Jump to content

Help - IE won't start


Recommended Posts

I have a PC that was infected with Security Essentials 2010. Scanning with Malwarebytes several times seems to have removed it but Internet Explorer will not start unless in Safe mode. I have followed the instructions - here are the resulting log files. Any help would be greatly appreciated. Thanks!!

Contest of DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Administrator at 22:44:18.18 on Thu 07/29/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.542 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\iTunes\iTunesHelper.exe

svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\RegCure\RegCure.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://edwardcullen.yoursearchcentral.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\forget~1.lnk - c:\program files\broderbund\ag creatacard\agremind.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe

mPolicies-system: EnableLUA = 0 (0x0)

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: cyber-deployment.com

Trusted Zone: cyber-deployment.com

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxsrvc.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-07-30 03:41:15 0 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-07-29 01:57:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-29 01:57:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-29 01:57:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-28 04:01:44 0 dc-h--w- c:\windows\ie8

2010-07-25 04:05:04 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-07-25 04:04:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-23 01:22:50 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2010-07-23 01:22:50 21504 ----a-w- c:\windows\system32\hidserv.dll

2010-07-23 01:22:40 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2010-07-23 01:22:40 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2010-07-22 14:24:11 1174476 ----a-w- c:\windows\setupapi.log.1.old

2010-07-22 14:14:20 120 ----a-w- c:\windows\Ewanumiw.dat

2010-07-22 14:14:20 0 ----a-w- c:\windows\Hrabacos.bin

2010-07-20 00:16:56 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

2010-07-15 15:16:33 2780119 ----a-w- c:\windows\setupapi.log.0.old

2010-07-15 05:33:03 47616 ---ha-w- c:\windows\system32\evendt32.dll

==================== Find3M ====================

2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 22:45:31.91 ===============

attach.zip

Link to post
Share on other sites

  • 5 weeks later...
  • 5 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.