Jump to content

madisonbrh

Honorary Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by madisonbrh

  1. Win 7 System Restore fixed the problem for me -- and only after that restore was I able to get to the internet to find out that it was Malwarebytes that had caused my PC to go crazy. Appreciate the apology but you really need to institute MUCH BETTER quality control -- and no lone rangers...
  2. Deleted the Eset folder. Here's the HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:12:53 PM, on 3/27/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&s...33&_lang=EN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AutorunsDisabled O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139967853786 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...398/mcfscan.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 8343 bytes
  3. Deleted StstemLook and RootRepeal and did the Start/run to unistall GooredFix.exe Eset certainly does require patience..... here's the log -- no threats -- Hooray! # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3966 (20090326) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=2fb5f2430caeda46aca26a8ddbac86f3 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2009-03-27 12:11:11 # local_time=2009-03-26 07:11:11 (-0600, Central Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=230975 # found=0 # scan_time=6897 Are we done? Should I remove Eset (add/remove programs)? Again, thank you for all your help!
  4. My PC running XP got infected -- with a firewall, anti-virus, routine scans all operating. Only Malware found the trojan. The Malware program said it 'deleted' the trojan, but it kept reappearing so I went to your forum for help. The help I received from Dan12 was TERRIFIC!! and following his instructions, I was able to clean up some unnecessary stuff and then delete the trojan at boot time. My PC is now working normally again. THANKS SO MUCH!! A Terrific Program with TERRIFIC SUPPORT!!!
  5. THANK YOU Dan -- my PC is back to normal and working very well!! Just want you to know that I'm a 72 year old grandmother... with your terrific assistance and instructions, it was pretty neat for me to fix my computer without asking my kids for help! (a small disclaimer -- I was a mainframe programmer for many years before retirement, so I'm not a novice -- but PCs and Windows are definitely not my area of expertise) THANKS AGAIN!!!
  6. Did the HJT delete file on reboot -- then rebooted -- LOOKING A WHOLE LOT BETTER after doing Google searches without redirections and no Google closes.... I need to do some NON-computer stuff now-- but I will get back on later and see if things are still looking so good!! Briefly, can you tell me how you identified that mjcgf.hmh file as a culprit?
  7. I did a select all and copy and pasted the Jotti's results -- sorry it's not formatted better.... Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 File to upload & scan: Virus Service Service load: 0% 100% File: mjcgf.hmh Status: POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) MD5: 67874b39194af5114b261f620df98899 Packers detected: - Scanner results Scan taken on 25 Mar 2009 22:25:44 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found Win32:Delf-LXW AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found Trojan.Delf-8099 CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Quick Heal Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Powered by images/asquared.png images/antivir.png images/arcavir.jpg images/avast.png images/avg.gif images/bitdefender.png images/clamav-logo1.png images/cpsecure.gif images/drweb.gif images/f-prot.png images/f-secure_logo.gif images/ikarus.gif images/kaspersky.png images/nod32.gif images/norman.png images/panda.gif images/quickheal.jpg images/sophos.gif images/virusbuster.gif images/vba32.png Disclaimer This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Some scanners will only report one virus when scanning archives with multiple pieces of malware. Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample. Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all. Sponsored by HotelScraper.com. Statistics Last file scanned at least one scanner reported something about: Injec-TOR.rar (MD5: 19fa465783a004f752d736f344edbc0f, size: 118882 bytes), detected by: Scanner Malware name A-Squared HackTool.Win32.Injecter.l!IK AntiVir SPR/Tool.Injector ArcaVir Riskware.Hacktool.Injecter.L Avast X AVG Antivirus HackTool.DKR BitDefender Virtool.8310 ClamAV Hacktool.Inject CPsecure HackTool.W32.Injecter.L Dr.Web X F-Prot Antivirus W32/VirTool.BSM F-Secure Anti-Virus HackTool.Win32.Injecter.l Ikarus HackTool.Win32.Injecter.l Kaspersky Anti-Virus HackTool.Win32.Injecter.l NOD32 Win32/HackTool.Injecter.L application Norman Virus Control X Panda Antivirus X Quick Heal HackTool.Injecter.l (Not a Virus) Sophos Antivirus X VirusBuster HackTool.Injecter.ABF VBA32 Backdoor.Win32.Hupigon.aspg You are free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service. Frequently asked questions - Privacy policy Debian Page generated by JTPL
