Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browsers will not open

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browsers will not open

Unread postby z147 » November 29th, 2011, 9:11 pm

When I attempt to open either Internet Explorer or Firefox the message "Internet Explorer (Firefox) has encountered a problem and needs to close." I cannot get to the Internet at all. The message also comes up when I try to open Internet Tools. Office programs and Outlook work fine. iTunes gets updates when opened. Additionally, many of the files on my Desktop are ghosted but I can access them.

I apprectiate any help that can be provided.

Thank you

z147 Andrew

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by AZ at 19:34:49 on 2011-11-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.895.462 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.searchqu.com/421
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
BHO: Loader Class: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\window~4\datamngr\BROWSE~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\window~4\datamngr\toolbar\searchqudtx.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AlcxMonitor] ALCXMNTR.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [DATAMNGR] c:\progra~1\window~4\datamngr\DATAMN~1.EXE
mRun: [HitmanPro35] "c:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DE038714-5CDA-49F1-A43C-B066D60146DF} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
AppInit_DLLs: c:\progra~1\window~4\datamngr\datamngr.dll c:\progra~1\window~4\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\az\application data\mozilla\firefox\profiles\yx8detvg.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ff ... mid=421&q=
FF - component: c:\program files\windows searchqu toolbar\datamngr\firefoxextension\components\DataMngrHlpFF3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl01e4a3ae;MpKsl01e4a3ae;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bd51f704-f942-4f76-80ba-245db7c6ca31}\MpKsl01e4a3ae.sys [2011-11-29 28752]
R4 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-11-29 23624]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-19 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-19 136176]
.
=============== Created Last 30 ================
.
2011-11-29 23:25:18 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-11-29 23:16:23 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-29 23:15:46 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-11-29 23:10:01 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bd51f704-f942-4f76-80ba-245db7c6ca31}\MpKsl01e4a3ae.sys
2011-11-29 23:09:58 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bd51f704-f942-4f76-80ba-245db7c6ca31}\offreg.dll
2011-11-29 22:39:12 -------- d-s---w- C:\zzz28210z
2011-11-28 14:05:41 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bd51f704-f942-4f76-80ba-245db7c6ca31}\mpengine.dll
2011-11-12 16:15:24 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-12 16:15:24 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-10-15 15:28:24 60 ----a-w- c:\windows\wpd99.drv
.
============= FINISH: 19:40:58.67 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/23/2010 7:57:28 PM
System Uptime: 11/29/2011 6:09:40 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. | | Salmon
Processor: AMD Athlon(tm) 64 Processor 3300+ | Socket 754 | 2411/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 128 GiB total, 61.305 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is CDROM ()
J: is FIXED (NTFS) - 932 GiB total, 101.911 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP270: 9/1/2011 12:23:52 PM - System Checkpoint
RP271: 9/2/2011 12:32:04 PM - System Checkpoint
RP272: 9/3/2011 1:14:03 PM - System Checkpoint
RP273: 9/4/2011 1:38:38 PM - System Checkpoint
RP274: 9/5/2011 1:58:47 PM - System Checkpoint
RP275: 9/6/2011 3:16:13 PM - System Checkpoint
RP276: 9/7/2011 3:23:59 PM - System Checkpoint
RP277: 9/8/2011 3:24:12 PM - System Checkpoint
RP278: 9/9/2011 3:39:11 PM - System Checkpoint
RP279: 9/10/2011 4:24:07 PM - System Checkpoint
RP280: 9/12/2011 10:33:19 AM - System Checkpoint
RP281: 9/13/2011 11:44:28 AM - System Checkpoint
RP282: 9/14/2011 1:09:06 PM - System Checkpoint
RP283: 9/15/2011 1:19:05 PM - System Checkpoint
RP284: 9/16/2011 3:52:14 PM - System Checkpoint
RP285: 9/18/2011 12:18:09 PM - System Checkpoint
RP286: 9/19/2011 12:36:11 PM - System Checkpoint
RP287: 9/20/2011 2:50:39 PM - System Checkpoint
RP288: 9/21/2011 3:10:44 PM - System Checkpoint
RP289: 9/22/2011 4:25:28 PM - System Checkpoint
RP290: 9/23/2011 5:00:37 PM - System Checkpoint
RP291: 9/24/2011 5:02:01 PM - System Checkpoint
RP292: 9/25/2011 6:00:51 PM - System Checkpoint
RP293: 9/26/2011 8:31:15 AM - Installed Windows Media Player 11
RP294: 9/26/2011 8:31:34 AM - Installed Windows XP Wudf01000.
RP295: 9/26/2011 8:33:06 AM - Installed Windows XP MSCompPackV1.
RP296: 9/27/2011 9:27:10 AM - System Checkpoint
RP297: 9/28/2011 10:27:09 AM - System Checkpoint
RP298: 9/29/2011 10:28:14 AM - System Checkpoint
RP299: 9/30/2011 10:40:14 AM - System Checkpoint
RP300: 10/1/2011 2:15:22 PM - System Checkpoint
RP301: 10/2/2011 3:13:13 PM - System Checkpoint
RP302: 10/3/2011 4:48:27 PM - System Checkpoint
RP303: 10/4/2011 4:52:27 PM - System Checkpoint
RP304: 10/5/2011 5:53:32 PM - System Checkpoint
RP305: 10/6/2011 5:56:11 PM - System Checkpoint
RP306: 10/9/2011 11:55:48 AM - System Checkpoint
RP307: 10/10/2011 12:26:24 PM - System Checkpoint
RP308: 10/11/2011 12:44:10 PM - System Checkpoint
RP309: 10/12/2011 1:19:40 PM - System Checkpoint
RP310: 10/13/2011 2:18:34 PM - System Checkpoint
RP311: 10/14/2011 2:42:39 PM - System Checkpoint
RP312: 10/15/2011 3:18:03 PM - System Checkpoint
RP313: 10/16/2011 3:19:49 PM - System Checkpoint
RP314: 10/17/2011 3:20:10 PM - System Checkpoint
RP315: 10/18/2011 4:19:49 PM - System Checkpoint
RP316: 10/19/2011 5:19:49 PM - System Checkpoint
RP317: 10/20/2011 6:08:55 PM - System Checkpoint
RP318: 10/21/2011 6:20:54 PM - System Checkpoint
RP319: 10/22/2011 6:43:31 PM - System Checkpoint
RP320: 10/23/2011 6:48:20 PM - System Checkpoint
RP321: 10/24/2011 7:46:22 PM - System Checkpoint
RP322: 10/25/2011 8:02:20 PM - System Checkpoint
RP323: 10/26/2011 8:50:44 PM - System Checkpoint
RP324: 10/27/2011 9:50:45 PM - System Checkpoint
RP325: 10/28/2011 10:50:43 PM - System Checkpoint
RP326: 10/29/2011 11:13:23 PM - System Checkpoint
RP327: 10/31/2011 12:13:24 AM - System Checkpoint
RP328: 11/1/2011 5:29:44 PM - System Checkpoint
RP329: 11/2/2011 5:56:04 PM - System Checkpoint
RP330: 11/3/2011 6:46:00 PM - System Checkpoint
RP331: 11/4/2011 7:03:32 PM - System Checkpoint
RP332: 11/5/2011 8:43:43 PM - System Checkpoint
RP333: 11/6/2011 8:01:31 PM - System Checkpoint
RP334: 11/7/2011 9:25:57 PM - System Checkpoint
RP335: 11/8/2011 10:15:54 PM - System Checkpoint
RP336: 11/9/2011 10:32:50 PM - System Checkpoint
RP337: 11/11/2011 9:52:28 PM - System Checkpoint
RP338: 11/12/2011 10:57:12 AM - Restore Operation
RP339: 11/12/2011 11:10:43 AM - Restore Operation
RP340: 11/13/2011 1:00:44 PM - System Checkpoint
RP341: 11/14/2011 2:39:32 PM - System Checkpoint
RP342: 11/15/2011 3:26:29 PM - System Checkpoint
RP343: 11/16/2011 4:26:30 PM - System Checkpoint
RP344: 11/17/2011 4:55:21 PM - System Checkpoint
RP345: 11/18/2011 6:07:41 PM - System Checkpoint
RP346: 11/28/2011 9:10:30 AM - System Checkpoint
RP347: 11/29/2011 10:00:14 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.0.1)
Agere Systems PCI Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Comcast Desktop Software (v1.2.0.9)
Compatibility Pack for the 2007 Office system
Desktop Doctor
Epson Event Manager
EPSON Scan
EPSON WorkForce 600 Series Printer Uninstall
EpsonNet Print
Free Easy Burner V 5.0
Google Chrome
Google Update Helper
Hitman Pro 3.5
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Malwarebytes' Anti-Malware version 1.51.0.1200
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.23)
Pdf995
QuickTime
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SiS VGA Utilities
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6f
WebFldrs XP
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Searchqu Toolbar
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/29/2011 9:00:14 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2739.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
11/29/2011 6:20:02 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2739.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
11/29/2011 5:54:49 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2739.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
11/29/2011 5:37:24 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2739.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
11/29/2011 5:20:39 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2739.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
11/29/2011 5:12:15 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips MpFilter Processor
11/29/2011 5:11:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/28/2011 9:05:15 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2100.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
.
==== End Of File ===========================
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm
Advertisement
Register to Remove

