|
| ||
| IE redirect and pop ups on laptop Ok so heres the seperate thread for laptop problem ... same as my pc, random redirects and pop ups. Logs: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:55:43 08/02/2007 + Scan result: HKLM\SOFTWARE\Classes\Interface\{81CDDAE8-3B92-4F0D-86C1-8DD5DB6A8471} -> Adware.Generic : No action taken. HKLM\SOFTWARE\Classes\TypeLib\{EFA1EC0F-8359-41B7-A178-7DD6805A0C79} -> Adware.Generic : No action taken. HKU\S-1-5-21-4247219848-3744751695-398315518-1005\Software\TrustIn -> Adware.Generic : No action taken. HKU\S-1-5-21-4247219848-3744751695-398315518-1005\Software\TrustIn\Weekly Executer -> Adware.Generic : No action taken. HKU\S-1-5-21-4247219848-3744751695-398315518-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -> Adware.TrustCleaner : No action taken. C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP47\A0011093.exe -> Adware.Trymedia : No action taken. C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe/webcontrol\btwebcontrol.dll -> Dialer.Small : No action taken. C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP19\A0005172.exe -> Downloader.Small.ddp : No action taken. C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP52\A0013323.dll -> Downloader.Small.ddp : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@2o7[2].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@adjuggler[2].txt -> TrackingCookie.Adjuggler : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@perf.overture[1].txt -> TrackingCookie.Overture : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken. C:\Documents and Settings\Sarah\Cookies\sarah@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : No action taken. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 21:28:58, on 08/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\System32\alg.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toucan.com/jump/redir.asp?id=205 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3338E8-986F-4033-B0EC-2309FE31F0FF}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\..\{4991818F-6A07-42D3-8039-877D8E3C3C06}: NameServer = 212.139.132.42 212.139.132.41 O17 - HKLM\System\CCS\Services\Tcpip\..\{5737BCEC-DDD7-4816-A4F5-EE3812D97D77}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\..\{5C419E89-D305-4BBD-8803-5F2BF0356C4A}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\..\{C9FC85F3-B83B-45FF-9F0E-88D6A42A8001}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD96CEFC-6E83-48E6-B7E1-A72A27DAC0E0}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.90 85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.90 85.255.112.92 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe "Sarah" - 07-02-09 13:18:06 Service Pack 2 ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Sarah\Desktop" ((((((((((((((((((((((((((((((( Files Created from 2007-01-09 to 2007-02-09 )))))))))))))))))))))))))))))))))) 2007-02-09 03:31 <DIR> d-------- C:\4d5f43340c34e8b320ae0bdeb970 2007-02-09 03:18 <DIR> d-------- C:\VundoFix Backups 2007-02-09 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-02-09 03:02 <DIR> d-------- C:\9146e9fb82a2f646cd1c 2007-02-08 21:28 <DIR> d-------- C:\HJT 2007-02-08 20:57 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-08 20:57 <DIR> d-------- C:\Program Files\Grisoft 2007-02-08 20:34 <DIR> d--h----- C:\DOCUME~1\Sarah\Application Data\yahoo! 2007-02-08 19:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\yahoo! 2007-02-08 19:40 <DIR> d-------- C:\Program Files\Yahoo! 2007-02-08 18:36 23,040 --------- C:\WINDOWS\kb913800.exe 2007-02-08 18:20 <DIR> d-------- C:\Program Files\MSN Messenger 2007-02-08 18:18 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-02-08 18:07 <DIR> d---s---- C:\DOCUME~1\Sarah\UserData 2007-02-08 17:53 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-02-08 17:46 <DIR> d-------- C:\Program Files\Norton Internet Security 2007-02-08 17:45 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-02-08 17:45 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-02-08 17:39 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys 2007-02-08 17:39 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys 2007-02-08 17:39 5,606 --a------ C:\WINDOWS\system32\stci.dll 2007-02-08 17:39 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys 2007-02-08 17:39 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys 2007-02-08 17:39 <DIR> d-------- C:\Program Files\Thomson 2007-02-05 03:04 <DIR> d-------- C:\WINDOWS\Performance 2007-02-05 03:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation 2007-02-05 02:52 <DIR> d-------- C:\Program Files\Encore 2007-02-04 02:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia 2007-02-03 20:02 <DIR> d-------- C:\Downloads 2007-02-03 03:17 <DIR> d-------- C:\SIERRA 2007-02-03 03:07 <DIR> d-------- C:\DOCUME~1\Sarah\WINDOWS 2007-02-01 23:49 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-02-01 15:07 104 --a------ C:\WINDOWS\system32\attfd42.dll 2007-02-01 14:42 <DIR> d-------- C:\WINDOWS\Profiles 2007-02-01 00:13 <DIR> d-------- C:\DOCUME~1\Sarah\Application Data\Ahead 2007-02-01 00:12 89,184 -ra------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-02-01 00:11 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll 2007-02-01 00:11 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll 2007-02-01 00:11 38,912 -ra------ C:\WINDOWS\system32\picn20.dll 2007-02-01 00:11 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll 2007-02-01 00:10 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe 2007-02-01 00:10 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-02-01 00:10 <DIR> d-------- C:\Program Files\Ahead 2007-01-31 11:42 0 --a------ C:\DOCUME~1\Sarah\Application Data\wklnhst.dat 2007-01-31 11:42 <DIR> d-------- C:\DOCUME~1\Sarah\Application Data\Template 2007-01-30 12:51 <DIR> d-------- C:\DOCUME~1\Sarah\Application Data\AdobeUM 2007-01-25 12:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-01-24 19:37 <DIR> d-------- C:\Program Files\Atari 2007-01-22 18:28 <DIR> d-------- C:\DOCUME~1\Sarah\Application Data\Logitech 2007-01-22 18:25 13,440 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS 2007-01-22 18:25 <DIR> d-------- C:\Program Files\MUSICMATCH 2007-01-22 18:24 68,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2007-01-22 18:24 55,040 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2007-01-22 18:24 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-01-22 18:24 26,112 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys 2007-01-22 18:24 258,352 --a------ C:\WINDOWS\system32\unicows.dll 2007-01-22 18:24 <DIR> d-------- C:\Program Files\Logitech 2007-01-22 18:24 <DIR> d-------- C:\Program Files\Common Files\Logitech 2007-01-22 18:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-01-12 18:01 276,792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-01-12 18:01 25,400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-01-12 18:01 247,608 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-01-12 13:13 <DIR> d-------- C:\Program Files\KONAMI 2007-01-12 12:37 <DIR> d-------- C:\Program Files\Game Graphic Studio 2007-01-10 13:49 <DIR> d-------- C:\WINDOWS\Downloaded Installations (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-09 03:14 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-02-08 19:55 -------- d-------- C:\DOCUME~1\Sarah\Application Data\macromedia 2007-02-08 18:21 -------- d---s---- C:\DOCUME~1\Sarah\Application Data\microsoft 2007-02-08 18:00 -------- d-------- C:\Program Files\symantec 2007-02-08 17:39 -------- d--h----- C:\Program Files\installshield installation information 2007-02-04 03:05 -------- d-------- C:\Program Files\dkz studio 2007-01-08 02:10 -------- d-------- C:\Program Files\sports interactive 2007-01-05 12:36 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll 2007-01-05 12:36 17212 --a----t- C:\WINDOWS\system32\sintf32.dll 2007-01-05 12:36 12067 --a----t- C:\WINDOWS\system32\sintf16.dll 2007-01-04 11:41 -------- d-------- C:\Program Files\winuha 2007-01-03 19:37 -------- d-------- C:\Program Files\7-zip 2007-01-01 13:06 737280 --a------ C:\WINDOWS\iun6002.exe 2006-12-27 23:17 -------- d-------- C:\Program Files\fox 2006-12-27 13:39 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll 2006-12-27 13:36 -------- d-------- C:\Program Files\vid_0e8f&pid_0003 2006-12-26 15:08 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2006-12-25 20:20 -------- d-------- C:\DOCUME~1\Sarah\Application Data\intervideo 2006-12-21 11:40 -------- d-------- C:\Program Files\ea games 2006-12-15 11:11 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2006-12-15 11:11 -------- d-------- C:\Program Files\intel 2006-12-15 11:11 -------- d-------- C:\DOCUME~1\Sarah\Application Data\intel 2006-12-07 04:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "nwiz"="nwiz.exe /installquiet" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Toshiba Hotkey Utility"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang en" "SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\"" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "system"="kdxca.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ERASERUTILREBOOTDRV Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Sarah.job ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net detected NTDLL code modification: ZwQueryDirectoryFile scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... C:\WINDOWS\system32\kdxca.exe 65536 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 ******************************************************************** Completion time: 07-02-09 13:20:13 Thanks again :mrgreen: |
