Jump to content

ERROR: Program_error_updating (12029,0,WinhttpSendRequest)


Recommended Posts

Hi Gang --

My WinXP home (SP3) Dell vostro 200 desktop has been getting this error for months (and won't update other programs, some AV, some like Skype, Firefox, Tweetdeck, Adobe, etc.), but after weeks of research and scans and tests and experts over at BleepingComputer -- all showing me clean and uninfected -- I'm coming back here because the MAMB program was the first to have the problem.

I'm computer savvy, use Windows Firewall & MSE (only), the Windows auto Updates work fine, IE8 (ugh!) works fine (other browsers have failed),and my AV program is up to date... I have read a ton, plus run every scan/test/cleaner you can name, but FYI --

I have already excluded all MAMB processes and files from MSE; ditto the 2 drivers;

I have used MAMB successfully for years until this fall;

my IE internet / connection settings don't have the "auto detect" or the "proxy" selected;

I've flushed my DNS (I use OpenDNS over a wireless connection to the wired cable router in the next room) and reset the router to its default (a huge hassle, believe me) --

and I have plenty of net access... just get "cannot connect" type errors when I try to update MAMB (or Kindle for PC, or Chrome, or the others I listed) -- but your error is the clearest and was the first --

I have been able to manually download and install some AV rules updates while running all the scans with Gringo_pr (aka bleeping_gringo) over at BleepingComputer, but he finally ran out of ideas when he proved it wasn't malware/rootkit/spyware/trojan, etc., and thinks it's a Port issue...

Your forum seemed to have a lot of this issue (I've read as many as I could find), but I don't want to follow instructions for someone else's computer --

Please advise --

Thanks~!

~Grateful Gal

Link to post
Share on other sites

Dang, I wish there was an EDIT button --

ADDENDUM: Shoulda added that I already did the full uninstall/fresh download of mbam-clean.exe -- no go.

Let me think before I post... all the logs of all the tests/scans are at http://www.bleepingcomputer.com/forums/topic365958.html if you're interested, but I'll run them all again for you if I need to -- I'd just love it if it were something no one has thought of yet, since I've been through the normal solutions...

Thanks!

Link to post
Share on other sites

Grateful Gal,

What Firewall are you using?

Please Exclude mbam.exe in your Firewall Settings.

Thank you

Gee, Grant -- I didn't get a notice that you'd replied and I was wondering -- thanks, but as I said in my original post, my Firewall is the Windows Firewall (it came with WinXP home) -- and: "I have already excluded all MAMB processes and files from MSE; ditto the 2 drivers."

I'm sorry if my OP and addendums somehow weren't clear in pre-answering your questions -- anything else you can suggest? Did the tests you had me run tell you anything? Please let me know --

Hopefully yours,

Grateful Gal

PS: How do I get an email when a reply is made here? I have my setting tracking this topic, with email notification, but I only get an alert when a PM is sent... please advise, thanks.

Link to post
Share on other sites

One test was to see if you had a good connection to update, the other was to see if you had a proxy set up.

It seems although, something is blocking it.

Please download DDS from the link below and save it to your desktop:

http://download.bleepingcomputer.com/sUBs/dds.scr

  • Disable any security software before running
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan
  • Save both reports to your desktop using notepad.

Please attach the contents of the following file in your next reply:

DDS.txt

Thank you very much.

Link to post
Share on other sites

Thanks -- here's the DDS.txt paste --

you'll find the ATTACH.zip attached --

(NOTE #1: I replaced my "name" with "me" in the 5 or 6 instances it showed in the report.)

(NOTE #2: The orphaned "cleanup.ini" file from an '08 uninstall of McAfee that shows up is not findable on my HD. I'd found it only in the "services" report on my beloved WinPatrol, so I went searching (deep/hidden/everything) and can't find it. I'd love to get it gone.)

(NOTE #3: This past Spring, I had used RevoUninstaller to pull off my .NET stuff -- I'd been told I didn't need it. I know, I know. SO this Summer, I reinstalled it using XP-TC/IP Repair, and reinstalled all the Service Packs, patches, everything. In case that jogs any ideas for you.

