
              HPSSupply
              Intel(R) Graphics Media Accelerator Driver
              Internet Service Offers Launcher
              J2SE Development Kit 5.0 Update 15
              J2SE Runtime Environment 5.0 Update 15
              Java DB 10.4.2.1
              Java(TM) 6 Update 14
              Java(TM) SE Development Kit 6 Update 14
              Java(TM) SE Development Kit 6 Update 5
              Laptop Integrated Webcam Driver (1.03.02.0719) 
              Live! Cam Avatar Creator
              Live! Cam Avatar v1.0
              LiveReg (Symantec Corporation)
              LiveUpdate 3.0 (Symantec Corporation)
              Logitech QuickCam
              Logitech® Camera Driver
              Malwarebytes' Anti-Malware
              MarketResearch
              McAfee SecurityCenter
              MediaDirect
              MES Modeler
              Microsoft .NET Framework 1.1
              Microsoft .NET Framework 1.1 Hotfix (KB928366)
              Microsoft .NET Framework 2.0 Service Pack 1
              Microsoft Internationalized Domain Names Mitigation APIs
              Microsoft National Language Support Downlevel APIs
              Microsoft Office PowerPoint Viewer 2007 (English)
              Microsoft Office Professional Edition 2003
              Microsoft Plus! Digital Media Edition Installer
              Microsoft Works
              Modem Diagnostic Tool
              Mozilla Firefox (3.0.10)
              MSXML 4.0 SP2 (KB936181)
              MSXML 4.0 SP2 (KB954430)
              MySQL Server 5.0
              Nero 8
              neroxml
              NetWaiting
              Network Recording Player
              OpenSource Flash Video Splitter (remove only)
              Operator Station 3.0 Development Edition
              OutlookAddinSetup
              Presto! WMS2.5
              Print Distributor 4
              Print Distributor 4 DEP Fix
              PSSWCORE
              QuickSet
              RealMedia (remove only)
              RealPlayer
              Rediff Bol
              Rediff Toolbar
              Roxio Creator Audio
              Roxio Creator BDAV Plugin
              Roxio Creator Copy
              Roxio Creator Data
              Roxio Creator DE
              Roxio Creator Tools
              Roxio Drag-to-Disc
              Roxio Express Labeler
              Roxio MyDVD DE
              Roxio Update Manager
              Scan
              Security Update for CAPICOM (KB931906)
              Security Update for Windows Internet Explorer 7 (KB938127)
              Security Update for Windows Internet Explorer 7 (KB942615)
              Security Update for Windows Internet Explorer 7 (KB944533)
              Security Update for Windows Internet Explorer 7 (KB950759)
              Security Update for Windows Internet Explorer 7 (KB953838)
              Security Update for Windows Internet Explorer 7 (KB956390)
              Security Update for Windows Internet Explorer 7 (KB961260)
              Security Update for Windows Internet Explorer 7 (KB963027)
              Security Update for Windows Internet Explorer 7 (KB969897)
              Security Update for Windows XP (KB923561)
              Security Update for Windows XP (KB938464-v2)
              Security Update for Windows XP (KB954459)
              SolutionCenter
              Sonic Activation Module
              Status
              SUPERAntiSpyware Free Edition
              Supervisor Station 3.0 Development Edition
              Symantec pcAnywhere
              Toolbox
              TrayApp
              TuneUp Utilities 2008
              UnloadSupport
              Update for Windows XP (KB951978)
              VC80CRTRedist - 8.0.50727.762
              VideoToolkit01
              Visual Defrag 2007
              WebEx
              WebEx PCNow
              WebFldrs XP
              WebReg
              Windows Internet Explorer 7
              Windows Media Format Runtime
              Windows Media Player 10
              Windows XP Service Pack 3
              WinRAR archiver
              WinSCP 4.0.3
              Yahoo! Messenger

