Thanks so much!
Cannot open Internet explorer [CLOSED]
Started by
catdogswimming
, Nov 04 2008 07:01 PM
#1
Posted 04 November 2008 - 07:01 PM
Thanks so much!
#2
Posted 08 November 2008 - 12:02 PM
Do you see IE shown in the Task Manager list of processes?
Run a HijackThis scan and post the log here.
Go to C:\Windows\inf\ and right click on ie.inf and choose Install. See if that helps repair IE and make it functional again.
Run a HijackThis scan and post the log here.
Go to C:\Windows\inf\ and right click on ie.inf and choose Install. See if that helps repair IE and make it functional again.
#3
Posted 08 November 2008 - 01:22 PM
I would do what you suggested except my computer (the one with the problem) won't let me open anything. I click on something on my desktop and it just sits there with the hourglass. I can't open the Hijack this and if I could, I wouldn't be able to post a log from that computer because of the IE problem. This problem just seemed to come about on its own - I hadn't even been online when I realized something was wrong. I came back to it after the whole day of not being online and tried to open IE and this is what I found. What should I do?
Thanks.
Thanks.
#4
Posted 08 November 2008 - 08:48 PM
Did you try booting into Safe Mode or the last known good configuration to see if it helps?
#5
Posted 09 November 2008 - 07:43 AM
Okay - safe mode did help. I can actually click on icons and they will open. I was able to run Hijackthis and save a log file but I couldn't get online to send it to you from that computer. Is there something I can do in safemode to fix it?
Thanks so much!
Thanks so much!
#6
Posted 09 November 2008 - 09:48 PM
Does Safe Mode with Networking help? If not, copy it to a USB thumb/flash drive and use another computer to send the log.
Did you try last known good configuration to see if it will work?
Did you try last known good configuration to see if it will work?
Edited by greyknight17, 09 November 2008 - 09:48 PM.
#7
Posted 10 November 2008 - 01:26 PM
I haven't tried the last known good configuration because I'm not sure what that is - I did try the Safe Mode with Networking which is how I'm sending this message on the computer with the problem. I also ran Hijackthis and the log is posted below. Thanks so much!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:56 AM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159036201193
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{242B77BC-02DB-48BD-A732-902622AB1D24}: Domain = domain.invalid
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F07A290-222A-4816-B664-9B4780F19017}: Domain = domain.invalid
O17 - HKLM\System\CS1\Services\Tcpip\..\{242B77BC-02DB-48BD-A732-902622AB1D24}: Domain = domain.invalid
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 4567 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:56 AM, on 11/9/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159036201193
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{242B77BC-02DB-48BD-A732-902622AB1D24}: Domain = domain.invalid
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F07A290-222A-4816-B664-9B4780F19017}: Domain = domain.invalid
O17 - HKLM\System\CS1\Services\Tcpip\..\{242B77BC-02DB-48BD-A732-902622AB1D24}: Domain = domain.invalid
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 4567 bytes
#8
Posted 10 November 2008 - 04:55 PM
Try the last known good configuration. It will try to load back Windows before it had problems. Hopefully you had a good restore point prior that will work.
#9
Posted 10 November 2008 - 09:12 PM
The last known good configuration didn't work - it acts the same in that mode. And I noticed when trying to shut down the computer while in that mode a window with "End Program - agent.exe" comes up and then one called "End program - Microsoft Internet Explorer" even though I never was able to get a IE window to open up.
#10
Posted 11 November 2008 - 07:58 PM
OK, we'll work with what you have now. Get ComboFix (see below) from another working computer and transfer it over to this one. Also get the log back to me for review:
1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not click on combofix's window while it's running. That may cause it to stall.
1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.
Note:
Do not click on combofix's window while it's running. That may cause it to stall.
#11
Posted 11 November 2008 - 08:48 PM
ComboFix 08-10-25.01 - Administrator 2008-11-11 21:40:02.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.135 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\drivers\fad.sys
.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.
2008-10-24 03:29 . 2008-10-15 11:34 337,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 23:47 . 2008-09-15 07:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-15 23:47 . 2008-09-08 05:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-15 23:46 . 2008-08-14 05:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-15 23:46 . 2008-08-14 05:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-15 23:46 . 2008-08-14 04:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-15 23:46 . 2008-08-14 04:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 16:29 --------- d-----w C:\Program Files\Coupons
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-08-20 05:30 666,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2008-08-20 05:30 619,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2008-08-20 05:30 3,067,904 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-20 05:30 1,499,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-29 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-12-22 17:45 71280 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 07:51 306688 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 11:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 07:59 126976 C:\WINDOWS\SYSTEM32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 07:59 155648 C:\WINDOWS\SYSTEM32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-07 06:32 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2003-06-18 12:00 200704 C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 20:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-07-29 23:51 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-12-27 23:59 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
--a------ 2003-12-11 18:35 70800 C:\Program Files\Norton Internet Security\URLLSTCK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 36224]
S3 DCamUSBSvis;Oregon Scientific Stream Driver;C:\WINDOWS\system32\DRIVERS\svstream.sys [2001-07-18 91480]
S3 SQTECH907B;EZCam(PID_907B_00);C:\WINDOWS\system32\Drivers\Capt907B.sys [2005-01-12 49963]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-11-01 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 17:22]
2008-11-11 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 18:38]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-dla - C:\WINDOWS\system32\dla\tfswctrl.exe
MSConfigStartUp-Easy SpyRemover - C:\Program Files\Easy SpyRemover\EasySpyRemover.exe
MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1124243639\ee\AOLHostManager.exe
MSConfigStartUp-Lexmark X74-X75 - C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
MSConfigStartUp-mmtask - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
MSConfigStartUp-ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.dell4me.com/myway
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.dell.com/
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html -
O15 -: Trusted Zone: *.musicmatch.com
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 21:40:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-11 21:42:47
ComboFix-quarantined-files.txt 2008-11-12 02:42:27
Pre-Run: 13,926,932,480 bytes free
Post-Run: 13,948,211,200 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
148 --- E O F --- 2008-10-25 07:01:42
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.135 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\drivers\fad.sys
.
