What's wrong with my ie?

W

Wayneous

New Member
Hi everyone

I found two things thats different when I used my comp today.

1. My main webpage has changed it self and no matter how I try to change it back to before under properties, it just won't change even after I click accept.

2. I kept on getting pop up errors saying something is wrong with my ie, need to close all windows.

What can I do to check it?

Thanks in advance.

Wayne
 
another thing

sorry, one other thing I am not sure if it relates to my problem.

Note pad opens up when I load to windows with this message:
"[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787"

note pad actually opens 2 of the same message.
 
It's possible that your pc has become infected with something malicious. My advice to start with would be to scan your pc with the software here, and see if anything gets picked up.

Regarding your second post, this Microsoft page will help you get rid of that problem. Method 2 sounds the more easy.

http://support.microsoft.com/kb/330132/EN-US/
 
After running all the instructions, my second problem does not occur, but I still can't not change my main web page no matter how many times I've tried to change it under properties.


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Associates.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
E:\wayne\Pop-Up Stopper\dpps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\svhost32.exe
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\system32\CNAB3RPK.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\command\rundll32.exe
C:\WINDOWS\1Sy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\PROGRA~1\Associates.exe,
O1 - Hosts: 59.34.148.98 www.hao123.com
O1 - Hosts: 59.34.148.98 www.4199.com
O1 - Hosts: 59.34.148.98 www.9505.com
O1 - Hosts: 59.34.148.98 www.7322.com
O1 - Hosts: 218.5.76.175 www.huoche.com.cn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "E:\wayne\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mx] C:\Program Files\Internet Explorer\svhost32.exe
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKLM\..\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssbupx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssbupx.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://wayneous.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
 
gonna use mozilla for a while..

might start using mozilla for a while..
whats browser hijack anyway.. can virus scanner fix it?
 
yes.. my msn kept on hanging for the past few days.. still doesn't run smoothly everytime when i open up ie. I've been using mozilla and it's been fine.. but still want to fix this problem!.. running a full scan now on adware.. see what happens.
 
how come adware can still recognize a few objects.. i thought it was killed? do they re-generate after i re-boot?
 
You have many infections including 'Trojans' and the reason for this is your not running antivirus software. I'm going to give you other programs to keep and run on a weekly basis. They are all freebies.

Download, install and update Antivir Personal Classic here http://www.avira.com/de/download/index.html

Download and install AVG Antispyware (Ewido) here http://www.ewido.net/en/ then set it up this way http://rstones12.geekstogo.com/ewidosetup.htm You will need this later in safe mode
Make sure to update this program.

Download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ You will need it later in safe mode.

Download, install and update 'A-squared' here http://www.emsisoft.com/en/software/free/

Download, install and update this excellent freebie- Superantispyware here http://www.superantispyware.com/download.html

Please download hoster from the link below.

http://www.funkytoad.com/download/hoster.zip

Unzip Hoster.zip

Open Hoster.exe.

Then click on "Restore Original Hosts"

Close program when complete.

Run ATF Cleaner
Under Main choose: Tick Select All
Click the Empty Selected button.

Reboot your computer in Safe Mode by doing the following.

After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;

Instead of Windows loading as normal, a menu with options should appear;

Select the first option, to run Windows in Safe Mode, then press "Enter".

Choose your usual account.

Very Important:
Make sure security programs like Ewido, A-squared and Superantispyware are disabled until needed.

From safemode, run HijackThis and put a check by the following entries if still present, close all open windows and browsers except HijackThis and click 'Fix Checked'

F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\PROGR A~1\Associates.exe,
O1 - Hosts: 59.34.148.98 www.hao123.com
O1 - Hosts: 59.34.148.98 www.4199.com
O1 - Hosts: 59.34.148.98 www.9505.com
O1 - Hosts: 59.34.148.98 www.7322.com
O1 - Hosts: 218.5.76.175 www.huoche.com.cn
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mx] C:\Program Files\Internet Explorer\svhost32.exe
O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe
O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKLM\..\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssbupx.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mssbupx.dll

Exit Hijack This but remain in safe mode.

Begin running your scans in this order.

Antivir
Ewido - make sure of the following settings.
Select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"

Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

A-squared
Superantispyware

Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Tick Select All
Click the Empty Selected button.

Reboot into normal windows, run ATF Cleaner again, empty the Recycle Bin and post a fresh 'HJT' log along with the Ewido scan log.
 
You must log in or register to reply here.
Back
Top