Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE7 Homepage changes on its own to "http:///"


  • This topic is locked This topic is locked
26 replies to this topic

#1 ghostron

ghostron

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 28 March 2009 - 10:05 PM

Hello! As mentioned in the topic title, my main problem is that the internet explorer 7 homepage keeps getting reset back to http:/// despite me changing it back to google.com.sg via the tools>internetoptions method. I've reinstalled ie7 and restored my computer to a previous date, both methods dont work :X

I'm not very sure how this problem came about, I've scanned the computer (windows xp) with AVG 8.5 and it did not detect anything.

Anyone can help? Thanks in advance!

Edited by ghostron, 29 March 2009 - 12:30 AM.


BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2009 - 11:26 AM

Hi,

Welcome here. :thumbsup:
Let's take a look.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 ghostron

ghostron
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 29 March 2009 - 12:55 PM

Hi superbird! Thanks for the reply >< Here's the malwarebytes log, and there's a change (i'm sorry!)- I've updated my IE to ie8 though the problem still exists in the new version :S


Malwarebytes' Anti-Malware 1.35
Database version: 1913
Windows 5.1.2600 Service Pack 2

29/03/2009 12:15:29
mbam-log-2009-03-29 (12-15-29).txt

Scan type: Quick Scan
Objects scanned: 88738
Time elapsed: 15 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 29 March 2009 - 12:57 PM

Hi,

No worries, the update is all right. :thumbsup:

Please do a new, full scan with MBAM, and post that logfile in your next reply.

Also do this:

Do part 1 of 2 of S!Ri's SmitfraudFix
Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

#5 ghostron

ghostron
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 30 March 2009 - 08:32 AM

Malwarebytes' Anti-Malware 1.35
Database version: 1913
Windows 5.1.2600 Service Pack 2

30/03/2009 23:02:24
mbam-log-2009-03-30 (23-02-24).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 185279
Time elapsed: 1 hour(s), 28 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




SmitFraudFix v2.405

Scan done at 21:25:20.35, 30/03/2009
Run from C:\Documents and Settings\User\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\SingTel\McciTrayApp.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\FinePixViewerS\QuickDCF2.exe
C:\Program Files\Tudou\Ě╔╦┘Tudou\TudouVa.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ hosts


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\Web


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\WINDOWS\system32\LogFiles


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\User


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\DOCUME~1\User\LOCALS~1\Temp


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Documents and Settings\User\Application Data


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Start Menu


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\DOCUME~1\User\FAVORI~1


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ C:\Program Files


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Corrupted keys


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,C:\\WINDOWS\\system32\\wscript.exe C:\\WINDOWS\\system32\\NoeNoeJetma.vbs"
"System"=""


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ RK



╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ DNS

Description: Intel« PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FE9740B4-D26C-4131-8303-3A72BC5C8901}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FE9740B4-D26C-4131-8303-3A72BC5C8901}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FE9740B4-D26C-4131-8303-3A72BC5C8901}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ Scanning for wininet.dll infection


╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗╗ End

Edited by ghostron, 30 March 2009 - 10:17 AM.


#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 March 2009 - 10:40 AM

Hi,

Go to Virustotal.com
Upload the following file by copy/paste the following (so dp not use "Browse"!)): C:\WINDOWS\system32\wscript.exe
Wait untill the results appear, and post them in your next reply. :thumbsup:

Do this also with this file: C:\WINDOWS\system32\NoeNoeJetma.vbs

#7 ghostron

ghostron
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 30 March 2009 - 11:50 AM

Hi superbird! I couldnt copypaste the address so I had to use the browse method >< The form doesnt seem to allow typing either :S Not sure how to upload NoeNoeJetma.vbs for that reason too

For wscript:

MD5: 3adce7346e279c8e7adec5f2428385c6
First received: 03.03.2009 00:30:08 (CET)
Date: 03.28.2009 08:29:25 (CET) [>2D]
Results: 1/39
Permalink: analisis/9ee206587e02c82750046651f879a907