              ==== Event Viewer Messages From Past Week ========

              7/17/2009 12:44:25 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
              7/16/2009 6:24:42 PM, error: Dhcp [1002]  - The IP address lease 192.168.100.105 for the Network Card with network address 001F3A5D3981 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
              7/16/2009 4:31:32 PM, error: Service Control Manager [7034]  - The McAfee Proxy Service service terminated unexpectedly.  It has done this 3 time(s).
              7/16/2009 4:30:07 PM, error: Service Control Manager [7031]  - The McAfee Proxy Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
              7/16/2009 4:20:26 PM, error: Service Control Manager [7023]  - The Automatic Updates service terminated with the following error:  The specified module could not be found.
              7/16/2009 4:10:20 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
              7/16/2009 4:05:59 PM, error: Service Control Manager [7034]  - The McAfee Services service terminated unexpectedly.  It has done this 3 time(s).
              7/16/2009 4:05:59 PM, error: Service Control Manager [7034]  - The McAfee Network Agent service terminated unexpectedly.  It has done this 3 time(s).
              7/16/2009 4:05:59 PM, error: Service Control Manager [7031]  - The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 4 time(s).  The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
              7/16/2009 4:05:10 PM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the McAfee Services service, but this action failed with the following error:  An instance of the service is already running.
              7/16/2009 4:04:10 PM, error: Service Control Manager [7031]  - The McAfee Services service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
              7/16/2009 4:03:57 PM, error: Service Control Manager [7031]  - The McAfee Network Agent service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
              7/16/2009 4:03:54 PM, error: Service Control Manager [7034]  - The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).
              7/16/2009 4:03:20 PM, error: Service Control Manager [7031]  - The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 3 time(s).  The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
              7/16/2009 3:52:57 PM, error: Service Control Manager [7034]  - The Process Monitor service terminated unexpectedly.  It has done this 1 time(s).
              7/16/2009 3:52:40 PM, error: Service Control Manager [7031]  - The McAfee Network Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
              7/16/2009 3:52:39 PM, error: Service Control Manager [7034]  - The McAfee Anti-Spam Service service terminated unexpectedly.  It has done this 1 time(s).
              7/16/2009 3:52:39 PM, error: Service Control Manager [7031]  - The McAfee Proxy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
              7/16/2009 3:52:39 PM, error: Service Control Manager [7031]  - The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
              7/16/2009 3:25:40 AM, error: Service Control Manager [7031]  - The McAfee Personal Firewall Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Run the configured recovery program.
              7/16/2009 2:53:00 PM, error: Service Control Manager [7034]  - The McAfee Scanner service terminated unexpectedly.  It has done this 5 time(s).
              7/16/2009 12:32:59 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service McMSCSvc with arguments "" in order to run the server: {DDA1154C-204B-41D7-BFE7-7907C6BA9D56}
              7/16/2009 12:32:53 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service McMSCSvc with arguments "" in order to run the server: {398E2E68-BFDA-4834-B971-3CB8EC3C7219}
              7/16/2009 12:31:52 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service McMSCSvc with arguments "" in order to run the server: {03082469-BA75-44A5-89CB-D187F313E572}
              7/16/2009 12:31:46 AM, error: Service Control Manager [7022]  - The McAfee Real-time Scanner service hung on starting.
              7/16/2009 12:30:01 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
              7/16/2009 12:26:12 AM, error: Service Control Manager [7034]  - The McAfee Real-time Scanner service terminated unexpectedly.  It has done this 3 time(s).
              7/16/2009 12:24:23 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
              7/16/2009 12:23:22 AM, error: Service Control Manager [7031]  - The McAfee Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
              7/16/2009 12:15:46 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service LVCOMSer with arguments "" in order to run the server: {C08D6B1B-6044-4469-ADC6-B0E1ECCB9AE8}
