Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer shuts down immediately after starting


  • This topic is locked This topic is locked
5 replies to this topic

#1 rrmaron

rrmaron

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 25 April 2009 - 12:41 PM

Windows update updated my IE6 (working) to IE7. After this, when clicking the IE icon, the IE window would flash up and then close immediately. I then upgraded to IE8 and exactly the same problem. I have tried iexplore -extoff and reset to default in internet options. Still have the problem. Google Chrome and Mozilla work fine. My HijackThis log is attached:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Rakesh2 at 13:29:52.71 on Sat 04/25/2009
Internet Explorer: 8.0.6001.18241
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2099 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS1\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS1\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\WINDOWS1\Explorer.EXE
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\system32\rundll32.exe
C:\WINDOWS1\system32\igfxsrvc.exe
svchost.exe
C:\WINDOWS1\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG85\avgwdsvc.exe
C:\WINDOWS1\stsystra.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
svchost.exe
C:\PROGRA~1\AVG\AVG85\avgtray.exe
C:\WINDOWS1\system32\inetsrv\inetinfo.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Rakesh2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\AVG\AVG85\avgrsx.exe
C:\PROGRA~1\AVG\AVG85\avgnsx.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS1\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\zabkat\xplorer2_lite\xplorer2_lite.exe
C:\WINDOWS1\system32\wuauclt.exe
C:\PROGRA~1\MICROS~4\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG85\avgcsrvx.exe
C:\Palm\palm.exe
C:\WINDOWS1\system32\svchost.exe -k imgsvc
C:\WINDOWS1\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS1\system32\dllhost.exe
c:\WINDOWS1\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
C:\Program Files\Common Files\Microsoft Shared\office12\offlb.exe
C:\WINDOWS1\system32\SearchProtocolHost.exe
C:\WINDOWS1\system32\SearchProtocolHost.exe
C:\Documents and Settings\Rakesh2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://localhost/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg85\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [Google Update] "c:\documents and settings\rakesh2\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows1\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [igfxtray] c:\windows1\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows1\system32\hkcmd.exe
mRun: [igfxpers] c:\windows1\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg85\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240574048187
DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.tvucricket.com/player/vjocx-en-black.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg85\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows1\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rakesh2\applic~1\mozilla\firefox\profiles\ar01dt0t.default\
FF - plugin: c:\documents and settings\rakesh2\application data\mozilla\firefox\profiles\ar01dt0t.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\rakesh2\application data\mozilla\firefox\profiles\ar01dt0t.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\rakesh2\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOlp32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows1\system32\drivers\avgldx86.sys [2009-4-22 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows1\system32\drivers\avgmfx86.sys [2009-4-22 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows1\system32\drivers\avgtdix.sys [2009-4-22 108552]
R1 vsdatant;vsdatant;c:\windows1\system32\vsdatant.sys [2009-4-22 353672]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg85\avgwdsvc.exe [2009-4-22 298264]
R2 vsmon;TrueVector Internet Monitor;c:\windows1\system32\zonelabs\vsmon.exe -service --> c:\windows1\system32\zonelabs\vsmon.exe -service [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows1\system32\spupdsvc.exe [2009-4-22 26144]
S2 vvdsvc;VJVodClientServices;c:\windows1\system32\svchost.exe -k vvdsvc [2004-8-4 14336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