  8. here's the result SystemLook v1.0 by jpshortstuff (02.03.09) Log created at 16:56 on 25/03/2009 by Billie and Si (Administrator - Elevation successful) ========== reg ========== [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"="C:\WINDOWS\system32\..\mjcgf.hmh" "midi"="wdmaud.drv" "midimapper"="midimap.dll" "mixer"="wdmaud.drv" "msacm.iac2"="C:\WINDOWS\system32\iac25_32.ax" "msacm.imaadpcm"="imaadp32.acm" "msacm.l3acm"="l3codecx.acm" "msacm.msadpcm"="msadp32.acm" "msacm.msaudio1"="msaud32.acm" "msacm.msg711"="msg711.acm" "msacm.msg723"="msg723.acm" "msacm.msgsm610"="msgsm32.acm" "msacm.siren"="sirenacm.dll" "msacm.sl_anet"="sl_anet.acm" "msacm.trspch"="tssoft32.acm" "vidc.cvid"="iccvid.dll" "vidc.I420"="msh263.drv" "vidc.iv31"="ir32_32.dll" "vidc.iv32"="ir32_32.dll" "vidc.iv41"="ir41_32.ax" "vidc.iv50"="ir50_32.dll" "vidc.iyuv"="iyuv_32.dll" "vidc.M261"="msh261.drv" "vidc.M263"="msh263.drv" "vidc.mrle"="msrle32.dll" "vidc.msvc"="msvidc32.dll" "vidc.tscc"="tsccvid.dll" "vidc.uyvy"="msyuv.dll" "vidc.XVID"="xvidvfw.dll" "vidc.yuy2"="msyuv.dll" "vidc.yvu9"="tsbyuv.dll" "vidc.yvyu"="msyuv.dll" "wave1"="wdmaud.drv" "wavemapper"="msacm32.drv" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server] -=End Of File=-
  9. Here's the log.... good heavens, what's with windows nt -- I have XP? SystemLook v1.0 by jpshortstuff (02.03.09) Log created at 15:38 on 25/03/2009 by Billie and Si (Administrator - Elevation successful) ========== reg ========== [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32 key] (Unable to open key) -=End Of File=-
  10. Yes, I clicked OK. It seemed to be doing something for a second or two -- but there's nothing on my desktop nor did notepad open...
  11. I did the copy/paste with Ctl C and Ctl V, but notepad didn't open...
  12. Here's the bootlog and rootrepeal... Service Pack 3 3 25 2009 07:54:07.500 Loaded driver \WINDOWS\system32\ntoskrnl.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver ACPI.sys Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver pciide.sys Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver atapi.sys Loaded driver disk.sys Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver sr.sys Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver Mup.sys Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys Loaded driver \SystemRoot\System32\DRIVERS\ialmnt5.sys Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\System32\DRIVERS\BCMSM.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\System32\DRIVERS\bcm4sbxp.sys Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys Loaded driver \SystemRoot\System32\Drivers\pwd_2k.SYS Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS Loaded driver \SystemRoot\system32\drivers\smwdm.sys Loaded driver \SystemRoot\system32\drivers\aeaudio.sys Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys Loaded driver \SystemRoot\System32\DRIVERS\serial.sys Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys Loaded driver \SystemRoot\System32\DRIVERS\parport.sys Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\System32\DRIVERS\psched.sys Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys Loaded driver \SystemRoot\System32\DRIVERS\update.sys Loaded driver \SystemRoot\System32\DRIVERS\omci.sys Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\Drivers\mmc_2K.SYS Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Loaded driver \SystemRoot\System32\Drivers\cdudf_xp.SYS Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\System32\Drivers\UdfReadr_xp.SYS Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys Loaded driver \SystemRoot\System32\Drivers\Mpfp.sys Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys Did not load driver \SystemRoot\System32\DRIVERS\p3.sys Did not load driver \SystemRoot\System32\DRIVERS\processr.sys Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\drivers\mfehidk.sys Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\System32\Drivers\LHidUsb.Sys Loaded driver \SystemRoot\system32\DRIVERS\LHidFlt2.Sys Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys Loaded driver \SystemRoot\system32\DRIVERS\LMouFlt2.Sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\BANTExt.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS Loaded driver \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS Loaded driver \SystemRoot\System32\DRIVERS\srv.sys Loaded driver \SystemRoot\System32\DRIVERS\secdrv.sys Loaded driver \SystemRoot\system32\drivers\wdmaud.sys Loaded driver \SystemRoot\system32\drivers\sysaudio.sys Loaded driver \SystemRoot\system32\drivers\splitter.sys Loaded driver \SystemRoot\system32\drivers\aec.sys Loaded driver \SystemRoot\system32\drivers\swmidi.sys Loaded driver \SystemRoot\system32\drivers\DMusic.