ivanped Posted December 19, 2008 Report Share Posted December 19, 2008 Hello everyone, first please apologise about the english, i`m brazillian.I had installed the new IE8 Beta2 in my notebook on WinXP SP3 and tried to uninstall at the add/remove windows components menu, at control panel.Unfortunatelly, anything was removed, just the Outllok Express. After I discovered about the spuninst.exe, at \windows\ie8, which worked fine.Before delete this, I downloaded the IE7 Final, and after delete IE8, I installed the previous version.Everything working fine, IE7 running normally. But, after clicking at the ActiveX yellow bar in IE on my default site (www.terra.com.br), IE crashed and all the icons of IE and WMP, in the taskbar, desktop e start menu, disappeared.I tried to reinstall 5 times and remove the IE7, but nevermore appeared the icons and I couldn`t start the IE7. On the \windows\ie7\ folder I found the iexplore.exe, but when clicked, opened the very old IE6.Surprisingly, when typing "iexplore" on Run, the IE7 opens! But I can`t find from where it comes, to create a new icon.I was told that it could be a trojan or any kind of virus. Therefore, i ask for your help by reading my HiJackThis log.Thanx everyone so far,Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:24:13, on 19/12/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exeC:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\system32\spoolsv.exeC:\ARQUIV~1\AVG\AVG8\avgwdsvc.exeC:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Arquivos de programas\Sony\VAIO Event Service\VESMgr.exeC:\WINDOWS\Explorer.EXEC:\ARQUIV~1\AVG\AVG8\avgrsx.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxsrvc.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\Arquivos de programas\IDT\WDM\sttray.exeC:\ARQUIV~1\AVG\AVG8\avgtray.exeC:\Arquivos de programas\Sony\Wireless Switch Setting Utility\Switcher.exeC:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.ExeC:\WINDOWS\system32\ctfmon.exeC:\Arquivos de programas\Windows Live\Messenger\usnsvc.exeC:\WINDOWS\system32\wuauclt.exeC:\Arquivos de programas\Internet Explorer\IEXPLORE.EXEC:\Arquivos de programas\WinRAR\WinRAR.exeC:\Documents and Settings\Administrador\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.aspR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157O1 - Hosts: 66.98.148.65 auto.search.msn.comO1 - Hosts: 66.98.148.65 auto.search.msn.esO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exeO4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exeO4 - HKLM\..\Run: [switcher.exe] C:\Arquivos de programas\Sony\Wireless Switch Setting Utility\Switcher.exeO4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1229440031046O20 - AppInit_DLLs: avgrsstx.dllO23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Arquivos de programas\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Arquivos de programas\Sony\VAIO Event Service\VESMgr.exe--End of file - 5120 bytes Link to post Share on other sites
sarahw Posted December 23, 2008 Report Share Posted December 23, 2008 Hi,Not sure if this is a Virus, but we will check anyways. Please download Malwarebytes' Anti-Malware from Here or HereDouble Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Link to post Share on other sites
Recommended Posts