=============== Created Last 30 ================

2009-04-25 11:08 91,136 ac------ c:\windows1\system32\dllcache\kswdmcap.ax
2009-04-25 11:08 61,952 ac------ c:\windows1\system32\dllcache\kstvtune.ax
2009-04-25 11:08 91,136 a------- c:\windows1\system32\kswdmcap.ax
2009-04-25 11:08 61,952 a------- c:\windows1\system32\kstvtune.ax
2009-04-25 11:08 53,760 ac------ c:\windows1\system32\dllcache\vfwwdm32.dll
2009-04-25 11:08 43,008 ac------ c:\windows1\system32\dllcache\ksxbar.ax
2009-04-25 11:08 20,992 ac------ c:\windows1\system32\dllcache\dshowext.ax
2009-04-25 11:08 53,760 a------- c:\windows1\system32\vfwwdm32.dll
2009-04-25 11:08 43,008 a------- c:\windows1\system32\ksxbar.ax
2009-04-25 11:08 20,992 a------- c:\windows1\system32\dshowext.ax
2009-04-25 11:08 32,128 ac------ c:\windows1\system32\dllcache\usbccgp.sys
2009-04-25 11:08 32,128 a------- c:\windows1\system32\drivers\usbccgp.sys
2009-04-25 10:26 <DIR> --d----- c:\windows1\ie8updates
2009-04-25 09:56 <DIR> --d----- C:\77f5a443f1fce4c423eccac73fba1571
2009-04-25 09:54 5,699,584 a------- c:\windows1\system32\SET1A9.tmp
2009-04-24 23:02 <DIR> --d----- c:\program files\Business Objects
2009-04-24 23:00 <DIR> --d----- c:\program files\Windows Mobile 5.0 SDK R2
2009-04-24 22:59 <DIR> --d----- c:\program files\Microsoft Synchronization Services
2009-04-24 22:59 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-04-24 22:32 <DIR> --d----- c:\program files\Microsoft Web Designer Tools
2009-04-24 21:44 <DIR> --d----- c:\program files\Trend Micro
2009-04-24 19:20 <DIR> -cd-h--- c:\windows1\ie8
2009-04-24 17:11 <DIR> --d----- c:\docume~1\rakesh2\applic~1\JAM Software
2009-04-24 12:55 1,089,593 -c------ c:\windows1\system32\dllcache\ntprint.cat
2009-04-24 12:43 268,648 a------- c:\windows1\system32\mucltui.dll
2009-04-24 12:43 27,496 a------- c:\windows1\system32\mucltui.dll.mui
2009-04-24 11:35 <DIR> --d----- c:\windows1\system32\XPSViewer
2009-04-24 11:34 597,504 -c------ c:\windows1\system32\dllcache\printfilterpipelinesvc.exe
2009-04-24 11:34 89,088 -c------ c:\windows1\system32\dllcache\filterpipelineprintproc.dll
2009-04-24 11:34 117,760 -------- c:\windows1\system32\prntvpt.dll
2009-04-24 11:34 1,676,288 -c------ c:\windows1\system32\dllcache\xpssvcs.dll
2009-04-24 11:34 575,488 -c------ c:\windows1\system32\dllcache\xpsshhdr.dll
2009-04-24 11:34 1,676,288 -------- c:\windows1\system32\xpssvcs.dll
2009-04-24 11:34 575,488 -------- c:\windows1\system32\xpsshhdr.dll
2009-04-24 11:34 <DIR> --d----- C:\212c44c6c21777ecdd84
2009-04-24 09:17 <DIR> --d----- c:\windows1\system32\nagasoft
2009-04-24 09:15 <DIR> --d----- c:\documents and settings\rakesh2\LocalLow
2009-04-24 09:15 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\TVU Networks
2009-04-24 09:05 87,800 a------- c:\windows1\system32\cpwmon2k.dll
2009-04-24 03:16 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\PreEmptive Solutions
2009-04-24 02:47 1,207,808 a------- c:\windows1\system32\Redemption.dll
2009-04-24 02:47 <DIR> --d----- c:\program files\Nucleus Kernel Exchange OST Recovery
2009-04-24 02:08 <DIR> --d----- c:\docume~1\rakesh2\applic~1\Windows Desktop Search
2009-04-24 02:06 <DIR> --d-h--- c:\windows1\system32\GroupPolicy
2009-04-24 02:06 <DIR> --d----- c:\program files\Windows Desktop Search
2009-04-24 02:05 98,304 -c------ c:\windows1\system32\dllcache\nlhtml.dll
2009-04-24 02:05 29,696 -c------ c:\windows1\system32\dllcache\mimefilt.dll