((((((((((((((((((((((((( Files Created from 2008-10-12 to 2008-11-12 )))))))))))))))))))))))))))))))
.
2008-10-24 03:29 . 2008-10-15 11:34 337,408 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-15 23:47 . 2008-09-15 07:12 1,846,400 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\win32k.sys
2008-10-15 23:47 . 2008-09-08 05:41 333,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\srv.sys
2008-10-15 23:46 . 2008-08-14 05:11 2,189,184 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntoskrnl.exe
2008-10-15 23:46 . 2008-08-14 05:09 2,145,280 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlmp.exe
2008-10-15 23:46 . 2008-08-14 04:33 2,066,048 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrnlpa.exe
2008-10-15 23:46 . 2008-08-14 04:33 2,023,936 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ntkrpamp.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-27 16:29 --------- d-----w C:\Program Files\Coupons
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\SYSTEM32\win32k.sys
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-08-20 05:30 666,112 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2008-08-20 05:30 619,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2008-08-20 05:30 3,067,904 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-08-20 05:30 1,499,136 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\shdocvw.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\SYSTEM32\ntoskrnl.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-07-29 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2004-12-22 17:45 71280 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 C:\WINDOWS\SYSTEM32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2004-07-19 07:51 306688 C:\Program Files\Dell Support\DSAgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-11 11:43 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2005-10-19 07:59 126976 C:\WINDOWS\SYSTEM32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2005-10-19 07:59 155648 C:\WINDOWS\SYSTEM32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-07 06:32 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
--a------ 2003-06-18 12:00 200704 C:\Program Files\Microsoft Money\System\mnyexpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2004-04-11 20:15 290816 C:\Program Files\Dell\Media Experience\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2004-07-29 23:51 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2005-12-27 23:59 95960 C:\PROGRA~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 01:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\URLLSTCK.exe]
--a------ 2003-12-11 18:35 70800 C:\Program Files\Norton Internet Security\URLLSTCK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 36224]
S3 DCamUSBSvis;Oregon Scientific Stream Driver;C:\WINDOWS\system32\DRIVERS\svstream.sys [2001-07-18 91480]
S3 SQTECH907B;EZCam(PID_907B_00);C:\WINDOWS\system32\Drivers\Capt907B.sys [2005-01-12 49963]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-11-01 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2003-12-04 17:22]
2008-11-11 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 18:38]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-dla - C:\WINDOWS\system32\dla\tfswctrl.exe
MSConfigStartUp-Easy SpyRemover - C:\Program Files\Easy SpyRemover\EasySpyRemover.exe
MSConfigStartUp-HostManager - C:\Program Files\Common Files\AOL\1124243639\ee\AOLHostManager.exe
MSConfigStartUp-Lexmark X74-X75 - C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
MSConfigStartUp-mmtask - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
MSConfigStartUp-ViewMgr - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
MSConfigStartUp-Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.dell4me.com/myway
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.dell.com/
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html
O9 -: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html -
O15 -: Trusted Zone: *.musicmatch.com
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 21:40:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-11 21:42:47
ComboFix-quarantined-files.txt 2008-11-12 02:42:27
Pre-Run: 13,926,932,480 bytes free
Post-Run: 13,948,211,200 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
148 --- E O F --- 2008-10-25 07:01:42
#12
Posted 12 November 2008 - 06:23 PM
Nothing much showing here that's alarming. You might have to either reinstall Windows or repair it.
Before doing that, see if the system file checker can run in Safe Mode and pick up any corrupted system files. Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. Otherwise, it will auto-close after it's done.
Other than that, you might want to backup your data and do a fresh build of Windows.
Before doing that, see if the system file checker can run in Safe Mode and pick up any corrupted system files. Go to Start->Run and type in sfc /scannow and hit OK. Let it scan. If it finds any files missing/corrupted, it may ask for the Windows CD. Otherwise, it will auto-close after it's done.
Other than that, you might want to backup your data and do a fresh build of Windows.
#13
Posted 12 November 2008 - 09:04 PM
I tried the sfc/scannow while in safe mode and it wouldn't work. It said it couldn't find that file or something. How do I repair Windows? Or is there something else I need to do?
#14
Posted 13 November 2008 - 08:54 PM
You will need to bootup with your Windows XP CD to do the repair or reinstall. The on-screen instructions will let you know what you need to do. If you still need help with this, ask in the Windows board so more details can be provided on the repair/reinstall.
#15
Posted 18 November 2008 - 08:32 PM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users