Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Problem opening IE7- IE7 appears and disappears  (Read 4066 times)

0 Members and 1 Guest are viewing this topic.

gesk

  • Guest
Problem opening IE7- IE7 appears and disappears
« on: January 23, 2009, 07:04:15 PM »
When I open Intenet Explorer 7, IE7 opens, but then closes.  I've produced three log files that were recommended in Computer Hope link and quaranteened Malware and Spyware and problem has gone away.  However, my understanding is that other work still needs to be done.

Here are my log files.  Thanks, Grant

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/23/2009 at 00:44 AM

Application Version : 4.25.1012

Core Rules Database Version : 3716
Trace Rules Database Version: 1690

Scan type       : Complete Scan
Total Scan Time : 00:30:55

Memory items scanned      : 499
Memory threats detected   : 3
Registry items scanned    : 4547
Registry threats detected : 18
File items scanned        : 13228
File threats detected     : 17

Trojan.Smitfraud Variant-Gen/Bensorty
   C:\WINDOWS\SYSTEM32\HGFDGE4UNJDFDG.DLL
   C:\WINDOWS\SYSTEM32\HGFDGE4UNJDFDG.DLL

Trojan.WinLogin
   C:\DOCUME~1\GRANTI~1\LOCALS~1\TEMP\WINLOGIN.EXE
   C:\DOCUME~1\GRANTI~1\LOCALS~1\TEMP\WINLOGIN.EXE
   [jsf8uiw3jnjgffght] C:\DOCUME~1\GRANTI~1\LOCALS~1\TEMP\WINLOGIN.EXE
   [jsf8uiw3jnjgffght] C:\DOCUME~1\GRANTI~1\LOCALS~1\TEMP\WINLOGIN.EXE
   C:\DOCUMENTS AND SETTINGS\GRANT INOUYE\LOCAL SETTINGS\TEMP\WINLOGIN.EXE
   C:\WINDOWS\Prefetch\WINLOGIN.EXE-268AF4A8.pf

Trojan.Csrssc/Systemc-B
   C:\DOCUME~1\GRANTI~1\LOCALS~1\TEMP\CSRSSC.EXE
   C:\DOCUME~1\GRANTI~1\LOCALS~1\TEMP\CSRSSC.EXE
   [tezrtsjhfr84iusjfo84f] C:\DOCUME~1\GRANTI~1\LOCALS~1\TEMP\CSRSSC.EXE
   C:\DOCUMENTS AND SETTINGS\GRANT INOUYE\LOCAL SETTINGS\TEMP\CSRSSC.EXE
   C:\WINDOWS\Prefetch\CSRSSC.EXE-25C40C1C.pf

Adware.Vundo Variant
   HKLM\Software\Classes\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C8955}
   HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C8955}
   HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C8955}
   HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C8955}#ThreadingModel
   HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C8955}\InProcServer32
   HKCR\CLSID\{C5BF49A2-94F3-42BD-F434-3604812C8955}\InProcServer32#ThreadingModel
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c5bf49a2-94f3-42bd-f434-3604812c8955}
   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{C5BF49A2-94F3-42BD-F434-3604812C8955}
   HKU\.default\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955}
   HKU\s-1-5-21-1177238915-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5BF49A2-94F3-42BD-F434-3604812C8955}
   HKU\s-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5bf49a2-94f3-42bd-f434-3604812c8955}

Unclassified.Unknown Origin
   HKU\s-1-5-21-1177238915-1606980848-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c}

Rootkit.Agent/Gen-Rustock
   HKLM\system\controlset001\services\8f5111b2
   C:\WINDOWS\SYSTEM32\DRIVERS\8F5111B2.SYS
   HKLM\system\controlset002\services\8f5111b2
   HKLM\system\controlset003\services\8f5111b2

Adware.Vundo/Variant
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BEA53C1A-4457-48FA-98FA-FFB1E469CE72}\RP39\A0017713.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BEA53C1A-4457-48FA-98FA-FFB1E469CE72}\RP39\A0017726.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BEA53C1A-4457-48FA-98FA-FFB1E469CE72}\RP39\A0017746.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BEA53C1A-4457-48FA-98FA-FFB1E469CE72}\RP40\A0017809.DLL
   C:\SYSTEM VOLUME INFORMATION\_RESTORE{BEA53C1A-4457-48FA-98FA-FFB1E469CE72}\RP40\A0019841.DLL

Trojan.Vundo-Variant/Small-GEN
   C:\WINDOWS\SYSTEM32\KHFETJKH.DLL
   C:\WINDOWS\SYSTEM32\OPNLIAXY.DLL
   C:\WINDOWS\SYSTEM32\OPNLICCR.DLL
   C:\WINDOWS\SYSTEM32\OPNMMEFU.DLL




alwarebytes' Anti-Malware 1.33
Database version: 1685
Windows 5.1.2600 Service Pack 3

1/23/2009 5:22:39 PM
mbam-log-2009-01-23 (17-22-39).txt

Scan type: Quick Scan
Objects scanned: 48212
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jsf8uiw3jnjgffght (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ajoyupujaxak (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msudevuqanalep (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system configuration backup (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\Drivers\8f5111b2.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\nhjib.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Ccirakenupi.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\uraxiyayidad.dll (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-5306954287-4256034005-165508781-0278\sysdate.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\yayaXPif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:35:39 PM, on 1/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\My Essentials\USB ME1001-USB\Wireless Utility\O-Maxwcui.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Airlink101\Airlink101 PS Software\PsLink.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\psmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Grant Inouye\Application Data\U3\000016267375FBD9\LaunchPad.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CaPPcl] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe /scan /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [data] C:\WINDOWS\system32:data.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: My Essentials Wireless USB Utility.lnk = C:\Program Files\My Essentials\USB ME1001-USB\Wireless Utility\O-Maxwcui.exe
O4 - Global Startup: PS-Link.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224440206523
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1230406472302&h=eaa6aca9179e72eb905a69a9b72b66f8/&filename=jinstall-6u11-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !saswinlogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9498 bytes

Logged
Pages: [1]   Go Up
« previous next »