2009-04-24 02:05 192,000 -c------ c:\windows1\system32\dllcache\offfilt.dll
2009-04-24 00:21 <DIR> --d----- c:\windows1\system32\appmgmt
2009-04-23 22:50 <DIR> --d----- c:\documents and settings\rakesh2\VSWebCache
2009-04-23 22:38 463 a------- c:\windows1\ODBC.INI
2009-04-23 22:22 <DIR> --d----- c:\windows1\system32\URTTemp
2009-04-23 14:54 26,368 ac------ c:\windows1\system32\dllcache\usbstor.sys
2009-04-23 14:20 <DIR> --d----- c:\program files\IIS Resources
2009-04-23 10:51 <DIR> --d----- C:\Inetpub
2009-04-23 10:34 0 a------- c:\windows1\frontpg.ini
2009-04-23 10:33 <DIR> --d----- c:\windows1\IIS Temporary Compressed Files
2009-04-23 10:33 <DIR> --d----- c:\windows1\system32\Cache
2009-04-23 10:33 <DIR> --d----- c:\windows1\system32\FxsTmp
2009-04-23 10:32 535 a------- c:\windows1\system32\mapisvc.inf
2009-04-23 10:32 45,056 ac------ c:\windows1\system32\dllcache\EXCH_aqadmin.dll
2009-04-23 10:32 26,112 ac------ c:\windows1\system32\dllcache\EXCH_seos.dll
2009-04-23 10:31 132,608 ac------ c:\windows1\system32\dllcache\fxsclntr.dll
2009-04-23 10:31 111,104 ac------ c:\windows1\system32\dllcache\fxscfgwz.dll
2009-04-23 10:31 31,744 ac------ c:\windows1\system32\dllcache\fxsroute.dll
2009-04-23 10:31 11,264 ac------ c:\windows1\system32\dllcache\fxssend.exe
2009-04-23 10:31 132,608 a------- c:\windows1\system32\fxsclntR.dll
2009-04-23 10:31 111,104 a------- c:\windows1\system32\fxscfgwz.dll
2009-04-23 10:31 31,744 a------- c:\windows1\system32\fxsroute.dll
2009-04-23 10:31 11,264 a------- c:\windows1\system32\fxssend.exe
2009-04-23 10:31 1,793 a------- c:\windows1\system32\fxsperf.ini
2009-04-23 10:31 1,361 a------- c:\windows1\system32\fxscount.h
2009-04-23 03:22 <DIR> --d----- c:\docume~1\rakesh2\applic~1\Intuit Canada
2009-04-23 03:22 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Intuit Canada
2009-04-23 03:16 56 a---h--- c:\windows1\system32\ezsidmv.dat
2009-04-23 02:56 <DIR> --d----- c:\windows1\system32\LogFiles
2009-04-23 01:26 57 a------- c:\windows1\TaxACT08.ini
2009-04-22 20:32 4,212 a---h--- c:\windows1\system32\zllictbl.dat
2009-04-22 20:32 1,221,512 a------- c:\windows1\system32\zpeng25.dll
2009-04-22 20:32 <DIR> --d----- c:\windows1\system32\ZoneLabs
2009-04-22 20:32 350,192 a------- c:\windows1\system32\vsconfig.xml
2009-04-22 20:16 <DIR> --d----- c:\windows1\Internet Logs
2009-04-22 20:16 <DIR> --d-h--- c:\windows1\PIF
2009-04-22 19:42 10,520 a------- c:\windows1\system32\avgrsstx.dll
2009-04-22 19:42 108,552 a------- c:\windows1\system32\drivers\avgtdix.sys
2009-04-22 19:42 325,640 a------- c:\windows1\system32\drivers\avgldx86.sys
2009-04-22 19:42 <DIR> --d----- c:\windows1\system32\drivers\Avg
2009-04-22 19:27 32,592 a------- c:\windows1\system32\msonpmon.dll
2009-04-22 19:23 691,712 -c------ c:\windows1\system32\dllcache\inetcomm.dll
2009-04-22 19:22 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\avg8
2009-04-22 19:22 272,128 -c------ c:\windows1\system32\dllcache\bthport.sys
2009-04-22 19:20 203,136 -c------ c:\windows1\system32\dllcache\rmcast.sys
2009-04-22 19:20 455,296 -c------ c:\windows1\system32\dllcache\mrxsmb.sys
2009-04-22 19:20 333,952 -c------ c:\windows1\system32\dllcache\srv.sys
2009-04-22 19:20 331,776 -c------ c:\windows1\system32\dllcache\msadce.dll
2009-04-22 19:20 <DIR> --d----- c:\windows1\SHELLNEW
2009-04-22 19:14 337,408 -c------ c:\windows1\system32\dllcache\netapi32.dll
