Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot open Iexplore


  • Please log in to reply
12 replies to this topic

#1 p001

p001

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 23 March 2009 - 06:55 PM

I cannot open Iexplore in my computer. I scanned the system using Ad-Aware and couldn't find any issues. I am currently running Symantec Endpoint Protection 11.0.4.


Here is the error message when I tried to run iexplore.exe

Windows cannot find ‘C:\Program Files\Internet Explorer\iexplore.exe’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Your help will be greatly appreciated.

Edit: Adding more info

OS: Windows XP Service Pack 3
Browser: IE7

I un-installed IE7 and it is gave me same error with IE6 browser. I got same error when I installed new IE8 too.

Edited by p001, 24 March 2009 - 01:04 AM.
Moved from HJT thread, no log. TW


BC AdBot (Login to Remove)

 


#2 p001

p001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 24 March 2009 - 12:55 AM

Please let me know if my post is not clear or if I need to provide more info. Thanks.

#3 p001

p001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 24 March 2009 - 06:31 PM

Hmm......

I am just wondering as I didn't see any help here in last 24 hours.

I am trying to understand.....

1. Is it the normal turnaround time? If that is the case then sorry, I can wait.

2. Am I not clear on my post? I can add the required info if this is the reason.

3. Something else? Please let me know what is wrong in my thread.

:thumbsup:

Edited by p001, 24 March 2009 - 06:32 PM.


#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:36 AM

Posted 01 April 2009 - 01:58 PM

If you use windows explorer to browse to C:\Program Files\Internet Explorer\iexplore.exe, does the file exist?

#5 p001

p001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 02 April 2009 - 04:59 PM

Thanks for your response.

Yes, the file is there. I got same error when I double clicked on that file too.

Edited by p001, 02 April 2009 - 05:01 PM.


#6 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:36 AM

Posted 03 April 2009 - 11:24 AM

Download this file and save it on your desktop:

http://download.bleepingcomputer.com/grinler/bats/iefo.bat

When done downloading, double-click on it, and let it run. When it is done a notepad will open. Post the contents of this notepad as a reply to this topic.

#7 p001

p001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 03 April 2009 - 12:24 PM

One more piece of information....

I compared this Registry section with one of my other computer, which has similar setup and working fine. Here are my observations.

1. I couldn't find any entry for "iexplorer.exe" in ("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\") directory in that 2nd computer.

2. In the current computer (the one that I have problem and posted the log) I found this additional info for "iexplorer.exe" Reg entry.

--------
KEY Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Name: (Default)
Type: REG_SZ
Data: (Value not set)

Name: Debugger
Type: REG_SZ
Data: C:\WINDOWS\system32\klomp.exe

I verified and my system doesn't have klomp.exe file in "C:\WINDOWS\system32\" directory (I have enabled "show hidden files and folders)

-----------

Please discard this message if it is not relevant to my IE problem.

Edited by p001, 03 April 2009 - 12:29 PM.


#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:36 AM

Posted 03 April 2009 - 05:52 PM

Yes, thats very relevant and i see the problem. I just want to have you rerun the batch file again as I had an error in the previous.

Please download from here:

http://download.bleepingcomputer.com/grinler/bats/iefo.bat

rerun and post the contents. We will then get started removing this infection, but you mostly likely have more infections so may want to follow the steps here after we get IE working:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

In the meantime rerun and post the batch file output so I can make sure no other debuggers are compromised.

#9 p001

p001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 04 April 2009 - 01:15 AM

