internet explorer wont launch

shaun40400 · 28 June 2009 at 8:53PM

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 2

2009-06-29 10:01:38
mbam-log-2009-06-29 (10-01-38).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 139090
Time elapsed: 35 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

aliEnRIK · 28 June 2009 at 9:59PM

Download CCLEANER (Make sure you click 'DOWNLOAD LATEST VERSION' ~ make sure YAHOO TOOLBAR is unticked on installation)
http://www.filehippo.com/download_ccleaner/
Run the CLEANER scan (UNTICK 'cookies')
Then run the REGISTRY scan (Backup the registry when it asks)

Open notepad and copy/paste the text in RED below

File::
c:\windows\system32\d3d8caps.dat
c:\windows\system32\SymNeti.dll
c:\windows\system32\drivers\fssflt r_tdi.sys
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\docume~1\Shell\LOCALS~1\Temp\RtkBtMnt.exe

Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

shaun40400 · 29 June 2009 at 12:21AM

ComboFix 09-06-26.02 - Shell 30/06/2009 0:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.134 [GMT 1:00]
Running from: c:\documents and settings\Shell\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Shell\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 23:00 . 2009-06-29 23:00

d

w- c:\program files\CCleaner
2009-06-29 22:26 . 2009-06-29 22:26

d

w- c:\windows\system32\dllcache\cache
2009-06-29 15:27 . 2009-06-29 15:27

d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-06-29 10:16 . 2009-06-29 10:16

d

w- c:\windows\ie8updates
2009-06-29 09:59 . 2009-06-29 09:59

d-sh--w- c:\documents and settings\Shell\IECompatCache
2009-06-29 09:58 . 2009-06-29 09:58

d-sh--w- c:\documents and settings\Shell\PrivacIE
2009-06-29 09:10 . 2009-06-29 09:10

d

w- c:\program files\Trend Micro
2009-06-29 08:33 . 2009-04-30 21:22 12800

w- c:\windows\system32\dllcache\xpshims.dll
2009-06-29 08:33 . 2009-04-30 21:22 246272

w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-29 08:21 . 2009-06-29 08:21

d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-29 08:21 . 2009-06-29 08:21

d-sh--w- c:\documents and settings\Shell\IETldCache
2009-06-28 13:10 . 2009-06-28 13:11

dc-h--w- c:\windows\ie8
2009-06-28 11:48 . 2009-06-28 12:12

d

w- c:\windows\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-29 15:17 . 2007-08-07 22:11

d

w- c:\program files\Common Files\Symantec Shared
2009-06-29 14:42 . 2007-08-07 22:02

d

w- c:\program files\Microsoft SQL Server
2009-06-29 10:35 . 2009-01-09 17:44

d

w- c:\program files\Microsoft Silverlight
2009-06-29 10:17 . 2007-08-07 21:58

d

w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-13 05:15 . 2007-04-18 12:31 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2004-08-05 03:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 09:58 . 2007-03-08 13:47 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-05 03:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-06-29_22.26.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-29 22:26 . 2008-10-16 14:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-29 22:26 . 2004-08-05 03:00 82944 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-29 22:26 . 2004-08-05 03:00 24576 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-29 22:26 . 2004-08-05 03:00 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-29 22:26 . 2005-06-10 23:53 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-29 22:26 . 2004-08-05 03:00 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-29 22:26 . 2004-08-05 03:00 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-29 22:26 . 2004-08-04 05:58 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-29 22:26 . 2004-08-05 03:00 29056 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-29 22:26 . 2004-08-05 03:00 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-29 22:26 . 2004-08-05 03:00 502272 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-29 22:26 . 2009-05-13 05:15 915456 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-29 22:26 . 2007-03-08 15:36 577536 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-29 22:26 . 2004-08-05 03:00 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-29 22:26 . 2008-06-20 10:45 360320 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-29 22:26 . 2009-02-06 10:22 110592 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-29 22:26 . 2004-08-05 03:00 182912 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-29 22:26 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-29 22:26 . 2004-08-05 03:00 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-29 22:26 . 2004-08-05 03:00 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2009-06-29 22:26 . 2004-08-05 03:00 1580544 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-29 22:26 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-29 22:26 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-29 22:26 . 2007-06-13 10:23 1033216 c:\windows\system32\dllcache\cache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-14 850704]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-28 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-1-24 45056]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 18:50 30312]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [09/01/2009 18:43 55136]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [08/12/2008 18:01 533344]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 05:29 29178224]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [24/01/2008 10:13 17536]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [14/11/2008 22:14 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [14/11/2008 22:14 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [14/11/2008 22:14 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [14/11/2008 22:14 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [14/11/2008 22:14 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
.
.

Supplementary Scan

.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:9090
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 00:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

DLLs Loaded Under Running Processes

- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(2412)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\program files\Windows Media Player\wmpband.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-29 0:12
ComboFix-quarantined-files.txt 2009-06-29 23:12
ComboFix2.txt 2009-06-29 22:27
ComboFix3.txt 2009-03-29 06:33

Pre-Run: 9,849,462,784 bytes free
Post-Run: 9,823,272,960 bytes free

171 --- E O F --- 2009-06-29 14:43

shaun40400 · 29 June 2009 at 12:37AM

and we have inter net :j:j
installing
avira antivir
firefox/mozzilla

shaun40400 · 29 June 2009 at 1:24AM

inter net OK
installing
avira antivir OK
firefox/mozzilla OK

REBOOTED A FEW TIMES ,,,,ALL OK
HOPEFULLY YOU WONT FIND ANYTHING TO :eek::eek: IN THE LOG

WILL CHECK BACK TOMORROW
BIG THANK YOU TOO,,,,,,,,
aliEnRIK
AND
slushpuppy FOR A VALIANT EFFORT

aliEnRIK · 29 June 2009 at 6:31AM

Something wasnt right with the notepad file as it never deleted anything shaun (So I suspect ccleaner has removed something thats fixed the initial problem). You dragged it to combofix fine as its showing in the log ~
Command switches used :: c:\documents and settings\Shell\Desktop\CFScript.txt

Please COPY AND PASTE the red part, putting the 'File::' bit RIGHT at the top with no space in front

Also add this to the end ~
c:\windows\system32\CatRoot_bak

shaun40400 · 29 June 2009 at 7:27AM

added extra line and moved file to left no gaps
lappy has rebooted

blue screen says do not run untill c,fix has fin
curser is flashing

over 5 min ...nothing happening
lappy has rebooted

edit ok is doing stuff
will post now

shaun40400 · 29 June 2009 at 7:32AM

cant open file to copy
keeps asking if i wont to add it to the registry
did a search for
combofix txt found last nights report
c:\combofix txt found nothing
so how do i get the report from it now? do it again?

shaun40400 · 29 June 2009 at 11:09AM

as i said this wasent my lappy until recently

was he(maybe theirs something he wonts to tell us??)or oh,, looking at naughty sites????
seems most pc problems start their!!

shaun40400 · 29 June 2009 at 2:56PM

bump,,,,,,,,,,,,, bump

internet explorer wont launch

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free