File wscript.exe received on 03.28.2009 08:28:40 (CET)Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.28 -
AhnLab-V3 5.0.0.2 2009.03.27 -
AntiVir 7.9.0.129 2009.03.27 -
Antiy-AVL 2.0.3.1 2009.03.28 -
Authentium 5.1.2.4 2009.03.27 -
Avast 4.8.1335.0 2009.03.27 -
AVG 8.5.0.285 2009.03.27 -
BitDefender 7.2 2009.03.28 -
CAT-QuickHeal 10.00 2009.03.28 -
ClamAV 0.94.1 2009.03.28 -
Comodo 1086 2009.03.27 -
DrWeb 4.44.0.09170 2009.03.28 -
eSafe 7.0.17.0 2009.03.27 Win32.Banker
eTrust-Vet 31.6.6421 2009.03.27 -
F-Prot 4.4.4.56 2009.03.27 -
F-Secure 8.0.14470.0 2009.03.28 -
Fortinet 3.117.0.0 2009.03.27 -
GData 19 2009.03.28 -
Ikarus T3.1.1.48.0 2009.03.28 -
K7AntiVirus 7.10.683 2009.03.27 -
Kaspersky 7.0.0.125 2009.03.28 -
McAfee 5566 2009.03.27 -
McAfee+Artemis 5566 2009.03.27 -
McAfee-GW-Edition 6.7.6 2009.03.28 -
Microsoft 1.4502 2009.03.27 -
NOD32 3971 2009.03.28 -
Norman 6.00.06 2009.03.27 -
nProtect 2009.1.8.0 2009.03.28 -
Panda 10.0.0.10 2009.03.27 -
PCTools 4.4.2.0 2009.03.27 -
Prevx1 V2 2009.03.28 -
Rising 21.22.51.00 2009.03.28 -
Sophos 4.40.0 2009.03.28 -
Sunbelt 3.2.1858.2 2009.03.28 -
Symantec 1.4.4.12 2009.03.28 -
TheHacker 6.3.3.8.294 2009.03.28 -
TrendMicro 8.700.0.1004 2009.03.28 -
VBA32 3.12.10.1 2009.03.27 -
ViRobot 2009.3.27.1666 2009.03.27 -

Additional information
File size: 114688 bytes
MD5...: 3adce7346e279c8e7adec5f2428385c6
SHA1..: 583e9ef25cc093a75c21549a9d7346bc66c61c05
SHA256: 3c76323f3eccb83fa155561cd88f4c73e72af51cf27e943f8f65270669e7975d
SHA512: ba4bedf997f3babd615859f61d06513340757c8c691257afed1f24bc050081f6<BR>182a3b7cf6504430e78cfbe28242f79d9b9175fd4025e24d15033ca2fbb5d1c1
ssdeep: 1536:q4l//ddoIoWQ4kFnV2Op7ZVmPOKK4LZZAnyARcKItw0DJyICF46Oiq/WcD+<BR>Y:1ox46Vdp9V4LZZAyARl0DJyIu4liPc<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x3c23<BR>timedatestamp.....: 0x41107bc1 (Wed Aug 04 06:01:37 2004)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0xf5f8 0x10000 6.31 5deb8f0611d61869d30a5b038f8444b8<BR>.data 0x11000 0x1e0 0x1000 0.35 3919bc3fa940016dc307027f0688a358<BR>.rsrc 0x12000 0x9358 0xa000 4.00 9f6278342f8d96e90bf2d99b505ced91<BR><BR>( 8 imports ) <BR>&gt; msvcrt.dll: _vsnprintf, _beginthread, __2@YAPAXI@Z, _endthread, sprintf, _except_handler3, wcsrchr, _itow, _ftol, free, malloc, __3@YAXPAX@Z<BR>&gt; ADVAPI32.dll: RegOpenKeyExA, RegSetValueExA, RegQueryValueExW, RegQueryValueExA, RegCreateKeyExW, RegCreateKeyExA, RegOpenKeyExW, RegCreateKeyA, RegCloseKey, RegSetValueA, RegOpenKeyA, RegQueryValueA, RegDeleteKeyA, ImpersonateLoggedOnUser, RegisterEventSourceW, GetUserNameW, LookupAccountNameW, ReportEventW, DeregisterEventSource, IsTextUnicode, RegSetValueExW<BR>&gt; KERNEL32.dll: GetStartupInfoA, WideCharToMultiByte, MultiByteToWideChar, GetModuleFileNameA, GetCommandLineA, lstrlenW, GetCommandLineW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetPrivateProfileIntA, GetPrivateProfileStringW, GetPrivateProfileStringA, GetFullPathNameW, GetFullPathNameA, GetModuleHandleA, lstrlenA, lstrcpyA, HeapReAlloc, HeapAlloc, GetProcessHeap, HeapFree, GetStdHandle, GetFileType, FreeLibrary, GetSystemDirectoryA, GetTempPathA, GetTempFileNameA, CreateFileA, WriteFile, FlushFileBuffers, GetUserDefaultLCID, GetCPInfo, GetFileAttributesW, FindFirstFileW, GetFileAttributesA, FindFirstFileA, FindClose, GetLastError, ExitProcess, GetACP, CreateEventA, CreateThread, CloseHandle, SetEvent, InterlockedDecrement, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InterlockedIncrement, GetCurrentThreadId, GetVersionExA, GetPrivateProfileIntW, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetFileSize, CreateFileW, GetLocaleInfoA, GetModuleFileNameW, LoadLibraryA, LocalFree, FormatMessageA, LocalAlloc, FormatMessageW, GetProcAddress<BR>&gt; USER32.dll: SetWindowLongA, GetWindowLongA, CreateWindowExA, RegisterClassA, GetClassInfoA, CharNextA, LoadStringA, LoadStringW, SetTimer, GetMessageA, DispatchMessageA, GetActiveWindow, MessageBoxW, PostThreadMessageA, DefWindowProcA, PostQuitMessage, KillTimer, EnumThreadWindows, IsWindowVisible, PostMessageA, wsprintfA, wsprintfW, GetParent, TranslateMessage, PeekMessageA, MsgWaitForMultipleObjects, SendMessageA<BR>&gt; OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -<BR>&gt; ole32.dll: CoGetMalloc, StringFromCLSID, CoRegisterClassObject, CoRevokeClassObject, CoCreateInstance, CoInitialize, CoUninitialize, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CreateBindCtx, CreateFileMoniker, CoInitializeSecurity, CoRegisterMessageFilter, CLSIDFromString, CLSIDFromProgID, MkParseDisplayName, CoGetClassObject<BR>&gt; VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA<BR>&gt; IMM32.dll: ImmGetDefaultIMEWnd<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR><BR>( Microsoft )<BR><BR>&gt; MSDN Disc 2428.5: wscript.exe<BR>&gt; MSDN Disc 2428.4: wscript.exe<BR>&gt; MSDN Disc 2428.8: wscript.exe<BR>&gt; Operating System Reinstallation CD Microsoft Windows XP Professional Service Pack 2: wscript.exe<BR>&gt; Virtual PC for Mac Windows XP Professional Edition: wscript.exe<BR>&gt; Virtual PC for Mac Windows XP Home Edition: wscript.exe<BR><BR>( Gateway )<BR><BR>&gt; Gateway Operating System Windows XP Pro Edition SP2: wscript.exe<BR><BR>
ThreatExpert info: <A href="http://www.threatexpert.com/report.aspx?md5=3adce7346e279c8e7adec5f2428385c6" target=_blank>http://www.threatexpert.com/report.aspx?md5=3adce7346e279c8e7adec5f2428385c6</A>