| ||
| Re: IE redirect and pop ups on laptop Hi Sarah, There are a few "iffy" items in the combofix log - we'll figure them out later. First, these steps need to be run - pretty much same as before ;) You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://www.bleepingcomputer.com/file...Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. When your system reboots, follow the prompts. Afterwards, HijackThis will launch (If Hijackthis does not launch then please start it yourself). Please Scan with HJT, and check the boxes for the following items: R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3338E8-986F-4033-B0EC-2309FE31F0FF}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\..\{5737BCEC-DDD7-4816-A4F5-EE3812D97D77}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\..\{5C419E89-D305-4BBD-8803-5F2BF0356C4A}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\..\{C9FC85F3-B83B-45FF-9F0E-88D6A42A8001}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\..\{CD96CEFC-6E83-48E6-B7E1-A72A27DAC0E0}: NameServer = 85.255.114.90,85.255.112.92 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.90 85.255.112.92 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.90 85.255.112.92 Be sure All Browser Windows are Closed and then Click Fix Checked. NEXT: Click Start > Run > type CMD > Enter Type or Copy&Paste: ipconfig /flushdns > Press Enter (Be sure to leave the space between the g and the / ) NEXT: Please Update your Java here ---> http://www.java.com/en Then, look in Add/Remove Programs and Remove ALL traces of any older Java versions! (your HJT shows jre1.5.0_04 - dump that...) If you do not uninstall ALL older versions, you may remain at risk for a number of baddies, such as that VUNDO that was on your other machine! THEN: Download ATF-Cleaner.exe by Atribune to your Desktop. -- Click on ATF-Cleaner to run it -- Where it says Select Files To Delete, Check the Select All Option (if you don’t want it to clean cookies, set it accordingly) -- Click Empty Selected > OK > EXIT This will flush TEMP files, etc... as well as clean the Java Cache. NEXT: Open AVG AntiSpyware. Click Run online update and allow it to run until you see the Update Successful message. NOW, run a full scan: -- Click on the Scanner button and choose the Settings Tab. ---> Under How to act?, click on Recommended action and choose Quarantine to set default action for detected malware. --->Under Reports make sure Automatically generate report after every scan is selected and UNCHECK the Only if threats were found box. -- Leave everything else at their default settings and Select the Scan tab and CLICK Complete System Scan to scan your machine. -- Upon completion of the scan, Click Apply all actions to place any detected baddies in Quarantine. -- AFTER clicking Apply all actions, Click on Save Report and select Save the report to your Desktop where you can find it easily. Again, be sure to Apply All Actions Before saving the Log! LASTLY: Please locate c:\fixwareout\report.txt and post it here along with Fresh HijackThis Scanlog and the AVG Anti-Spyware Log and we'll go from there. Cheers :) PP |
| ||
| Re: IE redirect and pop ups on laptop The IP address in those items you told me to remove from HJT was the same one that was saved on my pc before i changed the dns back to automatic ... is this what is causing part of the problem? Do i need to contact my isp to change the IP? Found another Trojan on the AVG scan ... any reason this wouldnt have been in the avg scan i did yesterday? Here are the logs: Fixwareout Last edited 1/30/2007 Post this report in the forums please ... Prerun check »»»»» HKLM run and Winlogon System values C:\WINDOWS\System32\kdxca.exe will be moved to C:\WINDOWS\temp\kdxca.ren at reboot. »»»»» System restarted Reg Entries that were deleted ... Random Runs removed from HKLM ... »»»»» Misc files. »»»»» Checking for older varients. »»»»» Postrun check »»»»» HKLM run »»»»» Winlogon System value "system"="" »»»»» PLEASE NOTE, There CAN be LEGITIMATE FILES LISTED IN THIS SECTION. This WILL/CAN also list Legit Files, Submit them at Virustotal Search five digit cs, dm kd and jb files. »»»»» »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "nwiz"="nwiz.exe /installquiet" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Toshiba Hotkey Utility"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang en" "SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\"" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" Hosts file was reset, If you use a custom hosts file please replace it --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:25:06 10/02/2007 + Scan result: C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP47\A0011138.exe -> Trojan.DNSChanger.hk : Cleaned with backup (quarantined). C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP47\A0011141.exe -> Trojan.DNSChanger.hk : Cleaned with backup (quarantined). C:\System Volume Information\_restore{1BA85EF5-6C2B-4F0D-B72F-50D3F1AF44F9}\RP49\A0011678.exe -> Trojan.DNSChanger.hk : Cleaned with backup (quarantined). ::Report end Logfile of HijackThis v1.99.1 Scan saved at 21:26:53, on 10/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\HJT\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{4991818F-6A07-42D3-8039-877D8E3C3C06}: NameServer = 212.139.132.6 212.139.132.7 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe Thanks, Sarah :) |
| ||||
| Re: IE redirect and pop ups on laptop Quote:
Quote:
If your Norton doesn't come with a Firewall, I suggest you install ZoneAlarm. Also, Spyware Blaster (in the linky). Better yet, when your subscription to Norton runs out, I suggest an upgrade.... You might have a look at Kaspersky Internet Security 6.0 Easily the best Security Suite option for the money.... Quote:
Only this one is in System Restore. Usually, after a battle with malware, it is advisable to flush your System Restore points because some malware can be preserved along with the legitimate stuff. In this case, it looks like AVG was able to clean the baddies.... Quote:
-- I would still like to see a Fresh Combofix log. If I remember correctly, there were some "iffy" items to look at... PP :) |
| ||
| Re: IE redirect and pop ups on laptop The thread your link directs to is amazingly helpful ... thanks! I've downloaded a few of the applications and already Zone Alarm has blocked things trying to access my pc that Norton didnt see ... silly that a free programme works better than the £50 one *rolls eyes* Here's the combofix log: "Sarah" - 07-02-12 1:44:50 Service Pack 2 ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Sarah\Desktop\Tools" ((((((((((((((((((((((((((((((( Files Created from 2007-01-12 to 2007-02-12 )))))))))))))))))))))))))))))))))) 2007-02-12 01:41 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-02-12 01:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-02-12 01:23 75,512 --a------ C:\WINDOWS\zllsputility.exe 2007-02-12 01:23 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2007-02-12 01:23 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll 2007-02-12 01:23 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs 2007-02-12 01:22 <DIR> d-------- C:\WINDOWS\Internet Logs 2007-02-12 01:17 <DIR> d-------- C:\Program Files\Windows Defender 2007-02-12 01:17 <DIR> d-------- C:\c58930f38af91c528bd17fd98596 2007-02-12 01:11 <DIR> d-------- C:\fdaece98d2545f4a96d51c3c021f 2007-02-12 01:09 <DIR> d-------- C:\e4921abaf5aedb7fbea089a357 2007-02-12 01:00 0 --a------ C:\WINDOWS\nsreg.dat 2007-02-12 00:59 <DIR> d-------- C:\Program Files\Mozilla Firefox 2007-02-12 00:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Windows Genuine Advantage 2007-02-12 00:39 <DIR> d-------- C:\c564f63a9ea55401b21fe240afe2 2007-02-11 03:00 <DIR> d-------- C:\8e81fadbf7e0f8bf22d93104ad7055 2007-02-10 23:10 <DIR> d-------- C:\7c652e128e8e716b536d907205 2007-02-10 20:02 <DIR> d-------- C:\fixwareout 2007-02-10 03:32 <DIR> d-------- C:\d6c62d58e7cfc427e8a9c890af9263 2007-02-10 03:00 <DIR> d-------- C:\8d384b3b473eb6b49490036e6b57 2007-02-09 20:46 <DIR> d-------- C:\Program Files\Norton Internet Security 2007-02-09 20:45 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-02-09 20:45 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-02-09 20:43 <DIR> d-------- C:\Program Files\Symantec 2007-02-09 03:31 <DIR> d-------- C:\4d5f43340c34e8b320ae0bdeb970 2007-02-09 03:18 <DIR> d-------- C:\VundoFix Backups 2007-02-09 03:02 <DIR> d-------- C:\Program Files\MSXML 4.0 2007-02-09 03:02 <DIR> d-------- C:\9146e9fb82a2f646cd1c 2007-02-08 21:28 <DIR> d-------- C:\HJT 2007-02-08 20:57 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-02-08 20:57 <DIR> d-------- C:\Program Files\Grisoft 2007-02-08 20:34 <DIR> d--h----- C:\DOCUME~1\Sarah\Application Data\yahoo! 