Here we go --

DDS (Ver_10-12-12.02) - NTFSx86

Run by me at 21:02:54.79 on Tue 01/11/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1476 [GMT -8:00]

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\netdde.exe

C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

C:\Documents and Settings\me\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\snagit 7\SnagItBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\snagit 7\SnagItIEAddin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [F5D8055v2] c:\program files\belkin\f5d8055\v2\Belkinwcui.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: MaxRecentDocs = 51 (0x33)

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\office

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - hxxps://browsercheck.qualys.com/qbc_ax.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

AppInit_DLLs: c:\windows\system32\acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: taskmgr.exe - "c:\program files\processexplorer\PROCEXP.EXE"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\s7wlmyo8.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - component: c:\program files\copernic desktop search - home\firefoxconnector\components\CSPXPCOMBridge.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: CopernicDesktop Search - Home Connector: {83D65D9A-9CCA-439B-9E4A-EC1FE481B443} - c:\program files\copernic desktop search - home\FirefoxConnector

============= SERVICES / DRIVERS ===============

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-28 214664]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R2 ToolTipFixer;ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2008-10-14 61952]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 31896]

R3 rt2870;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\rt2870.sys [2010-4-18 713344]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-28 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-28 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-28 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-28 40552]

S3 NVDPservice;Neevia docuPrinter helper service;c:\program files\neevia.com\docuprinterpro7-30-08\neeviaDP6.lib [2008-7-30 2372448]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2009-11-17 32736]

S3 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2009-11-17 220128]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-9-23 98304]

S3 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

S4 0065711279864646mcinstcleanup;McAfee Application Installer Cleanup (0065711279864646);c:\windows\temp\006571~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\006571~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2008-4-28 61526]

=============== Created Last 30 ================

2011-01-11 17:57:40 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a24a81b0-f934-4667-b334-d6b9585b8593}\mpengine.dll

2011-01-07 23:58:41 -------- d-----w- c:\program files\Dropbox Shell Tools

2010-12-23 19:20:31 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2010-12-22 07:32:33 -------- d-----w- c:\program files\Microsoft Security Client

2010-12-21 07:36:39 -------- d-----w- c:\windows\Temp6770C69F-B925-D9AD-FF6B-8B506B5FDFDD-Signatures

2010-12-21 06:31:30 -------- d-----w- C:\_OTL

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2010-12-19 18:59:55 -------- d-----w- c:\program files\ESET

2010-12-18 05:41:03 388096 ----a-r- c:\docume~1\me\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-12-18 05:41:01 -------- d-----w- c:\program files\Trend Micro

2010-12-18 05:04:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-18 05:04:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-18 05:04:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-17 07:11:03 89088 ----a-w- c:\windows\MBR.exe

2010-12-17 07:11:02 98816 ----a-w- c:\windows\sed.exe

2010-12-17 07:11:02 256512 ----a-w- c:\windows\PEV.exe

2010-12-17 07:11:02 161792 ----a-w- c:\windows\SWREG.exe

2010-12-17 01:07:49 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-12-15 06:52:22 -------- d-----w- c:\docume~1\me\applic~1\ieSpell

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-17 06:49:20 256 ----a-w- c:\windows\system32\pool.bin

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-14 21:05:11 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 21:03:21.26 ===============

DDS (Ver_10-12-12.02) - NTFSx86

Run by me at 21:02:54.79 on Tue 01/11/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2037.1476 [GMT -8:00]

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\netdde.exe

C:\Program Files\Belkin\F5D8055\v2\Belkinwcui.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe

C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k eapsvcs

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

C:\Documents and Settings\me\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\snagit 7\SnagItBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\snagit 7\SnagItIEAddin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [F5D8055v2] c:\program files\belkin\f5d8055\v2\Belkinwcui.exe

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

uPolicies-explorer: MaxRecentDocs = 51 (0x33)

uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)

IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\office

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - hxxps://browsercheck.qualys.com/qbc_ax.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll

AppInit_DLLs: c:\windows\system32\acaptuser32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

IFEO: taskmgr.exe - "c:\program files\processexplorer\PROCEXP.EXE"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\me\applic~1\mozilla\firefox\profiles\s7wlmyo8.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.com

FF - component: c:\program files\copernic desktop search - home\firefoxconnector\components\CSPXPCOMBridge.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: CopernicDesktop Search - Home Connector: {83D65D9A-9CCA-439B-9E4A-EC1FE481B443} - c:\program files\copernic desktop search - home\FirefoxConnector

============= SERVICES / DRIVERS ===============

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-4-28 214664]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]

R2 ToolTipFixer;ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2008-10-14 61952]

R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-3-28 31896]

R3 rt2870;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\rt2870.sys [2010-4-18 713344]

S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-4-28 79816]

S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-4-28 35272]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-4-28 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-4-28 40552]

S3 NVDPservice;Neevia docuPrinter helper service;c:\program files\neevia.com\docuprinterpro7-30-08\neeviaDP6.lib [2008-7-30 2372448]

S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2009-11-17 32736]

S3 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2009-11-17 220128]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-9-23 98304]

S3 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

S4 0065711279864646mcinstcleanup;McAfee Application Installer Cleanup (0065711279864646);c:\windows\temp\006571~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\006571~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]

S4 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2008-4-28 61526]