Here is the output.................
-----------------------------------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
ApplicationGoo REG_BINARY 140200001002000000020000900434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000007000B000000000007000B0000003F000000020000000400010001000000000000000000000000000000440000000100560061007200460069006C00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F006E00000000000904E404F0030000010053007400720069006E006700460069006C00650049006E0066006F000000CC03000001003000340030003900300034004500340000004A001900010043006F006D006D0065006E007400730000004300720079007300740061006C002000530051004C002000440065007300690067006E0065007200200037002E0030000000000088003400010043006F006D00700061006E0079004E0061006D006500000000005300650061006700610074006500200053006F00660074007700610072006500200049006E0066006F0072006D006100740069006F006E0020004D0061006E006100670065006D0065006E0074002000470072006F00750070002C00200049006E0063002E000000AE00450001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000280063002900200031003900390031002D003100390039001000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
ApplicationGoo REG_BINARY 5409000054020000000200008C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000200A8112E0400000200A8112E0400003F000000200000000400000001000000000000000000000000000000EC020000010053007400720069006E006700460069006C00650049006E0066006F000000C8020000010030003000300030003000340062003000000038001000010043006F006D006D0065006E007400730000004F007200690067006E0061006C002000560065007200730069006F006E00000042001100010043006F006D00700061006E0079004E0061006D006500000000005300410050002000410047002C002000570061006C006C0064006F0072006600000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F0077007300000000003C000E000100460069006C006500560065007200730069006F006E000000000034003500320030002E0032002E0030002E003100300037003000000032000900010049006E007400650072006E0061006C004E0061006D0065000000460045005700460052004F004E005400000000007A002B0001004C006500670061006C0043006F007000790072006900670068000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B00200033000000230054020000000200008C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010003009E112604000003009E11260400003F000000200000000400000001000000000000000000000000000000EC020000010053007400720069006E006700460069006C00650049006E0066006F000000C8020000010030003000300030003000340062003000000038001000010043006F006D006D0065006E007400730000004F007200690067006E0061006C002000560065007200730069006F006E00000042001100010043006F006D00700061006E0079004E0061006D006500000000005300410050002000410047002C002000570061006C006C0064006F0072006600000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F0077007300000000003C000E000100460069006C006500560065007200730069006F006E000000000034003500310030002E0033002E0030002E003100300036003200000032000900010049006E007400650072006E0061006C004E0061006D0065000000460045005700460052004F004E005400000000007A002B0001004C006500670061006C0043006F007000790072006900670068000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B0020003300000023005402000000020000200334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010000000400F003000000000400F00300003F0000000000000004000100010000000000000000000000000000007E020000010053007400720069006E006700460069006C00650049006E0066006F0000005A02000001003000340030003900300034004500340000002E000700010043006F006D00700061006E0079004E0061006D00650000000000530041005000200041004700000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F00770073000000000036000B000100460069006C006500560065007200730069006F006E000000000034002E0030002E0030002E003100300030003800000000002C000600010049006E007400650072006E0061006C004E0061006D0065000000460052004F004E00540000005E001D0001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900390033002D0031003900390037002000530041005000200041004700000000002800000001004C006500670061006C0054007200610064000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B0020003300000023005402000000020000180334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010000000400DD03000000000400DD0300003F00000000000000040001000100000000000000000000000000000078020000010053007400720069006E006700460069006C00650049006E0066006F0000005402000001003000340030003900300034004500340000002E000700010043006F006D00700061006E0079004E0061006D00650000000000530041005000200041004700000000005A0019000100460069006C0065004400650073006300720069007000740069006F006E00000000005300410050002000460072006F006E00740065006E006400200066006F0072002000570069006E0064006F00770073000000000034000A000100460069006C006500560065007200730069006F006E000000000034002E0030002E0030002E0039003800390000002C000600010049006E007400650072006E0061006C004E0061006D0065000000460052004F004E00540000005E001D0001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900390033002D0031003900390037002000530041005000200041004700000000002800000001004C006500670061006C00540072006100640065006D000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B002000330000002300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Debugger REG_SZ C:\WINDOWS\system32\klomp.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
ApplicationGoo REG_BINARY 5802000054020000000200006C0734000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F000000000000000400040001000000000000000000000000000000CC060000010053007400720069006E006700460069006C00650049006E0066006F00000054030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005300650074007500700000009C003C0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000300000002000000530065007200760069006300650020005000610063006B002000340000002300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
ApplicationGoo REG_BINARY 580200005402000000020000440234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100010001000C000000010001000C00000000000000000000000400000001000000000000000000000000000000440000000000560061007200460069006C00650049006E0066006F00000000002400040000005400720061006E0073006C006100740069006F006E00000000000904B004A4010000010053007400720069006E006700460069006C00650049006E0066006F00000080010000010030003400300039003000340042003000000040002000010043006F006D00700061006E0079004E0061006D00650000000000440065004C006F0072006D00650020004D0061007000700069006E0067000000440022000100500072006F0064007500630074004E0061006D006500000000005200650067002000280044004C0069006200620079005C006D0073006600290000000000340014000100460069006C006500560065007200730069006F006E000000000031002E00300031002E0030003000310032000000380014000100500072006F006400750063007400560065007200730069006F006E00000031002E00300031002E003000300031003200000034001200010049006E007400650072006E0061006C004E0061006D00650000004D004E00470052004500470033003200000000000200000000000000010000004C0000003CFD0600040000000000000065050000020000000300000000000100530065007200760069006300650020005000610063006B002000330000002300