2009-04-22 19:14 1,106,944 -c------ c:\windows1\system32\dllcache\msxml3.dll
2009-04-22 19:13 1,203,922 -c------ c:\windows1\system32\dllcache\sysmain.sdb
2009-04-22 19:13 2,560 -------- c:\windows1\system32\xpsp4res.dll
2009-04-22 19:13 215,552 -c------ c:\windows1\system32\dllcache\wordpad.exe
2009-04-22 19:12 <DIR> --d----- c:\windows1\system32\PreInstall
2009-04-22 16:42 <DIR> --dsh--- c:\documents and settings\rakesh2\UserData
2009-04-22 16:36 <DIR> --d----- c:\windows1\system32\SoftwareDistribution
2009-04-22 16:34 9,457,664 a------- c:\windows1\system32\stacgui.cpl
2009-04-22 16:34 634,880 a------- c:\windows1\system32\stlang.dll
2009-04-22 16:34 417,792 a------- c:\windows1\stsystra.exe
2009-04-22 16:34 146,048 ac------ c:\windows1\system32\dllcache\portcls.sys
2009-04-22 16:34 129,536 ac------ c:\windows1\system32\dllcache\ksproxy.ax
2009-04-22 16:34 60,160 ac------ c:\windows1\system32\dllcache\drmk.sys
2009-04-22 16:34 4,096 ac------ c:\windows1\system32\dllcache\ksuser.dll
2009-04-22 16:34 146,048 a------- c:\windows1\system32\drivers\portcls.sys
2009-04-22 16:34 129,536 a------- c:\windows1\system32\ksproxy.ax
2009-04-22 16:34 60,160 a------- c:\windows1\system32\drivers\drmk.sys
2009-04-22 16:34 4,096 a------- c:\windows1\system32\ksuser.dll
2009-04-22 08:27 29,070 -c------ c:\windows1\system32\dllcache\wmp.inf
2009-04-22 08:26 13,312 ac------ c:\windows1\system32\dllcache\lonsint.dll
2009-04-22 08:25 285,184 ac------ c:\windows1\system32\dllcache\fxscomex.dll
2009-04-22 08:24 397,312 ac------ c:\windows1\system32\dllcache\fxstiff.dll
2009-04-22 08:24 397,312 a------- c:\windows1\system32\fxstiff.dll
2009-04-22 08:24 72,192 ac------ c:\windows1\system32\dllcache\fxscom.dll
2009-04-22 08:24 72,192 a------- c:\windows1\system32\fxscom.dll
2009-04-22 08:24 8,704 ac------ c:\windows1\system32\dllcache\fxsperf.dll
2009-04-22 08:24 8,704 a------- c:\windows1\system32\fxsperf.dll
2009-04-22 08:24 154,112 ac------ c:\windows1\system32\dllcache\fxsui.dll
2009-04-22 08:24 154,112 a------- c:\windows1\system32\fxsui.dll
2009-04-22 08:24 55,296 ac------ c:\windows1\system32\dllcache\fxsevent.dll
2009-04-22 08:24 55,296 a------- c:\windows1\system32\fxsevent.dll
2009-04-22 08:24 26,624 ac------ c:\windows1\system32\dllcache\fxsdrv.dll
2009-04-22 08:24 26,624 a------- c:\windows1\system32\fxsdrv.dll
2009-04-22 08:23 142,848 ac------ c:\windows1\system32\dllcache\fxsclnt.exe
2009-04-22 08:23 142,848 a------- c:\windows1\system32\fxsclnt.exe
2009-04-22 08:23 456,192 ac------ c:\windows1\system32\dllcache\smtpsvc.dll
2009-04-22 08:23 331,264 ac------ c:\windows1\system32\dllcache\aqueue.dll
2009-04-22 08:22 <DIR> --d----- c:\windows1\ServicePackFiles
2009-04-22 08:22 294,912 -c------ c:\windows1\system32\dllcache\dlimport.exe
2009-04-22 08:14 19,569 a------- c:\windows1\002881_.tmp
2009-04-22 08:13 <DIR> --d----- c:\windows1\system32\ReinstallBackups
2009-04-22 08:13 26,144 a------- c:\windows1\system32\spupdsvc.exe
2009-04-22 07:47 135,168 a------- c:\windows1\system32\igfxres.dll
2009-04-22 07:34 45,312 a----r-- c:\windows1\system32\drivers\bcm4sbxp.sys
2009-04-22 07:26 <DIR> --d----- c:\documents and settings\Rakesh2
2009-04-22 07:24 <DIR> --ds---- c:\windows1\system32\Microsoft
2009-04-22 07:24 8,192 a------- c:\windows1\REGLOCS.OLD
2009-04-22 07:21 229,439 ac------ c:\windows1\system32\dllcache\multibox.dll
