Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Storage Protector, Ie Will Not Load


  • Please log in to reply
1 reply to this topic

#1 clarkie013

clarkie013

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Halifax, NS, Canada
  • Local time:01:23 PM

Posted 28 January 2008 - 11:01 PM

My neighbor’s computer, IE will not load

According to him McAfee identified a problem and attempted to fix it. He said it reported “Storage Protector” he tried to correct, but his IE will not load. He does have email, so his connection to the Internet is functional. I did some reading and found a suggestion of downloading and running combofix to generate a log file. I told him to start the computer in safe mode; he also has Netscape which was able to connect and downloaded the combofix app. Here is the log file created by combofix.
Any suggestion on how to fix the problem would be greatly appreciated.

Thanks, Clarkie


ComboFix 08-01-29.3 - HP_Administrator 2008-01-28 21:53:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1536 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf
C:\WINDOWS\adaway.lic
C:\WINDOWS\Fonts\a.zip
D:\Autorun.inf
C:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-29 )))))))))))))))))))))))))))))))
.

2008-01-28 20:49 . 2008-01-28 20:51 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-28 20:42 . 2008-01-28 20:42 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-01-28 20:35 . 2008-01-28 20:35 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-01-28 20:35 . 2008-01-28 20:35 917,504 --a------ C:\WINDOWS\system32\FLASH.OCX
2008-01-27 16:51 . 2008-01-27 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-27 16:41 . 2008-01-27 16:41 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-27 16:31 . 2008-01-27 16:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-27 16:16 . 2008-01-28 19:51 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-27 15:28 . 2008-01-27 16:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-27 10:02 . 2008-01-27 10:02 <DIR> d-------- C:\WINDOWS\system32\ENU
2008-01-27 10:02 . 2006-03-09 08:57 122,880 --a------ C:\WINDOWS\system32\Imsmudlg.exe
2008-01-27 10:00 . 2008-01-28 20:54 <DIR> d-------- C:\temp
2008-01-27 09:58 . 2003-11-03 17:15 1,902 --------- C:\WINDOWS\system32\SetupBD.din
2008-01-26 11:24 . 2008-01-26 11:24 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-01-26 11:24 . 2008-01-26 11:24 <DIR> d-------- C:\Program Files\Common Files\L&H
2008-01-26 11:21 . 2008-01-26 11:21 <DIR> dr-h----- C:\MSOCache
2008-01-26 10:48 . 2007-10-10 19:55 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-26 10:48 . 2007-06-30 23:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-26 10:48 . 2007-06-30 23:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-26 10:48 . 2007-10-10 19:55 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-26 10:48 . 2007-10-10 19:55 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-26 10:48 . 2007-10-10 19:55 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-26 10:48 . 2007-10-10 19:55 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-26 10:48 . 2007-10-10 19:55 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-26 10:48 . 2007-10-10 06:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-26 10:24 . 2008-01-26 10:24 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-01-26 10:16 . 2008-01-26 10:16 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-26 10:11 . 2007-02-28 05:10 2,180,352 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-01-26 10:11 . 2007-02-28 05:08 2,136,064 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-01-26 10:11 . 2007-02-28 04:38 2,057,600 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-01-26 10:11 . 2007-02-28 04:38 2,015,744 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-01-26 09:57 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-01-26 09:57 . 2008-01-28 22:00 5,535 --a------ C:\WINDOWS\system32\Config.MPF
2008-01-26 09:56 . 2008-01-26 09:56 <DIR> d-------- C:\Program Files\McAfee.com
2008-01-26 09:56 . 2008-01-28 19:44 <DIR> d-------- C:\Program Files\McAfee
2008-01-26 09:56 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-01-26 09:56 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-01-26 09:56 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-01-26 09:56 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-01-26 09:56 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-01-26 09:56 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-01-26 09:53 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-25 19:27 . 2004-08-04 03:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-25 19:27 . 2004-08-04 03:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-25 19:27 . 2004-08-04 04:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-01-25 19:27 . 2004-08-04 02:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-25 19:27 . 2004-08-04 02:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-25 19:27 . 2001-08-17 17:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-25 19:27 . 2001-08-18 02:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-01-25 19:27 . 2001-08-17 18:55 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-01-25 17:52 . 2008-01-28 21:44 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