2007-02-08 19:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\yahoo! 2007-02-08 19:40 <DIR> d-------- C:\Program Files\Yahoo! 2007-02-08 18:36 23,040 --------- C:\WINDOWS\kb913800.exe 2007-02-08 18:20 <DIR> d-------- C:\Program Files\MSN Messenger 2007-02-08 18:18 <DIR> d-------- C:\WINDOWS\system32\PreInstall 2007-02-08 18:07 <DIR> d---s---- C:\DOCUME~1\Sarah\UserData 2007-02-08 17:53 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution 2007-02-08 17:39 70,688 --a------ C:\WINDOWS\system32\drivers\alcaudsl.sys 2007-02-08 17:39 53,600 --a------ C:\WINDOWS\system32\drivers\alcan5wn.sys 2007-02-08 17:39 5,606 --a------ C:\WINDOWS\system32\stci.dll 2007-02-08 17:39 5,280 --a------ C:\WINDOWS\system32\drivers\alcawh.sys 2007-02-08 17:39 3,968 --a------ C:\WINDOWS\system32\drivers\alcacr.sys 2007-02-08 17:39 <DIR> d-------- C:\Program Files\Thomson 2007-02-05 03:04 <DIR> d-------- C:\WINDOWS\Performance 2007-02-05 03:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Microsoft Corporation 2007-02-05 02:52 <DIR> d-------- C:\Program Files\Encore 2007-02-04 02:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia 2007-02-03 20:02 <DIR> d-------- C:\Downloads 2007-02-03 03:17 <DIR> d-------- C:\SIERRA 2007-02-03 03:07 <DIR> d-------- C:\DOCUME~1\Sarah\WINDOWS 2007-02-01 23:49 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-02-01 15:07 104 --a------ C:\WINDOWS\system32\attfd42.dll 2007-02-01 14:42 <DIR> d-------- C:\WINDOWS\Profiles 2007-02-01 00:13 <DIR> d-------- C:\DOCUME~1\Sarah\Application Data\Ahead 2007-02-01 00:12 89,184 -ra------ C:\WINDOWS\system32\drivers\imagedrv.sys 2007-02-01 00:11 569,344 -ra------ C:\WINDOWS\system32\imagr5.dll 2007-02-01 00:11 544,768 -ra------ C:\WINDOWS\system32\imagx5.dll 2007-02-01 00:11 38,912 -ra------ C:\WINDOWS\system32\picn20.dll 2007-02-01 00:11 283,920 -ra------ C:\WINDOWS\system32\ImagXpr5.dll 2007-02-01 00:10 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe 2007-02-01 00:10 <DIR> d-------- C:\Program Files\Common Files\Ahead 2007-02-01 00:10 <DIR> d-------- C:\Program Files\Ahead 2007-01-31 11:42 0 --a------ C:\DOCUME~1\Sarah\Application Data\wklnhst.dat 2007-01-31 11:42 <DIR> d-------- C:\DOCUME~1\Sarah\Application Data\Template 2007-01-30 12:51 <DIR> d-------- C:\DOCUME~1\Sarah\Application Data\AdobeUM 2007-01-25 12:43 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-01-24 19:37 <DIR> d-------- C:\Program Files\Atari 2007-01-22 18:28 <DIR> d-------- C:\DOCUME~1\Sarah\Application Data\Logitech 2007-01-22 18:25 13,440 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS 2007-01-22 18:25 <DIR> d-------- C:\Program Files\MUSICMATCH 2007-01-22 18:24 68,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys 2007-01-22 18:24 55,040 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS 2007-01-22 18:24 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe 2007-01-22 18:24 26,112 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys 2007-01-22 18:24 258,352 --a------ C:\WINDOWS\system32\unicows.dll 2007-01-22 18:24 <DIR> d-------- C:\Program Files\Logitech 2007-01-22 18:24 <DIR> d-------- C:\Program Files\Common Files\Logitech 2007-01-22 18:19 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys 2007-01-12 18:01 276,792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-01-12 18:01 25,400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-01-12 18:01 247,608 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-01-12 13:13 <DIR> d-------- C:\Program Files\KONAMI 2007-01-12 12:37 <DIR> d-------- C:\Program Files\Game Graphic Studio (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-02-12 01:48 -------- d-------- C:\Program Files\Common Files\symantec shared 2007-02-12 01:00 -------- d-------- C:\DOCUME~1\Sarah\Application Data\mozilla 2007-02-10 20:26 -------- d-------- C:\Program Files\java 2007-02-08 19:55 -------- d-------- C:\DOCUME~1\Sarah\Application Data\macromedia 2007-02-08 18:21 -------- d---s---- C:\DOCUME~1\Sarah\Application Data\microsoft 2007-02-08 17:39 -------- d--h----- C:\Program Files\installshield installation information 2007-02-04 03:05 -------- d-------- C:\Program Files\dkz studio 2007-01-08 02:10 -------- d-------- C:\Program Files\sports interactive 2007-01-05 12:36 21840 --a----t- C:\WINDOWS\system32\sintfnt.dll 2007-01-05 12:36 17212 --a----t- C:\WINDOWS\system32\sintf32.dll 2007-01-05 12:36 12067 --a----t- C:\WINDOWS\system32\sintf16.dll 2007-01-04 11:41 -------- d-------- C:\Program Files\winuha 2007-01-03 19:37 -------- d-------- C:\Program Files\7-zip 2007-01-01 13:06 737280 --a------ C:\WINDOWS\iun6002.exe 2006-12-27 23:17 -------- d-------- C:\Program Files\fox 2006-12-27 13:39 98304 --a------ C:\WINDOWS\system32\cmdlineext.dll 2006-12-27 13:36 -------- d-------- C:\Program Files\vid_0e8f&pid_0003 2006-12-26 15:08 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys 2006-12-25 20:20 -------- d-------- C:\DOCUME~1\Sarah\Application Data\intervideo 2006-12-21 11:40 -------- d-------- C:\Program Files\ea games 2006-12-15 11:11 21275 --a------ C:\WINDOWS\system32\drivers\AegisP.sys 2006-12-15 11:11 -------- d-------- C:\Program Files\intel 2006-12-15 11:11 -------- d-------- C:\DOCUME~1\Sarah\Application Data\intel 2006-12-07 04:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "TOSCDSPD"="C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "nwiz"="nwiz.exe /installquiet" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup" "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Toshiba Hotkey Utility"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\Hotkey.exe\" /lang en" "SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe" "DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE" "IntelZeroConfig"="\"C:\\Program Files\\Intel\\Wireless\\bin\\ZCfgSvc.exe\"" "IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe" "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide" "ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\"" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SRESCAN *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_VSMON Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Sarah.job ******************************************************************** catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-02-12 1:50:28 C:\ComboFix2.txt ... 07-02-09 13:48 Thanks! :) |
| ||
| Re: IE redirect and pop ups on laptop Quote:
I still need to rework my recommendations page and update it a bit, but the basics are still valid. It is good to have a software firewall (even if you are behind a hardware firewall) such as ZA because, unlike the built-in Windows Firewall, it monitors both incoming and OUTGOING traffic. So, if a baddie somehow makes it onto your machine and then decides to try to "phone home," ZA will pop up and ask if you want to allow it..... Of course, it will take a few days until ZA "learns" what you want to allow and what you want to block. I imagine you found their flash tutorial helpful? Spyware Blaster is my favorite anti-malware tool - it is wicked in its simplicity. It uses zero system resources - just adds what it calls a "kill bit" to the registry for all the bad CLSIDs in its database, thus blocking those nasty ActiveX downloads. Excellent! Just remember to Online Update its DataBase every 10 days or so... Anyhoo, the logs look OK, except for the following. I do not know what they are: 2007-02-12 01:17 <DIR> d-------- C:\c58930f38af91c528bd17fd98596 2007-02-12 01:11 <DIR> d-------- C:\fdaece98d2545f4a96d51c3c021f 2007-02-12 01:09 <DIR> d-------- C:\e4921abaf5aedb7fbea089a357 2007-02-12 00:39 <DIR> d-------- C:\c564f63a9ea55401b21fe240afe2 2007-02-11 03:00 <DIR> d-------- C:\8e81fadbf7e0f8bf22d93104ad7055 2007-02-10 23:10 <DIR> d-------- C:\7c652e128e8e716b536d907205 2007-02-10 03:32 <DIR> d-------- C:\d6c62d58e7cfc427e8a9c890af9263 2007-02-10 03:00 <DIR> d-------- C:\8d384b3b473eb6b49490036e6b57 2007-02-09 03:31 <DIR> d-------- C:\4d5f43340c34e8b320ae0bdeb970 2007-02-09 03:02 <DIR> d-------- C:\9146e9fb82a2f646cd1c Are they still on your machine? Can you tell what they are or what is in the folders? Also, how are things working now? Any issues? Best :) PP Let me know. |
| ||||
| Re: IE redirect and pop ups on laptop Quote:
Quote:
Quote:
Quote:
