Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer 10 crashes immediately. IE9 works though.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Twotone

Twotone

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:11:27 AM

Posted 10 June 2013 - 07:33 PM

I am having Internet Explorer 10 problems after Ransom removal. I have ran Malwarebytes to get rid of the the ransom virus. I ran Spybot 2, adwcleaner and JRT to clean up some stuff. Unfortunately after doing all of the windows updates which includes IE10 Internet Explorer immediately crashes.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Lin at 19:29:03 on 2013-06-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4056.3137 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9B42EFC8-7EF2-45AE-BBCA-A38F3D2DAE70} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9B42EFC8-7EF2-45AE-BBCA-A38F3D2DAE70}\14454553531323 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9B42EFC8-7EF2-45AE-BBCA-A38F3D2DAE70}\14775637F6D656023516573656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9B42EFC8-7EF2-45AE-BBCA-A38F3D2DAE70}\64F6365737020527563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9B42EFC8-7EF2-45AE-BBCA-A38F3D2DAE70}\74F64602943702751647368696E6760295F6570245F6F6 : DHCPNameServer = 64.53.83.131 64.53.83.132 192.168.1.1
TCP: Interfaces\{9B42EFC8-7EF2-45AE-BBCA-A38F3D2DAE70}\E45445745414253353 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9B42EFC8-7EF2-45AE-BBCA-A38F3D2DAE70}\E45445745414253353D25374 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-3 55280]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2009-12-3 172704]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-12-3 5435904]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-3 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-4 19456]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-3-31 227840]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-5-4 198528]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-4 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-14 1255736]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S4 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
S4 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-5-7 135824]
S4 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S4 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-6-4 1817560]
S4 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-6-4 1033688]
S4 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-6-4 171928]
S4 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2009-12-3 1692480]
.
=============== Created Last 30 ================
.
2013-06-11 00:05:52 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-11 00:03:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 00:03:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-10 23:43:59 -------- d-sh--w- C:\$RECYCLE.BIN
2013-06-10 23:17:59 -------- d-----w- C:\Windows\ERUNT
2013-06-10 23:17:51 -------- d-----w- C:\JRT
2013-06-10 23:06:18 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-10 18:56:50 -------- d-----w- C:\Windows\pss
2013-06-04 20:25:03 3072 ----a-w- C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-06-04 20:25:02 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-04 20:25:02 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-04 20:25:02 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-04 20:17:16 -------- d-----w- C:\Users\Lin\AppData\Local\Microsoft Help
2013-06-04 20:11:25 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-06-04 20:11:25 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-06-04 20:11:24 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-06-04 20:11:24 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-06-04 20:11:24 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-06-04 20:11:24 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-06-04 20:11:24 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-06-04 20:11:23 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-06-04 20:11:22 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-06-04 19:11:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-06-04 19:11:43 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-06-04 19:11:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-06-04 19:09:54 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-06-04 19:09:54 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-06-04 19:09:35 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-06-04 19:09:34 866720 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-06-04 16:56:51 -------- d-----w- C:\Users\Lin\AppData\Roaming\Malwarebytes
2013-06-04 16:54:03 -------- d-----w- C:\ProgramData\Malwarebytes
2013-06-04 16:54:02 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-06-04 16:54:02 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-04 16:53:56 -------- d-----w- C:\Users\Lin\AppData\Local\Programs
2013-06-04 14:46:54 98816 ----a-w- C:\Windows\sed.exe
2013-06-04 14:46:54 256000 ----a-w- C:\Windows\PEV.exe
2013-06-04 14:46:54 208896 ----a-w- C:\Windows\MBR.exe
2013-06-03 22:59:37 -------- d-----w- C:\ProgramData\AT&T
2013-05-31 23:48:21 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4BA0A2D-35A4-4AF4-BA59-33775B226A34}\mpengine.dll
2013-05-15 19:38:18 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-15 19:38:18 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-15 19:38:18 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-15 19:38:10 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-15 19:38:09 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-15 19:38:09 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-15 19:38:09 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-15 19:37:50 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-15 19:37:50 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-15 19:37:49 3153920 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-05-07 23:43:56 10752 ----a-w- C:\Windows\System32\E_GCINST.DLL
2013-05-07 23:43:55 83968 ----a-w- C:\Windows\System32\E_YD4BIUE.DLL
2013-05-07 23:43:55 120320 ----a-w- C:\Windows\System32\E_YLMIUE.DLL
2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-02 15:22:04 2274480 ----a-w- C:\Windows\System32\coin94.dll
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
.
============= FINISH: 19:30:13.95 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Twotone

Twotone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:11:27 AM

Posted 13 June 2013 - 02:02 PM

3 Day bump.



#3 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:27 PM

Posted 14 June 2013 - 06:59 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please reply to this post so I know you are there.

The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:


jetian6yw.jpg
m0le is a proud member of UNITE

#4 Twotone

Twotone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:11:27 AM

Posted 15 June 2013 - 10:00 AM

Replying for Instructions but I will not be able to perform the instructions on that laptop until Monday. I may go by and pick it up from the office but in the mean time I don't have plans to.



#5 Twotone

Twotone
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:11:27 AM

Posted 17 June 2013 - 11:09 AM

Hey m0le. You can close this thread. Sorry for the inconvenience but we have wiped / reinstalled this computer.



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Instructor
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:27 PM

Posted 17 June 2013 - 07:17 PM

No worries, Twotone. Thanks for the heads-up

-----------------------------------------------

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
jetian6yw.jpg
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users