Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't open internet explorer


  • This topic is locked This topic is locked
2 replies to this topic

#1 mark_ksz

mark_ksz

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 26 April 2011 - 09:09 PM

This is a Toshiba laptop. Whenever I go to open internet explorer I get this error ieplore.exe - bad image c:\windows\apppatch\acspecfc.dll is either not designed to run on windows or it contains an error. But I can open internet explorer when in safe mode.

My DDS log is:

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Mark & Gini at 21:01:09.96 on Tue 04/26/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1915.1340 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Mark & Gini\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://m.www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uSearch Bar =
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local;192.168.*.*
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
TB: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [WeatherDPA] "c:\program files\hotbar\bin\11.0.78.0\Weather.exe" -auto
uRun: [QuickPhrase] "c:\program files\typingmaster\quickphrase\quickphrase.exe"
uRun: [Avi Player] "c:\program files\avi player\AviPlayer.exe" hmw
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\mark&g~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: line6.net
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {895D1291-D5BD-4982-BA84-AD11D29C1D6A} - hxxp://community.weightwatchers.com/Scripts/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-8-28 25896]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2009-8-28 290304]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-14 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-14 17744]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-14 50256]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-14 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files\motorola media link\NServiceEntry.exe [2010-11-5 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-1 136176]
S2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-12-2 218432]
S2 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 46392]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-14 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-14 40384]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [2010-3-9 571264]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2010-9-29 20224]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-27 00:43:52 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 00:43:52 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 00:41:44 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5d986418-8af1-4f5e-9ba8-0130bc9ae5dd}\mpengine.dll
2011-04-19 01:36:56 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2011-03-10 16:12:54 1161728 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 16:12:54 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:00:15 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 14:56:29 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56:26 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56:25 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56:25 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 12:53:48 2040832 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 14:49:43 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-18 15:48:42 833024 ----a-w- c:\windows\system32\wininet.dll
2011-02-18 15:45:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-18 14:09:54 389632 ----a-w- c:\windows\system32\html.iec
2011-02-18 13:48:10 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-16 15:35:41 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 15:29:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 13:24:56 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-02-06 03:38:51 87608 ----a-w- c:\users\mark&g~1\appdata\roaming\inst.exe
2011-02-06 03:38:51 47360 ----a-w- c:\users\mark&g~1\appdata\roaming\pcouffin.sys
2011-02-02 22:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:02:41.13 ===============


GMER Log:

GMER 1.0.15.15565 - http://www.gmer.net
Rootkit scan 2011-04-26 22:08:09
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG01
Running: p1v50pxk.exe; Driver: C:\Users\MARK&G~1\AppData\Local\Temp\fwtoiuoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88550480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x88591900, 0x3CA, 0x48000040]
? C:\Users\MARK&G~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

---- Files - GMER 1.0.15 ----

File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\00454744183=36.txt 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\00454744183=38.txt 25 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\event-focus-min[1].js 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\SoundPlayer[1].swf 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\186594_42201261_7299266_q[1].jpg 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\history_manager[7].htm 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\widget[1].css 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\wifism[1].jpg 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\O4MC2pFJMzJ[1].css 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\183=36.txt 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\161997_44263599741_7598929_q[1].jpg 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\162144_10150159445457443_10150159439907443_17558_1363_t[1].jpg 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\p_100000454744183=36.txt 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\p_100000454744183=36[3].txt 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\p_100000454744183=38[11].txt 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\yui-min[1].js 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\yuTcDB9W2aw[2].png 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\AENYIEMCATJUSDCCA6UIOO8CAJCE2U2CADSBHX5CAFI5DEOCABLJ43SCAYFCU8OCAXZTASZCAWMSILGCACOFI81CAB1H48PCAJIZ42GCAGYNJE4CAYSGYJ6CAFOGWW3CAMRPSGSCA05ZFU8CAKITZI1.txt 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\AFXR3TRCA1P77ZFCAV9ADVXCA09FDMACAIUW4Z7CARJZ26CCA29FHEVCASI7JMUCANQ540JCAKNIOLNCA8TE9ZFCAY2TVC7CAUZYEZDCAH88F9LCAGV60J2CAO8BAGMCAOTTQATCARKUZ3HCATXMQDN.txt 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\AGWQ2UQCA8X61J2CANV0CH5CAS8TUAZCAEEH83MCAMVK6S3CACR9U92CAUW6UJOCA5TMFQJCALDOOGECAF3PPHMCAIGUO8VCAQBFN3KCAVCI6BUCA9C3VWICAZLOH6JCA8F9KFVCASEHZPACAUJRF2M.txt 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2DJYQCX4\1294700108596113578_1_df05b7f5[1].jpg 0 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50V9NUI5\tools[1] 3560 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63HDB4QD\afe_specificclick_net[1].htm 933 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\63HDB4QD\PointRollAds1[1].htm 95 bytes
File C:\Users\Mark & Gini\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ZQ8WJ39\httpErrorPagesScripts[1] 7579 bytes

---- EOF - GMER 1.0.15 ----

Attached Files

  • Attached File  DDS.txt   9.93KB   0 downloads
  • Attached File  gmer.log   9.17KB   0 downloads


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:40 PM

Posted 04 May 2011 - 06:48 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:40 PM

Posted 09 May 2011 - 07:35 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users