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys Loaded driver \SystemRoot\system32\drivers\drmkaud.sys Loaded driver \SystemRoot\system32\drivers\mfebopk.sys Loaded driver \SystemRoot\system32\drivers\mfeavfk.sys Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\drivers\mfesmfk.sys Loaded driver \SystemRoot\system32\drivers\kmixer.sys ROOTREPEAL © AD, 2007-2008 ================================================== Scan Time: 2009/03/25 08:28 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xED73A000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7C6B000 Size: 8192 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xECAD0000 Size: 45056 File Visible: No Status: - Stealth Objects ------------------- Object: Hidden Module [Name: Intuit.Spc.Map.Reporter.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04470000 Size: 479232 Object: Hidden Module [Name: System.Data.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04030000 Size: 2961408 Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Api.Net.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03d10000 Size: 421888 Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateService.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00a00000 Size: 36864 Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00c40000 Size: 28672 Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00e00000 Size: 61440 Object: Hidden Module [Name: Intuit.Spc.Esd.Client.Common.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00e40000 Size: 86016 Object: Hidden Module [Name: Intuit.Spc.Esd.Core.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00ea0000 Size: 258048 Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00ef0000 Size: 36864 Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.Logging.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00f10000 Size: 53248 Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.ExceptionHandling.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00fd0000 Size: 77824 Object: Hidden Module [Name: Intuit.Spc.Foundations.Portability.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03020000 Size: 471040 Object: Hidden Module [Name: System.configuration.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03240000 Size: 438272 Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.Config.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x031a0000 Size: 86016 Object: Hidden Module [Name: System.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x034e0000 Size: 3158016 Object: Hidden Module [Name: System.XML.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x032b0000 Size: 2060288 Object: Hidden Module [Name: Intuit.Spc.Esd.Client.BusinessLogic.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03f20000 Size: 151552 Object: Hidden Module [Name: Intuit.Spc.Esd.Client.DataAccess.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03ec0000 Size: 135168 Object: Hidden Module [Name: System.Data.SQLite.DLL] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03f60000 Size: 778240 Object: Hidden Module [Name: System.Transactions.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04360000 Size: 270336 Object: Hidden Module [Name: System.EnterpriseServices.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04610000 Size: 266240 Object: Hidden Module [Name: System.Runtime.Remoting.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04b60000 Size: 307200 Object: Hidden Module [Name: System.Windows.Forms.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04dc0000 Size: 5033984 Object: Hidden Module [Name: System.Drawing.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x05390000 Size: 634880 Object: Hidden Module [Name: Intuit.Spc.Map.WindowsFirewallUtilities.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x05540000 Size: 1077248 Object: Hidden Module [Name: System.ServiceProcess.dll] Process: IntuitUpdateService.exe (PID: 1604) Address: 0x056b0000 Size: 126976
  13. GooredLog.txt follows: BUT, you noted: "do not run Option #2 yet" and there's no Option #2 in your post.... I don't want to mess up anything by doing it out of order.... GooredFix v1.92 by jpshortstuff Log created at 19:50 on 24/03/2009 running Option #1 (Billie and Si) Firefox version 3.0.7 (en-US) =====Suspect Goored Entries===== =====Dumping Registry Values===== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions] "Plugins"="C:\Program Files\Mozilla Firefox\plugins" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions] "Components"="C:\Program Files\Mozilla Firefox\components" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"
  14. Since your first post was early this AM, you certainly need sleep!! I meant to say that I have been using a selective startup so that some resource hogs wouldn't startup and slow things down and I couldn't find any other way to eliminate them from the normal startup. Please let me know if you want me to return to normal startup.... after you get a good night's rest.
