internet explorer wont launch

aliEnRIK

I think Sid Vicious would be chuffed that he can still create havoc even from beyond the grave

Seriously though ~ your computers badly infected to the point id really consider wiping the drive and starting afresh (If you can). You have trojans dating back to 2004!
Clearly your dodgy mp3 collection isnt helping matters either

anyways ~
run ccleaners CLEANER part again to remove 'temp' files


Open notepad and copy/paste the text in RED below

File::
C:\Documents and Settings\Shell\Incomplete\T-3545425-lady gaga pokerface.mp3
C:\Documents and Settings\Shell\Incomplete\T-3545427-moro boconoig (high bitrate).mp3
C:\Documents and Settings\Shell\Incomplete\T-5088466-moro boconoig[high quality].snd
C:\Documents and Settings\Shell\Incomplete\T-5745425-lady gaga pokerface.mp3
C:\Documents and Settings\Shell\Share\brian adams cloud no9.mp3
C:\Documents and Settings\Shell\Share\Crazytown - Skulls and stars.mp3
C:\Documents and Settings\Shell\Share\Culture Beat - Mr. Vain Recall (C.J.Stone Mix with rap)).mp3
C:\Documents and Settings\Shell\Share\god save queen sex pistols.mp3
C:\Documents and Settings\Shell\Share\moro boconoig.mp3
C:\Documents and Settings\Shell\Share\so fine guns n roses use your [cd rip].mp3
C:\Program Files\MSN Messenger\msimg32.dll
C:\WINDOWS\che3.exe
C:\WINDOWS\system32\CatRoot_bak
C:\WINDOWS\system32\ezsidmv.dat
C:\WINDOWS\nsreg.dat
C:\WINDOWS\system32\dllcache\ieproxy.dll
C:\WINDOWS\system32\dllcache\xpshims.dll
C:\WINDOWS\system32\wscntfy.exe.tmp
C:\WINDOWS\system32\wbem\wmiapsrv.exe.tmp



Folder::
C:\Documents and Settings\Shell\IETldCache
C:\Documents and Settings\LocalService\IETldCache
C:\Documents and Settings\NetworkService\IETldCache
C:\WINDOWS\ie8updates
C:\Documents and Settings\Shell\IECompatCache
C:\Documents and Settings\Shell\PrivacIE


Save this as "CFScript"

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.

shaun40400

will do this tomorrow as having an early night?? some chance:o
like the sid comment :rotfl:
will post tomorrow evening
thanks again

shaun40400

ComboFix 09-06-26.02 - Shell 02/07/2009 7:19.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.179 [GMT 1:00]
Running from: F:\ComboFix.exe
Command switches used :: c:\documents and settings\Shell\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Shell\Incomplete\T-3545425-lady gaga pokerface.mp3"
"c:\documents and settings\Shell\Incomplete\T-3545427-moro boconoig (high bitrate).mp3"
"c:\documents and settings\Shell\Incomplete\T-5088466-moro boconoig[high quality].snd"
"c:\documents and settings\Shell\Incomplete\T-5745425-lady gaga pokerface.mp3"
"c:\documents and settings\Shell\Share\brian adams cloud no9.mp3"
"c:\documents and settings\Shell\Share\Crazytown - Skulls and stars.mp3"
"c:\documents and settings\Shell\Share\Culture Beat - Mr. Vain Recall (C.J.Stone Mix with rap)).mp3"
"c:\documents and settings\Shell\Share\god save queen sex pistols.mp3"
"c:\documents and settings\Shell\Share\moro boconoig.mp3"
"c:\documents and settings\Shell\Share\so fine guns n roses use your [cd rip].mp3"
"c:\program files\MSN Messenger\msimg32.dll"
"c:\windows\che3.exe"
"c:\windows\nsreg.dat"
"c:\windows\system32\CatRoot_bak"
"c:\windows\system32\dllcache\ieproxy.dll"
"c:\windows\system32\dllcache\xpshims.dll"
"c:\windows\system32\ezsidmv.dat"
"c:\windows\system32\wbem\wmiapsrv.exe.tmp"
"c:\windows\system32\wscntfy.exe.tmp"
.

((((((((((((((((((((((((( Files Created from 2009-06-02 to 2009-07-02 )))))))))))))))))))))))))))))))
.