              7/16/2009 12:15:17 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service NMIndexingService with arguments "" in order to run the server: {E8933C4B-2C90-4A04-A677-E958D9509F1A}
              7/16/2009 12:15:14 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service hpqcxs08 with arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}
              7/16/2009 12:14:13 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate1c9867475d96ba2) service to connect.
              7/16/2009 12:14:13 AM, error: Service Control Manager [7000]  - The Google Update Service (gupdate1c9867475d96ba2) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
              7/16/2009 11:44:01 AM, error: Dhcp [1002]  - The IP address lease 192.168.100.122 for the Network Card with network address 001F3A5D3981 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
              7/16/2009 11:43:30 AM, error: Dhcp [1002]  - The IP address lease 192.168.100.133 for the Network Card with network address 001D09BFE15C has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
              7/16/2009 1:51:09 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service McNASvc with arguments "" in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
              7/16/2009 1:51:03 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
              7/16/2009 1:50:27 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
              7/16/2009 1:50:05 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD APPDRV awlegacy AW_HOST Fips intelppm IPSec mfehidk MPFP MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
              7/16/2009 1:50:05 AM, error: Service Control Manager [7001]  - The World Wide Web Publishing service depends on the IIS Admin service which failed to start because of the following error:  The dependency service or group failed to start.
              7/16/2009 1:50:05 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
              7/16/2009 1:50:05 AM, error: Service Control Manager [7001]  - The Simple Mail Transfer Protocol (SMTP) service depends on the IIS Admin service which failed to start because of the following error:  The dependency service or group failed to start.
              7/16/2009 1:50:05 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
              7/16/2009 1:50:05 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
              7/16/2009 1:50:05 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
              7/16/2009 1:49:41 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
              7/15/2009 9:16:39 AM, error: Dhcp [1002]  - The IP address lease 192.168.0.170 for the Network Card with network address 001F3A5D3981 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
              7/15/2009 7:09:37 PM, error: Dhcp [1002]  - The IP address lease 192.168.100.122 for the Network Card with network address 001F3A5D3981 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
              7/15/2009 6:06:42 PM, error: NetDDE [206]  - Listen failed: 23: The ncb_lana_num member did not specify a valid network number.
              7/15/2009 4:55:50 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Print Distributor 4 service to connect.
              7/15/2009 4:55:50 PM, error: Service Control Manager [7000]  - The Print Distributor 4 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
              7/15/2009 12:47:51 PM, error: NetBT [4319]  - A duplicate name has been detected on the TCP network.  The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
              7/15/2009 10:32:41 PM, error: Service Control Manager [7034]  - The McAfee Scanner service terminated unexpectedly.  It has done this 1 time(s).
              7/13/2009 6:41:42 PM, error: ipnathlp [32003]  - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
              7/13/2009 12:30:23 AM, error: Service Control Manager [7034]  - The McAfee Scanner service terminated unexpectedly.  It has done this 4 time(s).
              7/12/2009 8:37:32 PM, error: Service Control Manager [7034]  - The McAfee Scanner service terminated unexpectedly.  It has done this 3 time(s).
              7/12/2009 8:36:32 PM, error: Service Control Manager [7034]  - The McAfee Scanner service terminated unexpectedly.  It has done this 2 time(s).
              7/12/2009 8:33:52 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the MBackMonitor service to connect.
              7/12/2009 8:33:52 PM, error: Service Control Manager [7000]  - The MBackMonitor service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
              7/12/2009 8:16:14 PM, error: Service Control Manager [7031]  - The McAfee Real-time Scanner service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
              7/12/2009 8:09:39 PM, error: Service Control Manager [7031]  - The McAfee Real-time Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

