Jump to content

Recommended Posts

I'm working on a friend's computer and after sorting out a number of issues, I'm down to IE not loading.

A little history may help:

It's running Windows XP Pro. (now has SP2 but didn't at first)

The system would hang at the welcome screen and never move forward.

I did a repair from the XP installation disc and that allowed me to get booted up and logged in.

Running various scanners netted me a few things cleaned out, but the system was infected by AntivirusXP 2009.

I manually removed that and let the scanners clean up everything else, but:

Spybot crashes with a blue screen, giving a 0x0000008E stop message.

Malwarebyte's would not register the few dlls that are addressed in another thread here - and the fixes given didn't help.

I couldn't run any online scan, because IE wouldn't load.

I get an app_compat error citing urlmon.dll

AppName: iexplore.exe AppVer: 7.0.6000.16574 ModName: urlmon.dll

ModVer: 6.0.2900.2180 Offset: 0003c43a

Where I'm at now:

I installed FireFox and can access the internet fine. However, I do need to get IE fixed because my friend is completely new to computers and I don't want to change too much for fear of causing confusion... and Windows Updates won't work with IE in its current state.

I've downloaded SP2 and installed it after a few tries and fixes - I had to return the security settings to default.

After that, malwarebytes installed and ran fine.

Now, I'm working through the Pre-HJT instructions.

However, Spybot still crashes. Although I do recall getting through it once and cleaning things out, but sorry, I don't have a log for that.

mbam quick scan says no infections, but here's the log

Malwarebytes' Anti-Malware 1.30

Database version: 1443

Windows 5.1.2600 Service Pack 2

12/1/2008 6:10:31 PM

mbam-log-2008-12-01 (18-10-31).txt

Scan type: Quick Scan

Objects scanned: 40994

Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Panda ActiveScan report

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-01 19:11:01

PROTECTIONS: 0

MALWARE: 0

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

150243 HIGH MS07-008

126087 HIGH MS06-046

120823 MEDIUM MS06-030

93454 MEDIUM MS05-049

;===============================================================================

================================================================================

=

===================

I've downloaded and installed the patches indicated for the above vulnerabilities.

Here's the HJT log: (I haven't Fixed anythign yet.)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:37:34 PM, on 12/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User '?')

O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User '?')

O4 - HKUS\S-1-5-21-1202660629-573735546-682003330-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')

O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User '?')

O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/microsoftupdat...b?1199944460281

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdat...b?1199944447890

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 4032 bytes

Thanks for the help.

Link to post
Share on other sites

That's probably best since it could be a lingering infection causing the issues, in the meantime you might try uninstalling IE7 through add/remove programs, then reinstalling it and loading SP3 is a good idea also, but I would wait on that one until the PC is completely clean and running normally as installing the service pack on an infected machine could cause more issues than it fixes. Good luck and safe surfing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.