Hello everyone, first please apologise about the english, i`m brazillian.
I had installed the new IE8 Beta2 in my notebook on WinXP SP3 and tried to uninstall at the add/remove windows components menu, at control panel.
Unfortunatelly, anything was removed, just the Outllok Express. After I discovered about the spuninst.exe, at \windows\ie8, which worked fine.
Before delete this, I downloaded the IE7 Final, and after delete IE8, I installed the previous version.
Everything working fine, IE7 running normally. But, after clicking at the ActiveX yellow bar in IE on my default site (www.terra.com.br), IE crashed and all the icons of IE and WMP, in the taskbar, desktop e start menu, disappeared.
I tried to reinstall 5 times and remove the IE7, but nevermore appeared the icons and I couldn`t start the IE7. On the \windows\ie7\ folder I found the iexplore.exe, but when clicked, opened the very old IE6.
Surprisingly, when typing "iexplore" on Run, the IE7 opens! But I can`t find from where it comes, to create a new icon.
I was told that it could be a trojan or any kind of virus. Therefore, i ask for your help by reading my HiJackThis log.
Thanx everyone so far,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:24:13, on 19/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\IDT\WDM\sttray.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
Hijackthis Log[INACTIVE]
in Malware Removal
Posted
Hello everyone, first please apologise about the english, i`m brazillian.
I had installed the new IE8 Beta2 in my notebook on WinXP SP3 and tried to uninstall at the add/remove windows components menu, at control panel.
Unfortunatelly, anything was removed, just the Outllok Express. After I discovered about the spuninst.exe, at \windows\ie8, which worked fine.
Before delete this, I downloaded the IE7 Final, and after delete IE8, I installed the previous version.
Everything working fine, IE7 running normally. But, after clicking at the ActiveX yellow bar in IE on my default site (www.terra.com.br), IE crashed and all the icons of IE and WMP, in the taskbar, desktop e start menu, disappeared.
I tried to reinstall 5 times and remove the IE7, but nevermore appeared the icons and I couldn`t start the IE7. On the \windows\ie7\ folder I found the iexplore.exe, but when clicked, opened the very old IE6.
Surprisingly, when typing "iexplore" on Run, the IE7 opens! But I can`t find from where it comes, to create a new icon.
I was told that it could be a trojan or any kind of virus. Therefore, i ask for your help by reading my HiJackThis log.
Thanx everyone so far,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:24:13, on 19/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\Explorer.EXE
C:\ARQUIV~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\IDT\WDM\sttray.exe
C:\ARQUIV~1\AVG\AVG8\avgtray.exe
C:\Arquivos de programas\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Internet Explorer\IEXPLORE.EXE
C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\Documents and Settings\Administrador\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [switcher.exe] C:\Arquivos de programas\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229440031046
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Arquivos de programas\Sony\VAIO Event Service\VESMgr.exe
--
End of file - 5120 bytes