=============== Created Last 30 ================

2011-01-11 17:57:40 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{a24a81b0-f934-4667-b334-d6b9585b8593}\mpengine.dll

2011-01-07 23:58:41 -------- d-----w- c:\program files\Dropbox Shell Tools

2010-12-23 19:20:31 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2010-12-22 07:32:33 -------- d-----w- c:\program files\Microsoft Security Client

2010-12-21 07:36:39 -------- d-----w- c:\windows\Temp6770C69F-B925-D9AD-FF6B-8B506B5FDFDD-Signatures

2010-12-21 06:31:30 -------- d-----w- C:\_OTL

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll

2010-12-21 00:15:38 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll

2010-12-19 18:59:55 -------- d-----w- c:\program files\ESET

2010-12-18 05:41:03 388096 ----a-r- c:\docume~1\me\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2010-12-18 05:41:01 -------- d-----w- c:\program files\Trend Micro

2010-12-18 05:04:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-18 05:04:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-18 05:04:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-17 07:11:03 89088 ----a-w- c:\windows\MBR.exe

2010-12-17 07:11:02 98816 ----a-w- c:\windows\sed.exe

2010-12-17 07:11:02 256512 ----a-w- c:\windows\PEV.exe

2010-12-17 07:11:02 161792 ----a-w- c:\windows\SWREG.exe

2010-12-17 01:07:49 -------- d-----w- c:\program files\Microsoft ActiveSync

2010-12-15 06:52:22 -------- d-----w- c:\docume~1\me\applic~1\ieSpell

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-17 06:49:20 256 ----a-w- c:\windows\system32\pool.bin

2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-10-14 21:05:11 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 21:03:21.26 ===============

Please see attached per your request -- thanks a heap --

Attach.zip

Link to post
Share on other sites

Hello Grateful Gal!

Please follow this link to remove all of McAfee Products: McAfee Removal Link (you can start at Step 2

I also request an OTL log (some things DDS doesn't provide for me)

Please Download OTL to your Desktop:

To Use OTL:

http://oldtimer.geekstogo.com/OTL.exe
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
OTL should now start. Change the following settings
Change Drivers to All
Change Standard Registry to All
Under File Scans, change File age to 30
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt (first run only). These are saved in the same location as OTL.
Please attach these 2 files in your next reply.

Thank you very much, getting to the bottom of this :)

Link to post
Share on other sites

I've run the MCPR.exe again -- hope it helps.

I downloaded OTL again and run in, but because (as I said, above) I'd run it before (12/20/10) it did not produce the EXTRAS.txt report -- I still have that, from 12/20/10, if you'd like me to attach it -- just let me know.

This problem has plagued me for many months, so I'm not sure what a 30-day-history shows, but I trust that you'll know.

Please see attached OTL.txt, per your instructions -- and let me know if you want EXTRAS.txt from three weeks ago.

Thanks!

NOTE: again traded my name for the word "Me" -- would love to figure out how to do that on the computer, too, once I get all this craziness sorted out with your expertise and patience -- thank you!

OTL.Txt

Link to post
Share on other sites

No, I'd only followed instructions...

OMG! You're GENIUS!

Why in the #$%*!! didn't that solve the problem when I ran it before -- ? Ohhh... I just ran a search on those notes of what I did last time and MCPR.exe didn't show up -- it must've been some other McAfee removal tool (that didn't work, obviously! I'll search for what it was and let you know.)

WOW! Not only did MAMB update (instantly!) but so did my Kindle-for-PC, and my beloved Firefox connected and -- OH GRANT! I'm SO SO SO IMPRESSED! (And you would be too if you saw what some other smart guy went through trying to solve this issue last month... ) I can't wait to confirm that (I'm guessing/hoping) all the connection trouble I had with updating/connecting Adobe, Tweetdeck, Chrome, and all the rest will now work as BEAUTIFULLY as MalwareBytes does -- YAY FOR GRANT!!

The important thing to note, for your readers, is that I'd "uninstalled" McAfee years before. Like, in '07.

AND it doesn't show up in the Add/Remove Programs screen.

AND it doesn't show up in RevoUninstaller's tool, either.

I only saw it as a left over "service" (cleanup.ini) in my beloved WinPatrol, and even doing a deep/hidden/all search for that file across my entire system, even then it didn't show up.

Jeez! McAfee's been worse for my system than any rootkit virus coulda been -- and YOU SOLVED IT!

Where's your 'donate' button!? I GOTTA show some love -- thanks so much!

SUPER Grateful Gal :)

Link to post
Share on other sites

I am glad it all works :)

We no longer accept donations. You can suppot MBAM through getting the consumer license.

If any more issues arise please do not hesitate to begin a new topic.

Thank you very much!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.