  15. How's this look? SystemLook v1.0 by jpshortstuff (02.03.09) Log created at 18:57 on 24/03/2009 by Billie and Si (Administrator - Elevation successful) ========== reg ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] (No values found) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] "backup"="C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup" "command"="C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE " "item"="Adobe Reader Speed Launch" "location"="Common Startup" "path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk] "backup"="C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup" "command"="C:\PROGRA~1\SBCSEL~1\bin\matcli.exe -boot" "item"="AT&T Self Support Tool" "location"="Common Startup" "path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] "backup"="C:\WINDOWS\pss\Billminder.lnkCommon Startup" "command"="C:\PROGRA~1\QUICKENW\BILLMIND.EXE " "item"="Billminder" "location"="Common Startup" "path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk] "backup"="C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup" "command"="C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx" "item"="Kodak EasyShare software" "location"="Common Startup" "path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk] "backup"="C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup" "item"="Quicken Startup" "location"="Common Startup" "path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] "command"="" "hkey"="HKLM" "inimapping"="0" "item"="" "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdaptecDirectCD] "command"=""C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" "hkey"="HKLM" "inimapping"="0" "item"="DirectCD" "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader] "command"=""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" "hkey"="HKLM" "inimapping"="0" "item"="apdproxy" "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YBrowser] "command"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" "hkey"="HKLM" "inimapping"="0" "item"="ybrwicon" "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YOP] "command"="C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart" "hkey"="HKLM" "inimapping"="0" "item"="yop" "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] "bootini"= 0x00000000 (0) "services"= 0x00000000 (0) "startup"= 0x00000002 (2) "system.ini"= 0x00000000 (0) "win.ini"= 0x00000000 (0) -=End Of File=-
  16. I believe I did it as requested -- I didn't close my Notepad with mslook as its title. Double clicked on the desktop mslook -- Got another Notepad opening, but it's empty (and untitled)....
  17. I am using Notepad... Do I save as mslook.bat or "mslook.bat" Do I close Notepad after I've saved it to the Desktop? Sorry for the ignorance.
  18. I copied the infoto the notepad file, saved as "mslook.bat", located it on the Desktop and double-clicked. Notepad didn't open... all my icons on the desktop went away and then returned.... Obviously, I'm doing something wrong. Can you help?
  19. Thanks dan12! 1. I removed what was left of Norton -- I have ATT DSL and they recently got rid of Norton and told us to download McAfee from the ATT site -- supposedly they would remove all the Norton stuff, but I guess their removal was incomplete. 2. I created the "mslook.bat" file on the desktop, double-clicked etc. 3. I removed (using Add/Remove) Logitech Desktop Messenger. 4. I ran HJT and fixed the offending entries. 5. Ran another HJT and msconfig report -- I assume the msconfig report you wanted was the program list. Again, thank you for all your help Here are the logs Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:29:56 PM, on 3/24/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\igfxtray.exe C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&s...33&_lang=EN R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AutorunsDisabled O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139967853786 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...398/mcfscan.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe -- End of file - 7925 bytes Across Lite Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe Shockwave Player Adobe
  20. Another strange occurrence -- I was looking at forum posts and tried to click on a bleepingcomputer url and Firefox closed. I restarted Firefox and put bleeping computer (with the space between bleeping and computer) into Google search, and again Firefox closed... I've also uninstalled AdAware -- I had loaded and run it yesterday with no errors shown... Thank you for helping! Here's an updated HJT program list Across Lite Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe Shockwave Player Adobe
  21. Thank you dan12. Here's the list of programs. Across Lite Ad-Aware Ad-Aware Adobe Flash Player 10 Plugin Adobe Flash Player ActiveX Adobe Reader 7.0.9 Adobe Shockwave Player Adobe
  22. I've run Malware several times to remove the DAONOL trojan, but it keeps coming back and redirecting my browsers (Firefox3.0.7 and IE) Here are my logs. I really appreciate any help you can give me. Malwarebytes' Anti-Malware 1.34 Database version: 1890 Windows 5.1.2600 Service Pack 3 3/23/2009 9:59:08 PM mbam-log-2009-03-23 (21-59-08).txt Scan type: Quick Scan Objects scanned: 69298 Time elapsed: 8 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\mjcgf.hmh (Trojan.Daonol) -> Quarantined and deleted successfully. C:\RECYCLER\S-1-5-21-1632566140-2603001431-468717193-1006\Dc26.hmh (Trojan.Daonol) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:27 PM, on 3/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\WINDOWS\explorer.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139967853786 O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) - O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...398/mcfscan.cab O18 - Protocol: bw+0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: McAfee Application Installer Cleanup (0008561237838993) (0008561237838993mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\BILLIE~1\LOCALS~1\Temp\000856~1.EXE O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 23016 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.