Jump to content

Can't remove DAONOL trojan --


Recommended Posts

I've run Malware several times to remove the DAONOL trojan, but it keeps coming back and redirecting my browsers (Firefox3.0.7 and IE)

Here are my logs. I really appreciate any help you can give me.

Malwarebytes' Anti-Malware 1.34

Database version: 1890

Windows 5.1.2600 Service Pack 3

3/23/2009 9:59:08 PM

mbam-log-2009-03-23 (21-59-08).txt

Scan type: Quick Scan

Objects scanned: 69298

Time elapsed: 8 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\mjcgf.hmh (Trojan.Daonol) -> Quarantined and deleted successfully.

C:\RECYCLER\S-1-5-21-1632566140-2603001431-468717193-1006\Dc26.hmh (Trojan.Daonol) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:27:27 PM, on 3/23/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\WINDOWS\explorer.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://*.mcafee.com

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139967853786

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...398/mcfscan.cab

O18 - Protocol: bw+0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: McAfee Application Installer Cleanup (0008561237838993) (0008561237838993mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\BILLIE~1\LOCALS~1\Temp\000856~1.EXE

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 23016 bytes

Link to post
Share on other sites

welcome to malwarebytes forum

My name is Dan, and I will be helping you to remove any infection(s) that you may have.

Please note! that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • REMEMBER, ABSENCE OF SYMPTOMS DOES NOT MEAN THE INFECTION IS ALL GONE.

If you can do these things, everything should go smoothly.

  • Please note you'll need to have Administrator priviledges to perform the fixes. (XP accounts are Administrator by default)
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.

Unless informed of in advance, failure to post replies within 5 days will result in this thread being closed.

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Installed Programs

Please could you give me a list of the programs that are installed.

  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.

Click on save list button and specify where you would like to save this file.

When you press Save button a notepad will open with the contents of that file.

Simply copy and paste the contents of that notepad into your next post.

I'm presently looking over your log and hope not to be too long.

Will be back with you as soon as I can.

Thanks dan

Link to post
Share on other sites

Another strange occurrence -- I was looking at forum posts and tried to click on a bleepingcomputer url and Firefox closed. I restarted Firefox and put

bleeping computer (with the space between bleeping and computer) into Google search, and again Firefox closed...

I've also uninstalled AdAware -- I had loaded and run it yesterday with no errors shown...

Thank you for helping!

Here's an updated HJT program list

Across Lite

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 7.0.9

Adobe Shockwave Player

Adobe

Link to post
Share on other sites

AntiVirus

You have a couple of AV's running,Norton and McaFee, you're actually doing more harm than good by running more than one Anti Virus program.

When you do this the programs compete for resources, and the end result is none does it's best and can cause system instability.

I recommend that you choose one that you want to keep.

The other/s I would either uninstall, or disable from startup and use as "on demand" for an occasional scan.

Please note that almost all "free" security software is only free for home/private users

Please note, these tools will remove all applications belonging to the relevant company.

Remove McAfee

Please click http://*.mcafee.com

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O18 - Protocol: bw+0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {35B8BD53-9FFB-44F8-93F0-0A2A7A074DCA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

post a furtherHJT log

Msconfig report

Link to post
Share on other sites

Thanks dan12!

1. I removed what was left of Norton -- I have ATT DSL and they recently got rid of Norton and told us to download McAfee from the ATT site -- supposedly they would remove all the Norton stuff, but I guess their removal was incomplete.

2. I created the "mslook.bat" file on the desktop, double-clicked etc.

3. I removed (using Add/Remove) Logitech Desktop Messenger.

4. I ran HJT and fixed the offending entries.

5. Ran another HJT and msconfig report -- I assume the msconfig report you wanted was the program list.

Again, thank you for all your help

Here are the logs

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:29:56 PM, on 3/24/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&s...33&_lang=EN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: AutorunsDisabled

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsc...72/mcinsctl.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9563.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139967853786

O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab

O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmg...,15/mcgdmgr.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...398/mcfscan.cab

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~2\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--

End of file - 7925 bytes

Across Lite

Adobe Flash Player 10 Plugin

Adobe Flash Player ActiveX

Adobe Reader 7.0.9

Adobe Shockwave Player

Adobe

Link to post
Share on other sites

I assume the msconfig report you wanted was the program list.