2009-04-22 07:20 10,096,640 ac------ c:\windows1\system32\dllcache\hwxcht.dll
2009-04-22 07:19 <DIR> --d----- c:\windows1\system32\xircom
2009-04-22 07:19 <DIR> --d-h--- c:\windows1\$hf_mig$
2009-04-22 07:19 2,577 a------- c:\windows1\system32\CONFIG.NT
2009-04-22 07:19 0 a------- c:\windows1\control.ini
2009-04-22 07:18 23,392 a------- c:\windows1\system32\nscompat.tlb
2009-04-22 07:18 16,832 a------- c:\windows1\system32\amcompat.tlb
2009-04-22 07:18 316,640 a------- c:\windows1\WMSysPr9.prx
2009-04-22 07:17 <DIR> --dsh--- c:\documents and settings\all users.windows1\DRM
2009-04-22 07:17 488 a---hr-- c:\windows1\system32\WindowsLogon.manifest
2009-04-22 07:17 488 a---hr-- c:\windows1\system32\logonui.exe.manifest
2009-04-22 07:17 <DIR> --ds---- c:\windows1\Downloaded Program Files
2009-04-22 07:17 <DIR> --d--r-- c:\windows1\Offline Web Pages
2009-04-22 07:17 749 a---hr-- c:\windows1\WindowsShell.Manifest
2009-04-22 07:17 749 a---hr-- c:\windows1\system32\wuaucpl.cpl.manifest
2009-04-22 07:17 749 a---hr-- c:\windows1\system32\sapi.cpl.manifest
2009-04-22 07:17 749 a---hr-- c:\windows1\system32\nwc.cpl.manifest
2009-04-22 07:17 749 a---hr-- c:\windows1\system32\ncpa.cpl.manifest
2009-04-22 07:17 749 a---hr-- c:\windows1\system32\cdplayer.exe.manifest
2009-04-22 02:56 <DIR> --d--r-- c:\documents and settings\all users.windows1\Documents
2009-04-19 10:38 <DIR> --d----- c:\program files\TVUPlayer
2009-04-12 23:54 <DIR> --d----- c:\program files\QuickTax 2008
2009-04-11 11:46 <DIR> --d----- c:\program files\Troxo
2009-04-10 11:08 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-04-06 15:49 <DIR> --d----- c:\program files\Microsoft Windows Vista Upgrade Advisor
2009-04-04 03:32 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-02 15:39 <DIR> --d----- c:\program files\AskBarDis
2009-04-02 03:34 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-04-02 03:30 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-04-24 18:44 196,032 a------- c:\windows1\pchealth\helpctr\config\cache\Professional_32_1033.dat
2009-04-22 08:34 87,269 a------- c:\windows1\pchealth\helpctr\offlinecache\index.dat
2009-04-22 07:14 21,640 a------- c:\windows1\system32\emptyregdb.dat
2009-03-26 11:07 59,904 a------- c:\windows1\system32\zlib1.dll
2009-03-26 11:03 286,720 a------- c:\windows1\system32\libcurl.dll
2009-03-26 11:03 1,028,096 a------- c:\windows1\system32\libeay32.dll
2009-03-26 11:03 196,608 a------- c:\windows1\system32\ssleay32.dll
2009-03-26 11:03 143,360 a------- c:\windows1\system32\libexpatw.dll
2009-03-20 17:17 0 a------- C:\cryptedcodec.exe
2009-03-20 17:17 0 a------- C:\crypted.exe
2009-03-06 10:22 284,160 a------- c:\windows1\system32\pdh.dll
2009-02-09 08:10 729,088 a------- c:\windows1\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows1\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows1\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows1\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows1\system32\win32k.sys
2009-02-06 07:11 110,592 a------- c:\windows1\system32\services.exe
2009-02-06 07:06 2,145,280 a------- c:\windows1\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows1\system32\sc.exe
2009-02-06 06:32 2,023,936 a------- c:\windows1\system32\ntkrnlpa.exe
2009-02-03 15:59 56,832 a------- c:\windows1\system32\secur32.dll
2009-02-03 12:00 1,712,201 a------- c:\windows1\system32\InetClnt.dll

