-
ran root again this morning in normal mode
- in both safe and normal it only took a couple of seconds to run
no time to do the new instructions, had to get to work
below is this morning's root in normal mode
-looks rather similiar to the one in safemode
- i'll do the new instructions this afternoon/evening when i gethome
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/17 07:59
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC6B3000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf76e787e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf76e7bfe
==EOF==
-
McAfee
i was thing at some point it may help to uninstall, clean/scrub the system, and reinstall McAfee
- i downloaded it through cox; free as a subscriber
i use their antivirus and firewall
- wondering if it may have been adjusted/corrupted to not allow window to update
what do you think?
-
Are you referring to a format and clean install of windows ? Thats always a good option, but your call to do it or not. If you do decide to do that and need help I can link you to a windows forum that can help you through the process
-
no, no, no
just uninstall McAfee and delete all folders and make sure registry clean, and then reinstall it
-
You can, but dont know how that would solve the redirects
-
"You can, but dont know how that would solve the redirects "
i know
i was referring to after the redirects were fixed
one of the blogs i was reading stated there may be an issue with the firewall and that is why windows update not working correctly
- i don't know, just grabbing at straws, looking for solutions
you are doing a great job, and i appreciate your knowledge and support
- just thought maybe something was wrong with McAfee and it wasn't letting the update page appear
-- it did let this little bug in the door
-
I am not a big fan of McAfee so don't know my way around in it to well, but I am sure there is an option to disable the firewall temporarily, try it and see if yo can get the updates.
-
Ok
A question b/c I’m not sure if I’ll have access to you this afternoon/evening:
- This is more of a statement/question: after I run the otl custom fixes; a report will be created in the folder automatically, right?
You stated in your instructions (after the HostsXpert part) to "Post the OTL report and let me know if this helped".
Asking because I noticed a reboot command and would think it would reboot before I could save the logs.
Also, what if I ran GMER without the files box being checked like you had me do for ROOTREPEAL?
Thinking it will scan in normal mode and not crash like before b/c the scan will be done quicker.
What do you think?
- And just tell me to be quite if my ideas are bugging you, just trying to assist.
You are the Captain, though. You are leading this expedition.
-
Nope, your not bugging me. I am at work right now with limited access but will be online tonight until around 9 or so eastern time
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
There will be no report from HostsXpert
-
Ran otl
Tried to run hostsxpert
1) to me my host was hidden and asked if I wanted to make it writable
- I clicked ok
2) when I clicked restore ms host file, I got an error
- ERROR: Cannot create file C:\WINDOWS\system32\ETC\hosts
I click on make writable under file handling and I think it did it
Not very confident; log on right does look correct
I print screened it and attached it to this post; see below OTL
All processes killed
========== OTL ==========
127.0.0.1 localhost removed from HOSTS file successfully
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\morkee.com\i2\ deleted successfully.
Starting removal of ActiveX control {FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D}
C:\WINDOWS\Downloaded Program Files\SodaAgent.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD3FF62E-61A7-48EE-A4A4-97CE7BD1F99D}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 914 bytes
->Flash cache emptied: 300 bytes
User: Happy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4839227 bytes
->Java cache emptied: 7322509 bytes
->Flash cache emptied: 93717 bytes
User: Happy.DDHRXN81
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 5450 bytes
->Temporary Internet Files folder emptied: 4222102 bytes
->Java cache emptied: 35927 bytes
->Flash cache emptied: 28989 bytes
User: Robert
->Temp folder emptied: 179103 bytes
->Temporary Internet Files folder emptied: 111776721 bytes
->Java cache emptied: 18012751 bytes
->Flash cache emptied: 2179097 bytes
User: Robert.DDHRXN81
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: TEMP
->Temp folder emptied: 0 bytes
User: TEMP.DHRXN81
User: TEMP.DHRXN81(2).005
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39138 bytes
%systemroot%\System32 .tmp files removed: 2962961 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73670 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 113242 bytes
RecycleBin emptied: 57672162 bytes
Total Files Cleaned = 200.00 mb
OTL by OldTimer - Version 3.2.4.1 log created on 05172010_172313
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8GOJWTY7\blank[1].htm not found!
File\Folder C:\WINDOWS\temp\mcmsc_CcFghMEXKZ6Lm7o not found!
File\Folder C:\WINDOWS\temp\mcmsc_fdtl5agmJqs2Iwb not found!
File\Folder C:\WINDOWS\temp\mcmsc_hYSslwoiUZHCb68 not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_ab0.dat not found!
Registry entries deleted on Reboot...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