2009-06-30 00:39 . 2009-07-02 05:53

---

d

---

w- c:\documents and settings\Shell\Application Data\skypePM
2009-06-30 00:35 . 2009-07-02 06:22

---

d

---

w- c:\documents and settings\Shell\Application Data\Skype
2009-06-30 00:34 . 2009-06-30 00:34

---

d

---

w- c:\program files\Common Files\Skype
2009-06-30 00:34 . 2009-06-30 00:34

---

d

---

r- c:\program files\Skype
2009-06-30 00:34 . 2009-06-30 00:34

---

d

---

w- c:\documents and settings\All Users\Application Data\Skype
2009-06-30 00:03 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-30 00:03 . 2009-03-24 15:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-30 00:03 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-30 00:03 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-30 00:02 . 2009-06-30 00:03

---

d

---

w- c:\program files\Avira
2009-06-29 23:55 . 2009-06-29 23:55

---

d

---

w- c:\program files\DVD Decrypter
2009-06-29 23:54 . 2009-06-29 23:54

---

d

---

w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-06-29 23:54 . 2009-06-29 23:54

---

d

---

w- c:\program files\DVD Shrink
2009-06-29 23:29 . 2009-06-29 23:29

---

d

---

w- c:\program files\VS Revo Group
2009-06-29 23:24 . 2009-06-29 23:24

---

d

---

w- c:\documents and settings\Shell\Local Settings\Application Data\Mozilla
2009-06-29 23:00 . 2009-06-29 23:00

---

d

---

w- c:\program files\CCleaner
2009-06-29 22:26 . 2009-06-29 22:26

---

d

---

w- c:\windows\system32\dllcache\cache
2009-06-29 09:10 . 2009-06-29 09:10

---

d

---

w- c:\program files\Trend Micro
2009-06-28 13:10 . 2009-06-28 13:11

---

dc-h--w- c:\windows\ie8
2009-06-28 11:48 . 2009-06-28 12:12

---

d

---

w- c:\windows\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-02 06:10 . 2008-02-04 17:21

---

d

---

w- c:\program files\MSN Messenger
2009-06-30 05:33 . 2007-08-07 22:02

---

d

---

w- c:\program files\Microsoft SQL Server
2009-06-30 05:27 . 2008-11-14 21:14

---

d

---

w- c:\program files\Avanquest update
2009-06-30 00:03 . 2009-03-29 09:05

---

d

---

w- c:\documents and settings\All Users\Application Data\Avira
2009-06-29 15:17 . 2007-08-07 22:11

---

d

---

w- c:\program files\Common Files\Symantec Shared
2009-06-29 10:35 . 2009-01-09 17:44

---

d

---

w- c:\program files\Microsoft Silverlight
2009-06-29 10:17 . 2007-08-07 21:58

---

d

---

w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-13 05:15 . 2007-04-18 12:31 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:44 . 2004-08-05 03:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 09:58 . 2007-03-08 13:47 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-05 03:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-07-02 393216]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-02 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-20 136600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-14 850704]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-28 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-1-24 45056]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30/06/2009 01:03 108289]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 18:50 30312]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [09/01/2009 18:43 55136]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [08/12/2008 18:01 533344]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/02/2007 05:29 29178224]
S3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\drivers\NtpaSp50.sys [24/01/2008 10:13 17536]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [14/11/2008 22:14 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [14/11/2008 22:14 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [14/11/2008 22:14 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [14/11/2008 22:14 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [14/11/2008 22:14 100008]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]
.
.

---

Supplementary Scan

---

.
uStart Page = hxxp://uk.yahoo.com/
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:9090
FF - ProfilePath - c:\documents and settings\Shell\Application Data\Mozilla\Firefox\Profiles\1ofu8zf6.default\
FF - prefs.js: browser.startup.homepage - hxxp://ie.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 07:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

- - - - - - - > 'explorer.exe'(2988)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\program files\Windows Media Player\wmpband.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-02 7:24
ComboFix-quarantined-files.txt 2009-07-02 06:24
ComboFix2.txt 2009-07-02 06:12
ComboFix3.txt 2009-06-29 23:13
ComboFix4.txt 2009-06-29 22:27
ComboFix5.txt 2009-07-02 06:18

Pre-Run: 9,302,466,560 bytes free
Post-Run: 9,283,555,328 bytes free

182 --- E O F --- 2009-07-02 05:59

aliEnRIK

Im a little lost now ~ the log doesnt say anything was deleted and yet none of them are IN the log!

Can you confirm if anything WAS removed?

aliEnRIK

Just realised you still have some NORTON running too

Use the Norton removal tool
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

shaun40400

still have norton removal on my usb so thats running now
but did run this the first time you asked me??
also got a nss norton downloaded on my desktop??
dont remember it saying it had deleted anything ,,,but unless it was in big flashing neon lights i probably would have missed it

norton is gone as it just asked which issue i have so i can reinstall it :rolleyes:

aliEnRIK

hmmmmm

Have a look and see if the mp3s still exist that we tried to remove

shaun40400

used the itune library search
check for the song and artist separately
"c:\documents and settings\Shell\Incomplete\T-3545425-lady gaga pokerface.mp3"
this seems to still be on the itunes library rest have gone

aliEnRIK

delete that one manually. Looks like your possibly clean now. Just a case of wait and see

shaun40400

free!! free !!
thank you thank you thank you

hope fully as you say that's job done
thanks for all you help much appreciated
shaun