============= FINISH: 13:30:46.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 25 April 2009 - 06:43 PM

Hi rrmaron,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

The issue doesn't seem malware related, but I'll take a look at it.

Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.

#3 rrmaron

rrmaron
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 26 April 2009 - 02:45 AM

Thanks for responding, the Hijack this log is below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:48 AM, on 4/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS1\System32\smss.exe
C:\WINDOWS1\system32\winlogon.exe
C:\WINDOWS1\system32\services.exe
C:\WINDOWS1\system32\lsass.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\System32\svchost.exe
C:\WINDOWS1\system32\ZoneLabs\vsmon.exe
C:\WINDOWS1\system32\spoolsv.exe
C:\WINDOWS1\Explorer.EXE
C:\PROGRA~1\AVG\AVG85\avgwdsvc.exe
C:\WINDOWS1\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS1\system32\rundll32.exe
C:\WINDOWS1\system32\hkcmd.exe
C:\WINDOWS1\system32\igfxpers.exe
C:\WINDOWS1\system32\igfxsrvc.exe
C:\WINDOWS1\stsystra.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG85\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG85\avgrsx.exe
C:\Documents and Settings\Rakesh2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\AVG\AVG85\avgnsx.exe
C:\WINDOWS1\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS1\system32\svchost.exe
C:\WINDOWS1\system32\SearchIndexer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rakesh2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rakesh2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rakesh2\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG85\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS1\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS1\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS1\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG85\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rakesh2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS1\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS1\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240574048187
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.tvucricket.com/player/vjocx-en-black.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG85\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS1\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG85\avgwdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS1\system32\ZoneLabs\vsmon.exe

--
End of file - 6936 bytes

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 26 April 2009 - 04:53 AM

Please download Malwarebytes' Anti-Malware from MajorGeeks
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 28 April 2009 - 01:47 AM

Are you still there?

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,543 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 29 April 2009 - 04:39 PM

This thread will now be closed due to lack of activity.

If you need this topic reopened, please send me a PM within a couple of days and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users