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
GlobalFlag REG_SZ 0x00200000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
GlobalFlag REG_SZ 0x00200000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
ApplicationGoo REG_BINARY 140200001002000000020000B40234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100350007000000000035000700000000003F00000000000000040000000100000000000000000000000000000012020000010053007400720069006E006700460069006C00650049006E0066006F000000EE010000010030003400300039003000340062003000000042001100010043006F006D00700061006E0079004E0061006D00650000000000500065006F0070006C00650053006F00660074002C00200049006E0063002E0000000000280000000100460069006C0065004400650073006300720069007000740069006F006E00000000002A0005000100460069006C006500560065007200730069006F006E000000000037002E0035003300000000009C003C0001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900380038002D0031003900390038002000500065006F0070006C00650053006F00660074002C00200049006E0063002E002000200041006C006C00200052006900670068007400730020005200650073006500720076006500640000003C000A0001004F0072006900670069006E0061006C00460069006C0065006E0061006D00650000007000730064006D0074002E001000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
ApplicationGoo REG_BINARY 000700005402000000020000840734000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F000000000000000400040001000000000000000000000000000000E4060000010053007400720069006E006700460069006C00650049006E0066006F00000060030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005300650074007500700000009E003D0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006B0020003300000024005402000000020000A40834000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F00000000000000040004000100000000000000000000000000000004080000010053007400720069006E006700460069006C00650049006E0066006F000000F0030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D0065000000530065007400750070000000A600410001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006B0020003300000024005402000000020000180434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100050005000700A807050005000700A8073F00000000000000040004000100000000000000000000000000000078030000010053007400720069006E006700460069006C00650049006E0066006F00000054030000010030003400300039003000340042003000000018000000010043006F006D006D0065006E007400730000004C001600010043006F006D00700061006E0079004E0061006D006500000000004D006900630072006F0073006F0066007400200043006F00720070006F0072006100740069006F006E000000680020000100460069006C0065004400650073006300720069007000740069006F006E00000000004D006900630072006F0073006F00660074002000450078006300680061006E00670065002000530065007200760065007200200053006500740075007000000036000B000100460069006C006500560065007200730069006F006E000000000035002E0035002E0031003900360030002E003700000000002C000600010049006E007400650072006E0061006C004E0061006D00650000005300650074007500700000009A003B0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020000200000000000000010000004C0000003CFD0600050000000000000065050000020000000000000000000000530065007200760069006300650020005000610063006B002000330000002400

