Jump to content

Recommended Posts

I'm working on a friend's computer and after sorting out a number of issues, I'm down to IE not loading.

A little history may help:

It's running Windows XP Pro. (now has SP2 but didn't at first)

The system would hang at the welcome screen and never move forward.

I did a repair from the XP installation disc and that allowed me to get booted up and logged in.

Running various scanners netted me a few things cleaned out, but the system was infected by AntivirusXP 2009.

I manually removed that and let the scanners clean up everything else, but:

Spybot crashes with a blue screen, giving a 0x0000008E stop message.

Malwarebyte's would not register the few dlls that are addressed in another thread here - and the fixes given didn't help.

I couldn't run any online scan, because IE wouldn't load.

I get an app_compat error citing urlmon.dll

AppName: iexplore.exe AppVer: 7.0.6000.16574 ModName: urlmon.dll

ModVer: 6.0.2900.2180 Offset: 0003c43a

Where I'm at now:

I installed FireFox and can access the internet fine. However, I do need to get IE fixed because my friend is completely new to computers and I don't want to change too much for fear of causing confusion... and Windows Updates won't work with IE in its current state.

I've downloaded SP2 and installed it after a few tries and fixes - I had to return the security settings to default.

After that, malwarebytes installed and ran fine.

Now, I'm working through the Pre-HJT instructions.

However, Spybot still crashes. Although I do recall getting through it once and cleaning things out, but sorry, I don't have a log for that.

mbam quick scan says no infections, but here's the log

Malwarebytes' Anti-Malware 1.30

Database version: 1443

Windows 5.1.2600 Service Pack 2

12/1/2008 6:10:31 PM

mbam-log-2008-12-01 (18-10-31).txt

Scan type: Quick Scan

Objects scanned: 40994

Time elapsed: 7 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Panda ActiveScan report

;*******************************************************************************

********************************************************************************

*

*******************

ANALYSIS: 2008-12-01 19:11:01

PROTECTIONS: 0

MALWARE: 0

SUSPECTS: 0

;*******************************************************************************

********************************************************************************

*

*******************

PROTECTIONS

Description Version Active Updated

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

SUSPECTS

Sent Location

;===============================================================================

================================================================================

=

===================

;===============================================================================

================================================================================

=

===================

VULNERABILITIES

Id Severity Description

;===============================================================================

================================================================================

=

===================

150243 HIGH MS07-008

126087 HIGH MS06-046

120823 MEDIUM MS06-030

93454 MEDIUM MS05-049

;===============================================================================

================================================================================

=

===================

I've downloaded and installed the patches indicated for the above vulnerabilities.

Here's the HJT log: (I haven't Fixed anythign yet.)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:37:34 PM, on 12/1/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 SP2 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Java

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.