Thread: Can't get IE to open
View Single Post
Old 07-31-2006, 08:36 PM   #4 (permalink)
scalelar
Registered User
 
Join Date: Oct 2005
Posts: 8
OS: XP


Thanks
First and foremost I would like to say thanks.
Everything went smooth till I ran ewido it would not scan in safe mode so i rebooted and ran it in normal mode.

Here are the logs.
Ewido.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:45:32 PM 7/31/2006

+ Scan result:



HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\LWS\My Documents\Τаsks\chkntfs.exe -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
C:\Program Files\RemoteAdministrator\radmin.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.21 : Ignored.
C:\WINNT\system32\2236_28.dll -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Sinowal.ae : Cleaned with backup (quarantined).


::Report end

Panda


Incident Status Location

Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\LWS\My Documents\??sks\??sks\!update-4175.0000
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\unzipped\SmitfraudFix\SmitfraudFix\Process.exe
Virus:Trj/Qhost.gen Disinfected C:\WINNT\system32\drivers\etc\hosts.20060728-162711.backup
Virus:Trj/Qhost.gen Disinfected C:\WINNT\system32\drivers\etc\hosts.20060728-162712.backup
Virus:Trj/Qhost.gen Disinfected C:\WINNT\system32\drivers\etc\hosts.20060728-170842.backup
Potentially unwanted tool:Application/Processor Not disinfected G:\(E) Removable Disk\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Smit

SmitFraudFix v2.76

Scan done at 22:31:20.35, Mon 07/31/2006
Run from C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\LWS\Application Data

C:\Documents and Settings\LWS\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LWS\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

and Hijack

ogfile of HijackThis v1.99.1
Scan saved at 10:33:23 PM, on 7/31/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
C:\PROGRA~1\NavNT\rtvscan.exe
C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
C:\winzip\WZQKPICK.EXE
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\system32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.twoplustwo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.78.41.120:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;*.taps;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: ORiNOCO Client Manager.lnk = C:\Program Files\ORiNOCO\Client Manager\CMLUC.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\winzip\WZQKPICK.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F97B83-2FE0-4BAD-835B-9DFAD9C2C25D}: NameServer = 110.98.40.30,110.92.12.129,10.64.8.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1615399-1895-4765-8558-94C104E998DC}: NameServer = 110.98.40.30,110.92.12.129,10.64.8.147
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3012093-3B71-4370-B3ED-51A01AC2D1BC}: NameServer = 192.168.1.254
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = cin.na.taps,na.taps,taps
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = cin.na.taps,na.taps,taps
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = cin.na.taps,na.taps,taps
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCOMMON\RSOBSERV.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: OPCEnum - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Software - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLINX\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe


Thanks again u guys do great work
scalelar is offline