I've tried to update it about 6 or 7 times and it says its done but when i restart its right back there again saying it needs to update! I even went to the update site and tried to do it through there but its still not working. The update created a folder in my programme files called MSXML 4.0 which is empty. The files in my c drive seem to be some sort of log and all begin with MSXML4 ... heres an extract from one of them, i wont post the whole thing as its far too long: === Verbose logging started: 09/02/2007 03:31:38 Build type: SHIP UNICODE 3.01.4000.2435 Calling process: C:\WINDOWS\system32\msiexec.exe === MSI (c) (20:D0) [03:31:38:781]: Resetting cached policy values MSI (c) (20:D0) [03:31:38:781]: Machine policy value 'Debug' is 0 MSI (c) (20:D0) [03:31:38:781]: ******* RunEngine: ******* Product: c:\4d5f43340c34e8b320ae0bdeb970\msxml.msi ******* Action: ******* CommandLine: ********** MSI (c) (20:D0) [03:31:38:781]: Client-side and UI is none or basic: Running entire install on the server. MSI (c) (20:D0) [03:31:38:781]: Grabbed execution mutex. MSI (c) (20:D0) [03:31:38:843]: Cloaking enabled. MSI (c) (20:D0) [03:31:38:843]: Attempting to enable all disabled priveleges before calling Install on Server MSI (c) (20:D0) [03:31:38:859]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (68:C8) [03:31:38:875]: Grabbed execution mutex. MSI (s) (68:80) [03:31:38:875]: Resetting cached policy values MSI (s) (68:80) [03:31:38:875]: Machine policy value 'Debug' is 0 MSI (s) (68:80) [03:31:38:875]: ******* RunEngine: ******* Product: c:\4d5f43340c34e8b320ae0bdeb970\msxml.msi ******* Action: ******* CommandLine: ********** MSI (s) (68:80) [03:31:38:875]: Machine policy value 'DisableUserInstalls' is 0 MSI (s) (68:80) [03:31:38:875]: End dialog not enabled MSI (s) (68:80) [03:31:38:875]: Original package ==> c:\4d5f43340c34e8b320ae0bdeb970\msxml.msi MSI (s) (68:80) [03:31:38:875]: Package we're running from ==> c:\WINDOWS\Installer\1e252b1.msi MSI (s) (68:80) [03:31:38:890]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'. MSI (s) (68:80) [03:31:38:890]: APPCOMPAT: no matching ProductCode found in database. MSI (s) (68:80) [03:31:38:890]: MSCOREE not loaded loading copy from system32 MSI (s) (68:80) [03:31:38:890]: Machine policy value 'DisablePatch' is 0 MSI (s) (68:80) [03:31:38:890]: Machine policy value 'AllowLockdownPatch' is 0 MSI (s) (68:80) [03:31:38:890]: Machine policy value 'DisableLUAPatching' is 0 MSI (s) (68:80) [03:31:38:890]: Machine policy value 'DisableFlyWeightPatching' is 0 MSI (s) (68:80) [03:31:38:890]: APPCOMPAT: looking for appcompat database entry with ProductCode '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}'. MSI (s) (68:80) [03:31:38:890]: APPCOMPAT: no matching ProductCode found in database. MSI (s) (68:80) [03:31:38:890]: Transforms are not secure. MSI (s) (68:80) [03:31:38:890]: Command Line: REBOOT=ReallySuppress CURRENTDIRECTORY=c:\4d5f43340c34e8b320ae0bdeb970 CLIENTUILEVEL=3 CLIENTPROCESSID=2848 MSI (s) (68:80) [03:31:38:890]: PROPERTY CHANGE: Adding PackageCode property. Its value is '{2B27DCD9-53FA-4885-B6CD-698623819F4C}'. MSI (s) (68:80) [03:31:38:890]: Product Code passed to Engine.Initialize: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' MSI (s) (68:80) [03:31:38:890]: Product Code from property table before transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' MSI (s) (68:80) [03:31:38:890]: Product Code from property table after transforms: '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' MSI (s) (68:80) [03:31:38:890]: Product registered: entering maintenance mode MSI (s) (68:80) [03:31:38:890]: PROPERTY CHANGE: Adding ProductState property. Its value is '5'. MSI (s) (68:80) [03:31:38:890]: PROPERTY CHANGE: Adding ProductToBeRegistered property. Its value is '1'. MSI (s) (68:80) [03:31:38:890]: Entering CMsiConfigurationManager::SetLastUsedSource. MSI (s) (68:80) [03:31:38:890]: Specifed source is not already in a list. MSI (s) (68:80) [03:31:38:890]: User policy value 'SearchOrder' is 'nmu' MSI (s) (68:80) [03:31:38:890]: Machine policy value 'DisableBrowse' is 0 MSI (s) (68:80) [03:31:38:890]: Machine policy value 'AllowLockdownBrowse' is 0 MSI (s) (68:80) [03:31:38:890]: Adding new sources is allowed. MSI (s) (68:80) [03:31:38:890]: Package name retrieved from configuration data: 'msxml.msi' MSI (s) (68:80) [03:31:38:890]: Determined that existing product (either this product or the product being upgraded with a patch) is installed per-machine. MSI (s) (68:80) [03:31:38:890]: Note: 1: 2729 MSI (s) (68:80) [03:31:38:921]: Note: 1: 2729 MSI (s) (68:80) [03:31:38:921]: Note: 1: 2262 2: AdminProperties 3: -2147287038 MSI (s) (68:80) [03:31:38:921]: Machine policy value 'DisableMsi' is 0 MSI (s) (68:80) [03:31:38:921]: Machine policy value 'AlwaysInstallElevated' is 0 MSI (s) (68:80) [03:31:38:921]: User policy value 'AlwaysInstallElevated' is 0 MSI (s) (68:80) [03:31:38:921]: Product {37477865-A3F1-4772-AD43-AAFC6BCFF99F} is admin assigned: LocalSystem owns the publish key. MSI (s) (68:80) [03:31:38:921]: Product {37477865-A3F1-4772-AD43-AAFC6BCFF99F} is managed. MSI (s) (68:80) [03:31:38:921]: Running product '{37477865-A3F1-4772-AD43-AAFC6BCFF99F}' with elevated privileges: Product is assigned. MSI (s) (68:80) [03:31:38:921]: PROPERTY CHANGE: Adding REBOOT property. Its value is 'ReallySuppress'. MSI (s) (68:80) [03:31:38:921]: PROPERTY CHANGE: Adding CURRENTDIRECTORY property. Its value is 'c:\4d5f43340c34e8b320ae0bdeb970'. MSI (s) (68:80) [03:31:38:921]: PROPERTY CHANGE: Adding CLIENTUILEVEL property. Its value is '3'. MSI (s) (68:80) [03:31:38:921]: PROPERTY CHANGE: Adding CLIENTPROCESSID property. Its value is '2848'. MSI (s) (68:80) [03:31:38:921]: TRANSFORMS property is now: MSI (s) (68:80) [03:31:38:921]: PROPERTY CHANGE: Adding PRODUCTLANGUAGE property. Its value is '1033'. MSI (s) (68:80) [03:31:38:921]: PROPERTY CHANGE: Adding VersionDatabase property. Its value is '200'. MSI (s) (68:80) [03:31:38:921]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Application Data MSI (s) (68:80) [03:31:38:921]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Favorites MSI (s) (68:80) [03:31:38:921]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\NetHood MSI (s) (68:80) [03:31:38:921]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents MSI (s) (68:80) [03:31:38:921]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\PrintHood MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Recent MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\SendTo MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Templates MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Application Data MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\My Documents\My Pictures MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs\Startup MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu\Programs MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Start Menu MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Desktop MSI (s) (68:80) [03:31:38:937]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Administrative Tools MSI (s) (68:80) [03:31:38:953]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup MSI (s) (68:80) [03:31:38:953]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs MSI (s) (68:80) [03:31:38:953]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Start Menu MSI (s) (68:80) [03:31:38:953]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\system32\config\systemprofile\Desktop MSI (s) (68:80) [03:31:38:953]: SHELL32::SHGetFolderPath returned: C:\Documents and Settings\All Users\Templates MSI (s) (68:80) [03:31:38:953]: SHELL32::SHGetFolderPath returned: C:\WINDOWS\Fonts MSI (s) (68:80) [03:31:38:953]: Note: 1: 2898 2: MS Sans Serif 3: MS Sans Serif 4: 0 5: 16 MSI (s) (68:80) [03:31:38:953]: PROPERTY CHANGE: Adding Privileged property. Its value is '1'. MSI (s) (68:80) [03:31:38:953]: PROPERTY CHANGE: Adding USERNAME property. Its value is 'Sarah'. MSI (s) (68:80) [03:31:38:953]: Note: 1: 1402 2: HKEY_CURRENT_USER\Software\Microsoft\MS Setup (ACME)\User Info 3: 2 MSI (s) (68:80) [03:31:38:953]: PROPERTY CHANGE: Adding Installed property. Its value is '00:00:00'. MSI (s) (68:80) [03:31:38:953]: PROPERTY CHANGE: Adding DATABASE property. Its value is 'c:\WINDOWS\Installer\1e252b1.msi'. MSI (s) (68:80) [03:31:38:953]: PROPERTY CHANGE: Adding OriginalDatabase property. Its value is 'c:\4d5f43340c34e8b320ae0bdeb970\msxml.msi'. MSI (s) (68:80) [03:31:38:953]: Note: 1: 2205 2: 3: PatchPackage MSI (s) (68:80) [03:31:38:953]: Machine policy value 'DisableRollback' is 0 MSI (s) (68:80) [03:31:38:953]: User policy value 'DisableRollback' is 0 MSI (s) (68:80) [03:31:38:953]: PROPERTY CHANGE: Adding UILevel property. Its value is '2'. I'm not getting the pop ups or redirect on my laptop now ... does this mean its safe to start using things like my online banking again? I havnt checked my pc again yet ... but i will later on and post in my other thread. Thanks, Sarah :cheesy: Let me know.[/quote] |
| ||||
| Re: IE redirect and pop ups on laptop Quote:
I have a desktop Icon for it - I sometimes use its database to reference baddies. Quote:
These errors are a pain to troubleshoot. Is it just this particular update? Are you able to install other "critical updates?" Quote:
But, I think you are OK. :) Quote:
Cheers :) PP |
| All times are GMT -4. The time now is 3:38 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC