Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page IE 7 not working
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-12-2009, 03:50 PM   #1 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 7
OS: Windows XP SP3


IE 7 not working
Hello,
My IE 7 has stopped working suddenly. When I try to start it, it gives me following error:

"windows cannot access the specified device, path, or file. you may not have the appropriate permission to access the item"

My computer was effected by some sypware last week and I removed it by using 'spy emergency'. I guess this problem came after removing that spyware as i don't use IE frequently. Following are logs as instructed in malware removal thread.


DDS (Ver_09-01-07.01) - FAT32x86
Run by fahad at 2:22:51.00 on 13/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.446.129 [GMT 3:00]

AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Documents and Settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\Program Files\NetPerSec\NetPerSec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
SVCHOST.EXE
d:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Mozilla Firefox 2 Beta 2\firefox.exe
C:\Documents and Settings\pc4\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\pc4\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: D: {85cae368-e5cd-305e-a63d-477b433653a8} - c:\windows\system32\xsl93180.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdmcks.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - d:\program files\hotspot shield\hssie\HssIE.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~2\MEGAUP~1.DLL
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No File
EB: {A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [Google Update] "c:\documents and settings\pc4\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpyEmergency] d:\program files\netgate\spy emergency 2008\SpyEmergency.exe
mRun: [VirtualCloneDrive] "d:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\pc4\startm~1\programs\startup\netper~1.lnk - c:\program files\netpersec\NetPerSec.exe
StartupFolder: c:\docume~1\pc4\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\privoxy.lnk - c:\program files\vidalia bundle\privoxy\privoxy.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc4\applic~1\mozilla\firefox\profiles\tqim454j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\free download manager\firefox\extension\components\component.dll
FF - component: d:\program files\mozilla firefox 2 beta 2\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\NPJava11.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\NPJava12.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\NPJava131_18.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\NPJava32.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\npnul32.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\npoji600.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\nppdf32.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\nppl3260.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\nprjplug.dll
FF - plugin: c:\program files\mozilla firefox 2 beta 2\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-20 111184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-4-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-4-4 352920]
R4 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-20 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-4-4 155160]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-1-27 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-1-27 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-1-27 60816]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-6-29 42512]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-10-30 157696]

=============== Created Last 30 ================

2009-01-10 20:45 250 a------- c:\windows\gmer.ini
2009-01-10 02:15 81,920 a------- c:\windows\system32\ieencode.dll
2009-01-10 02:15 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-01-08 00:20 125,952 a------- c:\windows\system32\dllcache\apphelp.dll
2009-01-08 00:20 125,952 a------- c:\windows\system32\apphelp.dll
2008-12-29 00:43 176,128 a------- c:\windows\system32\xsl93180.dll
2008-12-29 00:43 176,128 a------- c:\windows\system32\sl93180.dll
2008-12-29 00:43 181,760 a------- c:\program files\common files\Ndm361a2rL.exe
2008-12-21 01:13 50 a------- c:\windows\winzipme.ini
2008-12-21 01:12 <DIR> --d----- c:\program files\DSL Speed

==================== Find3M ====================

2009-01-12 19:15 37,248 -------- c:\docume~1\pc4\applic~1\GDIPFONTCACHEV1.DAT
2008-12-13 09:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-11-22 11:33 166,455 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-07 16:45 2,174,976 -------- c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 14:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 15:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 15:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 16:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 16:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-15 19:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 10:06 633,632 a------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 10:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-03-02 00:16 144 a------- c:\program files\song-10452.ram
2007-09-20 20:03 486 a------- c:\program files\recover.arr
2007-09-20 20:02 486 a------- c:\program files\~arpr.arr
2007-09-20 19:09 6,502,752 a------- c:\program files\new.rpc

============= FINISH: 2:23:22.84 ===============

Fahad.
Attached Files
File Type: rar Attach.rar (3.9 KB, 3 views)
emergencylight is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Sponsored Links
Old 01-16-2009, 01:26 PM   #2 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 23,940
OS: Win XP Pro SP3 / Win 7 RC

My System

Blog Entries: 10
Send a message via MSN to Glaswegian
Re: IE 7 not working
Hi and welcome to TSF.

My name is Iain and I will be helping you clean your system.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.



Combofix
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please read all the information carefully!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Please include the log C:\ComboFix.txt in your next reply for further review.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-18-2009, 07:03 AM   #3 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 7
OS: Windows XP SP3


Re: IE 7 not working
Hello,

Thank you Iain for helping me. I have performed Combofix and the requested log is given below:

ComboFix 09-01-17.04 - fahad 2009-01-18 17:34:58.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.446.155 [GMT 3:00]
Kِrs frهn: c:\documents and settings\pc4\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090117-0] *On-access scanning enabled* (Updated)
* Skapade en ny هterstنllningspunkt
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf

.
(((((((((((((((((((((((( Filer Skapade frهn 2008-12-18 till 2009-01-18 ))))))))))))))))))))))))))))))
.

2009-01-13 19:03 . 2007-04-13 05:48 391,984 --a------ c:\windows\system32\vnetlib.dll
2009-01-13 19:03 . 2007-04-13 05:48 142,128 --a------ c:\windows\system32\vmnat.exe
2009-01-13 19:03 . 2007-04-13 05:48 113,456 --a------ c:\windows\system32\vmnetdhcp.exe
2009-01-13 19:03 . 2007-04-13 05:49 22,576 --a------ c:\windows\system32\drivers\vmnetuserif.sys
2009-01-13 18:57 . 2009-01-13 18:57 <DIR> d-------- c:\program files\Common Files\VMware
2009-01-13 18:16 . 2009-01-13 18:16 <DIR> d-------- c:\program files\MSN Messenger
2009-01-13 18:10 . 2009-01-13 18:11 436 --a------ c:\windows\{00466B67-7C72-478A-A2DE-6D0A96A55F58}_WiseFW.ini
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Skype
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-10 20:45 . 2009-01-13 02:25 250 --a------ c:\windows\gmer.ini
2009-01-10 02:15 . 2008-04-14 03:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-10 02:15 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\dllcache\apphelp.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\apphelp.dll
2009-01-05 15:11 . 2009-01-05 15:11 <DIR> d-------- c:\program files\Apple Software Update
2008-12-29 00:43 . 2008-12-29 00:43 181,760 --a------ c:\program files\Common Files\Ndm361a2rL.exe
2008-12-29 00:43 . 2008-12-29 00:43 176,128 --a------ c:\windows\system32\xsl93180.dll
2008-12-29 00:43 . 2008-12-29 00:43 176,128 --a------ c:\windows\system32\sl93180.dll
2008-12-21 01:13 . 2008-12-21 01:13 50 --a------ c:\windows\winzipme.ini
2008-12-21 01:12 . 2008-12-21 01:12 <DIR> d-------- c:\program files\DSL Speed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-07 13:45 2,174,976 ------w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-03-01 21:16 144 ----a-w c:\program files\song-10452.ram
2007-09-20 17:03 486 ----a-w c:\program files\recover.arr
2007-09-20 17:02 486 ----a-w c:\program files\~arpr.arr
2007-09-20 16:09 6,502,752 ----a-w c:\program files\new.rpc
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85CAE368-E5CD-305E-A63D-477B433653A8}]
2008-12-29 00:43 176128 --a------ c:\windows\system32\xsl93180.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-04 01:14 204248 --a------ d:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-03 3945620]
"Google Update"="c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 52168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pc4\Start Menu\Programs\Startup\
NetPerSec.lnk - c:\program files\NetPerSec\NetPerSec.exe [2007-04-21 192512]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-07-02 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=c:\windows\system32\ropfnqz.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-01-08 19:38 4363504 d:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TpadSoftPhone3\\TpadSoftphone.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"10000:UDP"= 10000:UDP:Tpad RTP
"5060:UDP"= 5060:UDP:Tpad SIP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-20 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-20 20560]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-01-27 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-01-27 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-01-27 60816]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-10-30 157696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d23bf74-76fb-11db-9d62-0040cadbf51d}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4468579e-28d8-11dd-a4e7-005056c00008}]
\Shell\Auto\command - oxbvpen.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oxbvpen.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b2c3e5e-f5b7-11dc-a3e2-005056c00008}]
\Shell\AutoRun\command - G:\RavMon.exe
\Shell\explore\Command - G:\RavMon.exe -e
\Shell\open\Command - G:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7456a580-7166-11db-9d4b-0040cadbf51d}]
\Shell\Auto\command - OSO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8508c5dc-9d4e-11dd-a688-005056c00008}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9d60ed-5a8a-11dd-a593-005056c00008}]
\Shell\AutoRun\command - I:\f0.cmd
\Shell\explore\Command - I:\f0.cmd
\Shell\open\Command - I:\f0.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d262192a-a225-11dc-a2db-005056c00008}]
\Shell\AutoRun\command - G:\cfdflx.com
\Shell\explore\Command - G:\cfdflx.com
\Shell\open\Command - G:\cfdflx.com
.
Innehهllet i mappen 'Schemalagda aktiviteter'

2009-01-17 c:\windows\Tasks\MyPicsVids.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-17 c:\windows\Tasks\MyDocuments.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1417001333-725345543-1004.job
- c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-14 10:24]

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - FضRؤLDRALضSA POSTER SOM TAGITS BORT - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-SpyEmergency - d:\program files\NETGATE\Spy Emergency 2008\SpyEmergency.exe
MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-XdriveTray - c:\program files\xdrive\xdrive desktop\xdrive.exe
MSConfigStartUp-XdriveTrayIcon - c:\program files\Xdrive\Xdrive Desktop\XdriveTray.exe
MSConfigStartUp-ZangoSA - c:\program files\Zango\bin\10.3.37.0\ZangoSA.exe


.
------- Extra genomsِkning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pc4\Application Data\Mozilla\Firefox\Profiles\tqim454j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\component.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\components\xpinstal.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 2 Beta 2\plugins\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 17:36:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

genomsِkningen avslutades lyckosamt
dolda filer: 0

**************************************************************************
.
Sluttid: 2009-01-18 17:37:40
ComboFix-quarantined-files.txt 2009-01-18 14:37:38

Fِre genomsِkningen: 813,760,512 bytes free
Efter genomsِkningen: 1,200,955,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

202 --- E O F --- 2009-01-18 14:10:34
emergencylight is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-18-2009, 08:46 AM   #4 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 23,940
OS: Win XP Pro SP3 / Win 7 RC

My System

Blog Entries: 10
Send a message via MSN to Glaswegian
Re: IE 7 not working
Hi again

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



Please go to: VirusTotal
  • In the middle of the page you'll find a "Browse" button.



    Click the "Browse" button and browse to this file in RED:

    c:\Program Files\song-10452.ram

  • Click "Open".
  • Then click the "Send File" button at the bottom of the VirusTotal page.
  • This will scan the file. Please be patient.
  • Once scanned, copy and paste the results in your next reply.

Repeat the above for this file:-

c:\windows\{00466B67-7C72-478A-A2DE-6D0A96A55F58}_WiseFW.ini





Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code:
File::
c:\Program Files\Common Files\Ndm361a2rL.exe
c:\windows\system32\xsl93180.dll
c:\windows\system32\sl93180.dll
I:\f0.cmd
G:\cfdflx.com
G:\RavMon.exe
c:\windows\system32\ropfnqz.exe

Folder::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\iexplore.exe]
"Debugger"=-
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4468579e-28d8-11dd-a4e7-005056c00008}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b2c3e5e-f5b7-11dc-a3e2-005056c00008}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7456a580-7166-11db-9d4b-0040cadbf51d}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8508c5dc-9d4e-11dd-a688-005056c00008}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9d60ed-5a8a-11dd-a593-005056c00008}]
[-KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d262192a-a225-11dc-a2db-005056c00008}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85CAE368-E5CD-305E-A63D-477B433653A8}]
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review. Please also let me know how your system is running.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-18-2009, 10:10 AM   #5 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 7
OS: Windows XP SP3


Re: IE 7 not working
Hi and thanks for your quick reply.
I have performed your mentioned steps and my Internet Explorer problem has been solved. Now IE7 is working fine. My system is running as it was before, I can't feel any problem/difference in its performance. Following are scan results and ComboFix logs.

VirusTotal Scan Result

File song-10452.ram received on 01.18.2009 18:28:52 (CET)
Current status: finished
Result: 0/39 (0%)


File _00466B67-7C72-478A-A2DE-6D0A96A5 received on 01.18.2009 18:35:58 (CET)
Current status: finished
Result: 0/39 (0.00%)

ComboFix 09-01-17.04 - fahad 2009-01-18 20:44:00.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.446.210 [GMT 3:00]
Kِrs frهn: c:\documents and settings\pc4\Desktop\ComboFix.exe
Anvنnda kommandovنxlar :: c:\documents and settings\pc4\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090117-0] *On-access scanning enabled* (Updated)
* Skapade en ny هterstنllningspunkt

FILE ::
c:\program files\Common Files\Ndm361a2rL.exe
c:\windows\system32\ropfnqz.exe
c:\windows\system32\sl93180.dll
c:\windows\system32\xsl93180.dll
G:\cfdflx.com
G:\RavMon.exe
I:\f0.cmd
.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Ndm361a2rL.exe
c:\windows\system32\ropfnqz.exe
c:\windows\system32\sl93180.dll
c:\windows\system32\xsl93180.dll

.
(((((((((((((((((((((((( Filer Skapade frهn 2008-12-18 till 2009-01-18 ))))))))))))))))))))))))))))))
.

2009-01-13 19:03 . 2007-04-13 05:48 391,984 --a------ c:\windows\system32\vnetlib.dll
2009-01-13 19:03 . 2007-04-13 05:48 142,128 --a------ c:\windows\system32\vmnat.exe
2009-01-13 19:03 . 2007-04-13 05:48 113,456 --a------ c:\windows\system32\vmnetdhcp.exe
2009-01-13 19:03 . 2007-04-13 05:49 22,576 --a------ c:\windows\system32\drivers\vmnetuserif.sys
2009-01-13 18:57 . 2009-01-13 18:57 <DIR> d-------- c:\program files\Common Files\VMware
2009-01-13 18:16 . 2009-01-13 18:16 <DIR> d-------- c:\program files\MSN Messenger
2009-01-13 18:10 . 2009-01-13 18:11 436 --a------ c:\windows\{00466B67-7C72-478A-A2DE-6D0A96A55F58}_WiseFW.ini
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Skype
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-10 20:45 . 2009-01-13 02:25 250 --a------ c:\windows\gmer.ini
2009-01-10 02:15 . 2008-04-14 03:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-10 02:15 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\dllcache\apphelp.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\apphelp.dll
2009-01-05 15:11 . 2009-01-05 15:11 <DIR> d-------- c:\program files\Apple Software Update
2008-12-21 01:13 . 2008-12-21 01:13 50 --a------ c:\windows\winzipme.ini
2008-12-21 01:12 . 2008-12-21 01:12 <DIR> d-------- c:\program files\DSL Speed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-07 13:45 2,174,976 ------w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-03-01 21:16 144 ----a-w c:\program files\song-10452.ram
2007-09-20 17:03 486 ----a-w c:\program files\recover.arr
2007-09-20 17:02 486 ----a-w c:\program files\~arpr.arr
2007-09-20 16:09 6,502,752 ----a-w c:\program files\new.rpc
.

((((((((((((((((((((((((((((( snapshot@2009-01-18_17.36.48.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-18 17:48:02 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_194.dat
+ 2009-01-18 17:47:26 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_43c.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-04 01:14 204248 --a------ d:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-03 3945620]
"Google Update"="c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 52168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pc4\Start Menu\Programs\Startup\
NetPerSec.lnk - c:\program files\NetPerSec\NetPerSec.exe [2007-04-21 192512]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-07-02 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-01-08 19:38 4363504 d:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TpadSoftPhone3\\TpadSoftphone.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"10000:UDP"= 10000:UDP:Tpad RTP
"5060:UDP"= 5060:UDP:Tpad SIP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-20 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-20 20560]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-01-27 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-01-27 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-01-27 60816]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-10-30 157696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d23bf74-76fb-11db-9d62-0040cadbf51d}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4468579e-28d8-11dd-a4e7-005056c00008}]
\Shell\Auto\command - oxbvpen.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL oxbvpen.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b2c3e5e-f5b7-11dc-a3e2-005056c00008}]
\Shell\AutoRun\command - G:\RavMon.exe
\Shell\explore\Command - G:\RavMon.exe -e
\Shell\open\Command - G:\RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7456a580-7166-11db-9d4b-0040cadbf51d}]
\Shell\Auto\command - OSO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8508c5dc-9d4e-11dd-a688-005056c00008}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9d60ed-5a8a-11dd-a593-005056c00008}]
\Shell\AutoRun\command - I:\f0.cmd
\Shell\explore\Command - I:\f0.cmd
\Shell\open\Command - I:\f0.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d262192a-a225-11dc-a2db-005056c00008}]
\Shell\AutoRun\command - G:\cfdflx.com
\Shell\explore\Command - G:\cfdflx.com
\Shell\open\Command - G:\cfdflx.com
.
Innehهllet i mappen 'Schemalagda aktiviteter'

2009-01-17 c:\windows\Tasks\MyPicsVids.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-17 c:\windows\Tasks\MyDocuments.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1417001333-725345543-1004.job
- c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-14 10:24]

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Extra genomsِkning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pc4\Application Data\Mozilla\Firefox\Profiles\tqim454j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\component.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\components\xpinstal.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-18 20:48:29
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

genomsِkningen avslutades lyckosamt
dolda filer: 0

**************************************************************************
.
------------------------ Andra processer som kِrs ------------------------
.
c:\program files\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
d:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\WEBSHOTS\WEBSHOTS.SCR
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
d:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\program files\COMMON FILES\VMWARE\VMWARE VIRTUAL IMAGE EDITING\VMOUNT2.EXE
c:\windows\system32\vmnat.exe
c:\windows\System32\wltrysvc.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\System32\bcmwltry.exe
c:\program files\VIDALIA BUNDLE\TOR\TOR.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Sluttid: 2009-01-18 20:50:53 - datorn startades om
ComboFix-quarantined-files.txt 2009-01-18 17:50:50
ComboFix2.txt 2009-01-18 14:37:42

Fِre genomsِkningen: 975,880,192 bytes free
Efter genomsِkningen: 955,826,176 bytes free

215 --- E O F --- 2009-01-18 14:10:34


Kindly let me know if any further steps are required.

Thank you.
emergencylight is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-18-2009, 01:55 PM   #6 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 23,940
OS: Win XP Pro SP3 / Win 7 RC

My System

Blog Entries: 10
Send a message via MSN to Glaswegian
Re: IE 7 not working
Hi again

Looks like there was a glitch in my Registry fix - we'll try again.


Combofix
  • Close any open browsers.
  • Open notepad and copy/paste the text in the box below into it:

Code:
File::
I:\f0.cmd
G:\cfdflx.com
G:\RavMon.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4468579e-28d8-11dd-a4e7-005056c00008}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b2c3e5e-f5b7-11dc-a3e2-005056c00008}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7456a580-7166-11db-9d4b-0040cadbf51d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8508c5dc-9d4e-11dd-a688-005056c00008}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab9d60ed-5a8a-11dd-a593-005056c00008}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d262192a-a225-11dc-a2db-005056c00008}]
Looking at the image below as an example



Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript onto ComboFix.exe.

When finished, it will produce a log for you at "C:\ComboFix.txt"

Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

CAUTION! Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!


Please post the log C:\ComboFix.txt for further review.




Online Scan
Perform an online scan with Panda ActiveScan
  • Click on Scan Your PC Now
  • A "pop up" window will appear, or a new tab will open.
  • Click on Register
  • Choose the option you like most, but we recommend the Free Registration.
  • Click on Register
  • Enter your e-mail address, and create a password.
  • Select "I do not want to receive any type of information". (unless you want to receive such information)
  • Click on Send
  • Confirm registration, and continue by entering your user name and password, then click on Enter
  • Select Full Scan, then Click on Scan Now
  • Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  • If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
  • Please ignore the offer to buy the program. Click on Export To
  • Export the log and save it to your desktop.
  • Please attach the contents of that log to your reply.
* Turn off the real time scanner of any existing antivirus program while performing the online scan.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2009, 02:58 AM   #7 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 7
OS: Windows XP SP3


Re: IE 7 not working
Hello Iain,
Following are ComboFix and ActiveScan logs

ComboFix 09-01-17.04 - fahad 2009-01-19 1:40:06.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.446.193 [GMT 3:00]
Kِrs frهn: c:\documents and settings\pc4\Desktop\ComboFix.exe
Anvنnda kommandovنxlar :: c:\documents and settings\pc4\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090117-0] *On-access scanning enabled* (Updated)
* Skapade en ny هterstنllningspunkt

FILE ::
G:\cfdflx.com
G:\RavMon.exe
I:\f0.cmd
.

(((((((((((((((((((((((( Filer Skapade frهn 2008-12-18 till 2009-01-18 ))))))))))))))))))))))))))))))
.

2009-01-13 19:03 . 2007-04-13 05:48 391,984 --a------ c:\windows\system32\vnetlib.dll
2009-01-13 19:03 . 2007-04-13 05:48 142,128 --a------ c:\windows\system32\vmnat.exe
2009-01-13 19:03 . 2007-04-13 05:48 113,456 --a------ c:\windows\system32\vmnetdhcp.exe
2009-01-13 19:03 . 2007-04-13 05:49 22,576 --a------ c:\windows\system32\drivers\vmnetuserif.sys
2009-01-13 18:57 . 2009-01-13 18:57 <DIR> d-------- c:\program files\Common Files\VMware
2009-01-13 18:16 . 2009-01-13 18:16 <DIR> d-------- c:\program files\MSN Messenger
2009-01-13 18:10 . 2009-01-13 18:11 436 --a------ c:\windows\{00466B67-7C72-478A-A2DE-6D0A96A55F58}_WiseFW.ini
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Skype
2009-01-13 18:09 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Common Files\Skype
2009-01-10 20:45 . 2009-01-13 02:25 250 --a------ c:\windows\gmer.ini
2009-01-10 02:15 . 2008-04-14 03:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-10 02:15 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\dllcache\apphelp.dll
2009-01-08 00:20 . 2008-04-14 03:11 125,952 --a------ c:\windows\system32\apphelp.dll
2009-01-05 15:11 . 2009-01-05 15:11 <DIR> d-------- c:\program files\Apple Software Update
2008-12-21 01:13 . 2008-12-21 01:13 50 --a------ c:\windows\winzipme.ini
2008-12-21 01:12 . 2008-12-21 01:12 <DIR> d-------- c:\program files\DSL Speed

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-11-07 13:45 2,174,976 ------w c:\windows\system32\dllcache\WMVCore.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-03-01 21:16 144 ----a-w c:\program files\song-10452.ram
2007-09-20 17:03 486 ----a-w c:\program files\recover.arr
2007-09-20 17:02 486 ----a-w c:\program files\~arpr.arr
2007-09-20 16:09 6,502,752 ----a-w c:\program files\new.rpc
.

((((((((((((((((((((((((((((( snapshot@2009-01-18_17.36.48.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-18 17:48:02 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_194.dat
+ 2009-01-18 17:47:26 16,384 ----a-w c:\windows\Temp\Perflib_Perfdata_43c.dat
.
(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* tomma poster & legitima standardposter visas inte
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-01-04 01:14 204248 --a------ d:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2008-08-03 3945620]
"Google Update"="c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-14 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="d:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-30 52168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\pc4\Start Menu\Programs\Startup\
NetPerSec.lnk - c:\program files\NetPerSec\NetPerSec.exe [2007-04-21 192512]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-07-02 157000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Privoxy.lnk - c:\program files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0sprestrt\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=c:\windows\pss\Metacafe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-01-08 19:38 4363504 d:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\PC4\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TpadSoftPhone3\\TpadSoftphone.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"10000:UDP"= 10000:UDP:Tpad RTP
"5060:UDP"= 5060:UDP:Tpad SIP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-20 111184]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-06-20 20560]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2007-01-27 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2007-01-27 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2007-01-27 60816]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-01 26624]
S3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [2008-10-30 157696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d23bf74-76fb-11db-9d62-0040cadbf51d}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
.
Innehهllet i mappen 'Schemalagda aktiviteter'

2009-01-17 c:\windows\Tasks\MyPicsVids.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-17 c:\windows\Tasks\MyDocuments.job
- c:\windows\system32\ntbackup.exe [2008-04-14 03:12]

2009-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1417001333-725345543-1004.job
- c:\documents and settings\pc4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-14 10:24]

2009-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
.
------- Extra genomsِkning -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\pc4\Application Data\Mozilla\Firefox\Profiles\tqim454j.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmail.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\component.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\components\xpinstal.dll
FF - component: d:\program files\Mozilla Firefox 2 Beta 2\extensions\talkback@mozilla.org\components\qfaservices.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 01:41:51
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

genomsِkningen avslutades lyckosamt
dolda filer: 0

**************************************************************************
.
Sluttid: 2009-01-19 1:47:19
ComboFix-quarantined-files.txt 2009-01-18 22:46:28
ComboFix3.txt 2009-01-18 14:37:42
ComboFix2.txt 2009-01-18 17:50:56

Fِre genomsِkningen: 904,445,952 bytes free
Efter genomsِkningen: 888,086,528 bytes free

162 --- E O F --- 2009-01-18 14:10:34
Attached Files
File Type: txt ActiveScan.txt (5.7 KB, 1 views)
emergencylight is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2009, 01:51 PM   #8 (permalink)
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 23,940
OS: Win XP Pro SP3 / Win 7 RC

My System

Blog Entries: 10
Send a message via MSN to Glaswegian
Re: IE 7 not working
Hi again

Do you use an IP Scanner? This file showed up in the Panda results:

E:\Softwares\Network\ipscan.exe

If legit then you can leave it – if not then please delete it.



Other than that, all your logs are clean. If there are no more problems we’ll just tidy up and I’ll let you go, along with my recommendations for staying safe and secure.


The following procedure will clear out the tools we've used as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Referring to the image below



Click Start > Run and copy/paste, or type the following bold text into the Run box and click OK:


ComboFix /u



Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:


General Protection
Spyware Blaster to help prevent spyware from installing in the first place.
Spyware Guard to catch and block spyware before it can execute.
Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here.



Ad-aware 2008 Free Edition
Download and install Ad-Aware 2008. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here.



SnoopFree
SnoopFree is a real time monitor that notifies you when a programme wants to record your keystrokes or read your screen. Note that SnoopFree is only for XP systems.


MVPS Hosts File
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Firefox
Opera
Maxthon

Firewalls
A good firewall will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall for XP does not monitor outgoing traffic. If you do not have a firewall, here are 3 free ones available for personal use:
Comodo Personal Firewall
Sygate Personal Firewall
ZoneAlarm



Other Protection
Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

ERUNT & NTREGOPT
ERUNT is a programme that will create automatic backups of your Registry. These backups can be used to help restore your system in the event of a serious crash.
NTREGOPT will compact and optimise your Registry, to assist the smooth running of your system


Additional Reading
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

PC Safety & Security - What Do I Need?.
Making Internet Explorer Safer.
Think Prevention!

Have a look here if your PC is still running a bit slow
Is your PC running slow...?


Keep clean and safe and enjoy your computing!

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::Photographers Corner
Glaswegian is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 01-19-2009, 04:30 PM   #9 (permalink)
Registered User
 
Join Date: Jan 2009
Posts: 7
OS: Windows XP SP3


Re: IE 7 not working
Hi,
My IE7 problem has already been solved and I have no more issues with my system right now. As per your recommendation, I have installed general protection, registry backup and other anti-spyware applications to avoid such problems in future.
Finally, I would like to thank you for your interest and support regarding this issue.
Please mark this thread as 'resolved'.

Best wishes,
Fahad.
emergencylight is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:30 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84