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 30 March 2009 - 11:56 AM

Hi,

Can't you see NoeNoeJetma.vbs on your computer? Maybe it's hidden.

#9 ghostron

ghostron
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 31 March 2009 - 06:48 AM

Nope I cant find it >< Not hidden either, what is that file supposed to do? Is it an important file?

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 March 2009 - 07:05 AM

Hi,

I first thaught it was malware. But it doesn't look like malware.
Which problems do you still have?

#11 ghostron

ghostron
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 31 March 2009 - 07:48 AM

Problems regarding the computer? Shouldnt be any other problems I guess (hopefully), other than this irritating http:/// one.

#12 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 March 2009 - 07:56 AM

Hi,

Ok, let's try this:

We need to repair some of windows' internal registration settings
  • Please download Dial-A-Fix from one of the following mirrors:
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix


#13 ghostron

ghostron
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 31 March 2009 - 09:32 AM

Hi superbird!

There were quite a few errors that occured-
1) Even before the main window of Dial-A-Fix appeared, there was a msg "Dial-A-Fix was unable to determine your version of Internet Explorer. Certain DLL registrations will be skipped."

2) "Error 127: C:\WINDOWS\system32\*.dll is not registerable or the file is corrupt. Your version of *.dll is 8.00.6001.18702...." [PIC]

* -- iesetup.dll, inseng.dll, mshtml.dll, msrating.dll, occache.dll, pngfilt.dll, webcheck.dll, imgutil.dll

Could it be cos of the IE update?

#14 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 31 March 2009 - 09:46 AM

Yes. Do you still have the problem?

#15 ghostron

ghostron
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 31 March 2009 - 10:52 AM

Hey superbird! Now my IE's dead after attempting to reinstall it )))): I kinda went through the add/remove windows component part. It closes itself immediately even before anything on the page loads >< The (new) problem isnt solved even after I did a system restore ): Oh and I cant even open Internet Options from Control Panel. *dies*

Edited by ghostron, 31 March 2009 - 11:07 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users