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
ApplicationGoo REG_BINARY 140200001002000000020000040334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001001C0008000000000000000800000000003F00000000000000040000000100000000000000000000000000000064020000010053007400720069006E006700460069006C00650049006E0066006F00000040020000010030003400300039003000340062003000000044001200010043006F006D00700061006E0079004E0061006D0065000000000043006F00720065006C00200043006F00720070006F0072006100740069006F006E0000004E0013000100460069006C0065004400650073006300720069007000740069006F006E000000000043006F00720065006C002000530065007400750070002000570069007A00610072006400000000002C0006000100460069006C006500560065007200730069006F006E000000000038002E00300032003800000046001300010049006E007400650072006E0061006C004E0061006D006500000043006F00720065006C002000530065007400750070002000570069007A00610072006400000000006C00240001004C006500670061006C0043006F007000790072006900670068007400000043006F0070007900720069006700680074002000A900200031003900390037002C00200043006F00720065006C00200043006F00720070006F0072000800000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
ApplicationGoo REG_BINARY 140200001002000000020000380334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE0000010002000A0001000A0002000A0001000A000000000000000000040001000100000000000000000000000000000098020000010053007400720069006E006700460069006C00650049006E0066006F0000007402000001003000340030003900300034004500340000004A001500010043006F006D00700061006E0079004E0061006D00650000000000530079006D0061006E00740065006300200043006F00720070006F0072006100740069006F006E000000000060001C000100460069006C0065004400650073006300720069007000740069006F006E0000000000530079006D0061006E007400650063002000530079006D006500760065006E007400200049006E007300740061006C006C0065007200000034000A000100460069006C006500560065007200730069006F006E0000000000310030002E0032002E00310030002E003100000030000800010049006E007400650072006E0061006C004E0061006D006500000053004500560049004E005300540000007E002D0001004C006500670061006C0043006F007000790072006900670068007400000043006F00700079007200690067006800740020002800430029002000530079006D0061006E00740065006300200043006F0072000100000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
DisableHeapLookAside REG_SZ 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
CheckAppHelp REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
ApplicationGoo REG_BINARY 1402000010020000000200007C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000001000900260000000100090026003F000000000000000400000001000000000000000000000000000000DC020000010053007400720069006E006700460069006C00650049006E0066006F000000B8020000010030003400300039003000340062003000000066002700010043006F006D006D0065006E0074007300000042007500730069006E00650073007300200049006E00740065006C006C006900670065006E006300650020006F006E0020004500760065007200790020004400650073006B0074006F0070000000000048001400010043006F006D00700061006E0079004E0061006D0065000000000043006F0067006E006F007300200049006E0063006F00720070006F0072006100740065006400000060001C000100460069006C0065004400650073006300720069007000740069006F006E000000000043006F0067006E006F0073002000470065006E006500720069006300200049006E007300740061006C006C006100740069006F006E00000038000C000100460069006C006500560065007200730069006F006E000000000031002C00200030002C002000330038002C0020003900000030000800010049006E007400650072006E0061006C004E0061006D00650000000100000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger REG_SZ ntsd -d
GlobalFlag REG_SZ 0x000010F0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE
ApplicationGoo REG_BINARY 140200001002000000020000A40234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE00000100000001000100000000000100010000003F00000000000000010001000100000000000000000000000000000004020000010053007400720069006E006700460069006C00650049006E0066006F000000E0010000010030003400300039003000340045003400000020000000010043006F006D00700061006E0079004E0061006D00650000000000580018000100460069006C0065004400650073006300720069007000740069006F006E000000000049004E005300540041004C004C0020004D004600430020004100700070006C00690063006100740069006F006E000000300008000100460069006C006500560065007200730069006F006E000000000031002E0030002E00300030003100000030000800010049006E007400650072006E0061006C004E0061006D006500000049004E005300540041004C004C0000002400000001004C006500670061006C0043006F00700079007200690067006800740000002800000001004C006500670061006C00540072006100640065006D00610072006B0073000000000040000C0001004F0072006900670069006E0061006C00460069006C0065006E0061006D006500000049004E005300540041004C004C002E004500580045000000300008000800000000000000

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:36 AM

Posted 04 April 2009 - 06:32 AM

Please download from here:

http://download.bleepingcomputer.com/grinler/regs/debug.reg

and save it to your desktop.

Once saved, double-click on it and when it asks, allow it to merge the data.

Reboot and you should be able to access Internet Explorer again.

#11 p001

p001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 06 April 2009 - 01:43 PM

I executed the regedit file and IE is working fine now, Thanks for your help.

Just wanted to ask another question as you mentioned this in above post.

Do you want me to run DDS script to generate Pseudo HJT Report and post it ? (here? or another new thread?)

-------
We will then get started removing this infection, but you mostly likely have more infections so may want to follow the steps here after we get IE working:

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
----------

#12 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:36 AM

Posted 06 April 2009 - 01:49 PM

If you want an indepth analysis you will need to create a brand new thread using the above linked to guide. Then be patient as it may be a few days, up to a week, before someone can get to it. For the most part you are prob clean, but there may be some remnants that we want to remove.

#13 p001

p001
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 07 April 2009 - 12:29 AM

Got it. I will follow the instructions on that thread and post a new topic in appropriate forum.

Thanks again for the help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users