2008-01-25 15:33 . 2004-10-25 18:17 90,112 --a------ C:\WINDOWS\system32\ps2.EXE
2008-01-25 15:33 . 2008-01-25 15:33 1,938 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EL406AA-ABA M7350N_YC_0Pavi_QMXK607_E61NAemMPC2_48_IEMERY_SASUSTek Computer INC._V1.05_B3.15_T060623_WXP2_L409_M2047_J250_7Intel_8Pentium D_92.8_#060314_N808627DC_Z11C10620_G10DE0162.MRK
2008-01-25 15:32 . 2005-12-23 23:22 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-01-25 15:32 . 2008-01-25 15:35 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-01-25 15:32 . 2005-12-23 23:24 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-01-25 15:32 . 2008-01-25 15:34 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Digital Interactive Systems Corporation
2008-01-25 15:30 . 2005-12-23 23:22 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-01-25 15:30 . 2005-12-23 23:38 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-01-25 15:30 . 2005-12-23 23:24 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit
2008-01-25 15:30 . 2005-12-23 23:10 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Digital Interactive Systems Corporation
2008-01-23 16:20 . 2008-01-23 16:20 <DIR> d-------- C:\Program Files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 00:49 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Netscape
2008-01-29 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-27 23:45 --------- d-----w C:\Program Files\iTunes
2008-01-27 21:05 --------- d-----w C:\Program Files\iPod
2008-01-27 20:52 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2008-01-27 20:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-27 18:54 --------- d-----w C:\Program Files\xnews
2008-01-27 16:25 --------- d-----w C:\Program Files\Netscape
2008-01-27 14:11 --------- d-----w C:\Program Files\SiteAdvisor
2008-01-26 16:18 --------- d-----w C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2008-01-26 15:06 --------- d-----w C:\Program Files\Microsoft Works
2008-01-26 14:20 --------- d-----w C:\Program Files\Webshots
2008-01-26 13:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-26 13:53 --------- d-----w C:\Program Files\Java
2008-01-25 20:35 --------- d-----w C:\Program Files\Microsoft Money 2005
2008-01-25 20:18 --------- d-----w C:\Program Files\Symantec
2008-01-25 20:18 --------- d-----w C:\Program Files\Google
2008-01-25 20:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-25 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-25 19:33 1,938 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_EL406AA-ABA M7350N_YC_0Pavi_QMXK607_E61NAemMPC2_48_IEMERY_SASUSTek Computer INC._V1.05_B3.15_T060623_WXP2_L409_M2047_J250_7Intel_8Pentium D_92.8_#060314_N808627DC_Z11C10620_G10DE0162.MRK
2008-01-23 18:15 278,546 ----a-w C:\WINDOWS\Fonts\Setup.exe
2006-03-15 00:08 0 ----a-w C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2005-05-12 14:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
<pre>
----a-w		 1,694,208 2008-01-25 17:57:31  C:\Program Files\Messenger\msmsgs .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 08:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 64512]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 03:19 77312 C:\WINDOWS\arpwrmsg.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 16:59 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 11:30 7110656]
"nwiz"="nwiz.exe" [2005-08-02 11:30 1519616 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 13:41 1605740]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 10:12 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-08-24 17:57 36640]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 03:50 221184]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2006-09-30 16:15:08 45056]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 13:57:16 2913584]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-12-23 23:27:46 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme


.
Contents of the 'Scheduled Tasks' folder
"2008-01-25 18:27:28 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
"2008-01-27 03:23:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-15 05:17:30 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-01-01 05:00:23 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
"2008-01-29 02:02:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe
"2008-01-27 19:37:11 C:\WINDOWS\Tasks\WebReg psc 1600 series.job"
- c:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-28 22:00:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-01-28 22:03:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-29 02:03:10
.
2008-01-29 00:26:17 --- E O F ---

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:11:23 AM

Posted 11 February 2008 - 05:26 AM

Hi clarkie013, :thumbsup:

Please, DO NOT use ComboFix on your own. It is a very powerful tool designed to deal with sophisticated infections and if something goes wrong or you use it incorrectly, you could possibly lose the use of your computer. It is ONLY meant to be used under the direct supervision of a malware removal specialist.

If you still need help please post a new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic: Preparation Guide for use before posting a HijackThis Log , and I'll be happy to look at it for you.

Thanks for your patience. :blink:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users