              ==== End Of File ===========================

              Regards,

              Friday

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 489
              • Experience: Familiar
              • OS: Windows 10
              Re: An unhandled win32 exception has occurred in xxx.exe
              « Reply #8 on: July 19, 2009, 10:17:19 AM »
              Your Java is out of date.

              Older versions have vulnerabilities that malicious sites can use to infect your system.

              First install the new Sun Java Runtime Environment

              Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

              Be sure to close all browser windows before beginning the install.

              Remove the old version(s)

              Download JavaRa
              * Unzip the file and open the JavaRa.exe
              * Click Remove Older Versions
              * JavaRa will search for and remove any outdated version of Java and remove any that are found.
              * Click Additional Tasks
              * Place a check next to Remove Useless JRE Files and click Go
              * Exit JavaRa
              * Delete the JavaRa files from the Desktop

              Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

              ----------

              Go to Add or Remove Programs and uninstall:

              • LiveReg (Symantec Corporation)
              • LiveUpdate 3.0 (Symantec Corporation)
              .
              ----------

              Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

              Link #1
              Link #2

              **Note:  It is important that it is saved directly to your Desktop

              DO NOT run it yet!

              Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

              Delete these files/folders, as follows:

              1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
              It must be Notepad, not Wordpad.
              2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

              Code: [Select]
              KillAll::

              DDS::
              uStart Page = about:blank


              3. Go to the Notepad window and click Edit > Paste
              4. Then click File > Save
              5. Name the file CFScript.txt - Save the file to your Desktop
              6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



              ComboFix will begin to execute, just follow the prompts.
              After reboot (in case it asks to reboot), it will produce a log for you.
              Post that log (Combofix.txt) in your next reply.

              Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

              friday

                Topic Starter


                Greenhorn

                Re: An unhandled win32 exception has occurred in xxx.exe
                « Reply #9 on: July 19, 2009, 11:04:27 PM »
                Hi Evilfantasy,

                Updated Java.
                Removed older version using JavaRa

                Uninstalled -

                    *  LiveReg (Symantec Corporation)
                    * LiveUpdate 3.0 (Symantec Corporation)

                Please find ComboFix.txt and JavaRa.log attached.

                Thank you.

                Regards,

                Friday

                [attachment deleted by admin]

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 489
                • Experience: Familiar
                • OS: Windows 10
                Re: An unhandled win32 exception has occurred in xxx.exe
                « Reply #10 on: July 19, 2009, 11:57:12 PM »
                Go to Start > Run and type notepad.exe then click OK

                Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

                Code: [Select]
                REGEDIT4

                [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

                [-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

                Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

                Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

                Delete the fixme.reg from the Desktop.

                ----------

                How is the computer running now?

                .

                friday

                  Topic Starter


                  Greenhorn

                  Re: An unhandled win32 exception has occurred in xxx.exe
                  « Reply #11 on: July 21, 2009, 06:17:33 PM »
                  Yes I got a success message.

                  Computer is running okay.

                  Thank you.

                  Is there anything else I should do?

                  evilfantasy

                  • Malware Removal Specialist
                  • Moderator


                  • Genius
                  • Calm like a bomb
                  • Thanked: 489
                  • Experience: Familiar
                  • OS: Windows 10
                  Re: An unhandled win32 exception has occurred in xxx.exe
                  « Reply #12 on: July 21, 2009, 06:21:17 PM »
                  Is there anything else I should do?

                  Just finish up if everything is OK now.

                  • Click START then RUN
                  • Now type Combofix /u in the runbox
                  • Make sure there's a space between Combofix and /u
                  • Then hit Enter.
                  .
                  .
                  The above procedure will:
                  • Delete: ComboFix and its associated files and folders.
                  • Reset the clock settings.
                  • Hide file extensions, if required.
                  • Hide System/Hidden files, if required.
                  • Set a new, clean Restore Point.
                  .
                  ----------

                  Use the Secunia Software Inspector to check for out of date software.
                  • Click Start Now
                  • Check the box next to Enable thorough system inspection.
                  • Click Start
                  • Allow the scan to finish and scroll down to see if any updates are needed.
                  • Update anything listed.
                  .
                  ----------

                  Go to Microsoft Windows Update and get all critical updates.

                  ----------

                  I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

                  SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
                  * Using SpywareBlaster to protect your computer from Spyware and Malware
                  * If you don't know what ActiveX controls are, see here

                  Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

                  Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

                  Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

                  friday

                    Topic Starter


                    Greenhorn

                    Re: An unhandled win32 exception has occurred in xxx.exe
                    « Reply #13 on: July 22, 2009, 06:53:46 PM »
                    I will go through your recommendations and take actions if required.

                    Thank you very much for all your help...evilfantasy, karnac and harry 48!

                    Regards,

                    Friday

                    evilfantasy

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Calm like a bomb
                    • Thanked: 489
                    • Experience: Familiar
                    • OS: Windows 10
                    Re: An unhandled win32 exception has occurred in xxx.exe
                    « Reply #14 on: July 22, 2009, 07:20:23 PM »
                    Your welcome.

                    --

                    I would also recommend that you Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware and contributing to the slowness.

                    You can use the built in Windows Defrag by clicking Start > Run and then type in dfrg.msc then click OK. Or use a faster FREE program. Defraggler is very effective and easy to use.

                    Note: Be sure to clean out temp files and restart the computer just before beginning a defrag.

                    friday

                      Topic Starter


                      Greenhorn

                      Re: An unhandled win32 exception has occurred in xxx.exe
                      « Reply #15 on: July 23, 2009, 07:20:41 PM »
                      Thank you once again Evilfantasy!

                      Regards,

                      Friday