No! That's the programs installed list.

Run the batch file again take note of txt highlighted in green

Go to the menu at the top of the Notepad File and Save as

Save it to your Desktop as "mslook.bat" (you MUST include the quotes)

Locate mslook.bat on your Desktop and double-click it. When notepad opens, copy/paste the content in your reply. When you close Notepad the CMD window will close automatically and the text file will be deleted

post

Msconfig report

Link to post
Share on other sites

Don't worry, never mind you asking.Save as "mslook.bat"

Do I close Notepad after I've saved it to the Desktop?
wait till notepad opens with some text in for me copy it,then you can close if you wish.

paste information into the thread for me.

if your still not sure I will do it another way

Link to post
Share on other sites

Let's try another way

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :regHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig /s


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

How's this look?

SystemLook v1.0 by jpshortstuff (02.03.09)

Log created at 18:57 on 24/03/2009 by Billie and Si (Administrator - Elevation successful)

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom]

(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo]

(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

"backup"="C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup"

"command"="C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE "

"item"="Adobe Reader Speed Launch"

"location"="Common Startup"

"path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]

"backup"="C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup"

"command"="C:\PROGRA~1\SBCSEL~1\bin\matcli.exe -boot"

"item"="AT&T Self Support Tool"

"location"="Common Startup"

"path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]

"backup"="C:\WINDOWS\pss\Billminder.lnkCommon Startup"

"command"="C:\PROGRA~1\QUICKENW\BILLMIND.EXE "

"item"="Billminder"

"location"="Common Startup"

"path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

"backup"="C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup"

"command"="C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx"

"item"="Kodak EasyShare software"

"location"="Common Startup"

"path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]

"backup"="C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup"

"item"="Quicken Startup"

"location"="Common Startup"

"path"="C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

"command"=""

"hkey"="HKLM"

"inimapping"="0"

"item"=""

"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdaptecDirectCD]

"command"=""C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe""

"hkey"="HKLM"

"inimapping"="0"

"item"="DirectCD"

"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader]

"command"=""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe""

"hkey"="HKLM"

"inimapping"="0"

"item"="apdproxy"

"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YBrowser]

"command"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe"

"hkey"="HKLM"

"inimapping"="0"

"item"="ybrwicon"

"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YOP]

"command"="C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart"

"hkey"="HKLM"

"inimapping"="0"

"item"="yop"

"key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

"bootini"= 0x00000000 (0)

"services"= 0x00000000 (0)

"startup"= 0x00000002 (2)

"system.ini"= 0x00000000 (0)

"win.ini"= 0x00000000 (0)

-=End Of File=-

Link to post
Share on other sites

Since your first post was early this AM, you certainly need sleep!!

I meant to say that I have been using a selective startup so that some resource hogs wouldn't startup and slow things down and I couldn't find any other way to eliminate them from the normal startup. Please let me know if you want me to return to normal startup.... after you get a good night's rest.

Link to post
Share on other sites

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Note: Do not run Option #2 yet.

  • Please create a BOOTLOG
  • Restart the computer and press F8 when Windows start booting. This will bring up the startup options.
  • Select "Enable Boot Logging" option and press enter.
  • Windows prompts you to select a Windows Installation (even if there is only one windows installation)
  • This boots windows normally and creates a boot log named ntbtlog.txt and saves it to C:\Windows
    If you're already running inside Windows you can enable it the following way.
  • Click on START - RUN and type in MSCONFIG go to the BOOT.INI tab and place a check mark by /BOOTLOG
  • Click on OK and you will be prompted to RESTART Windows. Please do restart now.
  • After Windows restarts open the file C:\Windows\ntbtlog.txt with Notepad
  • From the Edit menu choose Select All then Edit, COPY and post that back on your next reply.
  • Note: Vista users can type in the Search and it will show on the menu, then Right click and choose Run as Adminsitrator
  • The tab is called BOOT on Vista. Then choose Boot log

RootRepeal - Rootkit Detector

  • Please download the following tool: RootRepeal - Rootkit Detector
  • Direct download link is here: RootRepeal.rar
  • If you don't already have a program to open a .RAR compressed file you can download a trial version from here: WinRAR
  • Extract the program file to a new folder such as C:\RootRepeal
  • Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button
  • Select ALL of the checkboxes and then click OK and it will start scanning your system.
  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the same location where you ran it from, such as C:\RootRepeal
  • Save it as your_name_rootrepeal.txt - where your_name is your forum name
  • This makes it more easy to track who the log belongs to.
  • Then open that log and select all and copy/paste it back on your next reply please.
  • Quit the RootRepeal program.

Post:

Goored txt

bootlog report

rootrepeal report.

should keep you busy,remember, not sure, ask!

Good night

dan

Link to post
Share on other sites

GooredLog.txt follows:

BUT, you noted: "do not run Option #2 yet" and there's no Option #2 in your post.... I don't want to mess up anything by doing it out of order....

GooredFix v1.92 by jpshortstuff

Log created at 19:50 on 24/03/2009 running Option #1 (Billie and Si)

Firefox version 3.0.7 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]

"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]

"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]

"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

Link to post
Share on other sites

Here's the bootlog and rootrepeal...

Service Pack 3 3 25 2009 07:54:07.500

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver ACPI.sys

Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver pciide.sys

Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver Mup.sys

Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys

Loaded driver \SystemRoot\System32\DRIVERS\ialmnt5.sys

Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys

Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys

Loaded driver \SystemRoot\System32\DRIVERS\BCMSM.sys

Loaded driver \SystemRoot\System32\Drivers\Modem.SYS

Loaded driver \SystemRoot\System32\DRIVERS\bcm4sbxp.sys

Loaded driver \SystemRoot\System32\Drivers\AFS2K.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS

Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys

Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys

Loaded driver \SystemRoot\System32\Drivers\pwd_2k.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS

Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys

Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS

Loaded driver \SystemRoot\system32\drivers\smwdm.sys

Loaded driver \SystemRoot\system32\drivers\aeaudio.sys

Loaded driver \SystemRoot\System32\DRIVERS\fdc.sys

Loaded driver \SystemRoot\System32\DRIVERS\serial.sys

Loaded driver \SystemRoot\System32\DRIVERS\serenum.sys

Loaded driver \SystemRoot\System32\DRIVERS\parport.sys

Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys

Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys

Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys

Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys

Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys

Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys

Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys

Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys

Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys

Loaded driver \SystemRoot\System32\DRIVERS\psched.sys

Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys

Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys

Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys

Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys

Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys

Loaded driver \SystemRoot\System32\DRIVERS\update.sys

Loaded driver \SystemRoot\System32\DRIVERS\omci.sys

Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys

Loaded driver \SystemRoot\System32\Drivers\mmc_2K.SYS

Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS

Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS

Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys

Loaded driver \SystemRoot\System32\DRIVERS\flpydisk.sys

Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS

Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS

Did not load driver \SystemRoot\System32\Drivers\Changer.SYS

Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdr4_xp.SYS

Loaded driver \SystemRoot\System32\Drivers\Cdralw2k.SYS

Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS

Loaded driver \SystemRoot\System32\Drivers\Null.SYS

Loaded driver \SystemRoot\System32\Drivers\Beep.SYS

Loaded driver \SystemRoot\System32\drivers\vga.sys

Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS

Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys

Loaded driver \SystemRoot\System32\Drivers\cdudf_xp.SYS

Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS

Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS

Loaded driver \SystemRoot\System32\Drivers\UdfReadr_xp.SYS

Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys

Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys

Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys

Loaded driver \SystemRoot\System32\DRIVERS\ipfltdrv.sys

Loaded driver \SystemRoot\System32\Drivers\Mpfp.sys

Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys

Loaded driver \SystemRoot\System32\drivers\ws2ifsl.sys

Loaded driver \SystemRoot\System32\drivers\afd.sys

Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys

Did not load driver \SystemRoot\System32\DRIVERS\p3.sys

Did not load driver \SystemRoot\System32\DRIVERS\processr.sys

Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS

Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys

Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\drivers\mfehidk.sys

Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys

Loaded driver \SystemRoot\System32\Drivers\LHidUsb.Sys

Loaded driver \SystemRoot\system32\DRIVERS\LHidFlt2.Sys

Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys

Loaded driver \SystemRoot\system32\DRIVERS\LMouFlt2.Sys

Loaded driver \SystemRoot\System32\Drivers\Fips.SYS

Loaded driver \SystemRoot\System32\Drivers\BANTExt.sys

Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys

Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys

Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys

Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS

Loaded driver \??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS

Loaded driver \SystemRoot\System32\DRIVERS\srv.sys

Loaded driver \SystemRoot\System32\DRIVERS\secdrv.sys

Loaded driver \SystemRoot\system32\drivers\wdmaud.sys

Loaded driver \SystemRoot\system32\drivers\sysaudio.sys

Loaded driver \SystemRoot\system32\drivers\splitter.sys

Loaded driver \SystemRoot\system32\drivers\aec.sys

Loaded driver \SystemRoot\system32\drivers\swmidi.sys

Loaded driver \SystemRoot\system32\drivers\DMusic.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

Loaded driver \SystemRoot\system32\drivers\drmkaud.sys

Loaded driver \SystemRoot\system32\drivers\mfebopk.sys

Loaded driver \SystemRoot\system32\drivers\mfeavfk.sys

Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys

Loaded driver \SystemRoot\system32\drivers\mfesmfk.sys

Loaded driver \SystemRoot\system32\drivers\kmixer.sys

ROOTREPEAL © AD, 2007-2008

==================================================

Scan Time: 2009/03/25 08:28

Program Version: Version 1.2.3.0

Windows Version: Windows XP SP3

==================================================

Drivers

-------------------

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xED73A000 Size: 98304 File Visible: No

Status: -

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xF7C6B000 Size: 8192 File Visible: No

Status: -

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xECAD0000 Size: 45056 File Visible: No

Status: -

Stealth Objects

-------------------

Object: Hidden Module [Name: Intuit.Spc.Map.Reporter.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04470000 Size: 479232

Object: Hidden Module [Name: System.Data.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04030000 Size: 2961408

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Api.Net.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03d10000 Size: 421888

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateService.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00a00000 Size: 36864

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00c40000 Size: 28672

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00e00000 Size: 61440

Object: Hidden Module [Name: Intuit.Spc.Esd.Client.Common.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00e40000 Size: 86016

Object: Hidden Module [Name: Intuit.Spc.Esd.Core.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00ea0000 Size: 258048

Object: Hidden Module [Name: Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00ef0000 Size: 36864

Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.Logging.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00f10000 Size: 53248

Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.ExceptionHandling.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x00fd0000 Size: 77824

Object: Hidden Module [Name: Intuit.Spc.Foundations.Portability.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03020000 Size: 471040

Object: Hidden Module [Name: System.configuration.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03240000 Size: 438272

Object: Hidden Module [Name: Intuit.Spc.Foundations.Primary.Config.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x031a0000 Size: 86016

Object: Hidden Module [Name: System.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x034e0000 Size: 3158016

Object: Hidden Module [Name: System.XML.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x032b0000 Size: 2060288

Object: Hidden Module [Name: Intuit.Spc.Esd.Client.BusinessLogic.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03f20000 Size: 151552

Object: Hidden Module [Name: Intuit.Spc.Esd.Client.DataAccess.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03ec0000 Size: 135168

Object: Hidden Module [Name: System.Data.SQLite.DLL]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x03f60000 Size: 778240

Object: Hidden Module [Name: System.Transactions.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04360000 Size: 270336

Object: Hidden Module [Name: System.EnterpriseServices.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04610000 Size: 266240

Object: Hidden Module [Name: System.Runtime.Remoting.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04b60000 Size: 307200

Object: Hidden Module [Name: System.Windows.Forms.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x04dc0000 Size: 5033984

Object: Hidden Module [Name: System.Drawing.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x05390000 Size: 634880

Object: Hidden Module [Name: Intuit.Spc.Map.WindowsFirewallUtilities.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x05540000 Size: 1077248

Object: Hidden Module [Name: System.ServiceProcess.dll]

Process: IntuitUpdateService.exe (PID: 1604) Address: 0x056b0000 Size: 126976

Link to post
Share on other sites

Let's have a look at your host file.

Go to Start>Run and highlight the contents of the box below then use CTRL+C to copy them and CTRL+V to paste them into the run dialogue box.

cmd /c copy C:\WINDOWS\system32\drivers\etc\hosts "%userprofile%\desktop\hosts.txt"

Click OK, notepad will then open with your host file. Copy and paste the whole Hosts file in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.