Re: Browsers will not open

Unread postby pgmigg » November 29th, 2011, 11:00 pm

Hello z147,

Welcome to the forum! :)

My name is pgmigg and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your log and will return, as soon as possible, with additional instructions. In the meantime...
Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 1st, 2011, 9:52 am

pgmigg,

Thank you. Is there any information you have a this time?

z147
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 1st, 2011, 11:54 am

Hello z147,

Thank you for your patience... :)

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before each of my instructions sets...

Step 0.
Create a New System Restore Point.

  1. Click Start, select All Programs -> Accessories -> System Tools, then press System Restore.
  2. At the Welcome screen select Create a restore point and then press Next.
  3. In the description box, type a name to describe this restore point.
      System Restore automatically adds (to your description) the current date and time.
  4. Click Create to finish creating this restore point.
  5. Click Close to exit System Restore.
Unless you use some other method to create system restore points, it is advisable to leave this feature ON and active.

If you have successfully created a System Restore Point, we can proceed.
STOP! If you have NOT successfully created a System Restore Point... STOP! do not go any further!
Please post back so we can determine why it was unsuccessful.

Step 1.
Add/Remove Programs
I need you to uninstall one program from your computer.
  1. Click Start -> Run.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. Click the OK. It takes a few seconds for the program list to be populated.
  4. Locate the following program:
    Windows Searchqu Toolbar
  5. Press the "Remove" or "Change/Remove" button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find the program from the list - it may not have an uninstall feature.
  6. When finished, close/exit Add/Remove Programs.

Step 2.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\ilivid]
    [-HKEY_CURRENT_USER\Software\searchqutoolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    
    :Files
    %APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml /S
    %APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar /S
    %APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} /S
    %APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
    %LOCALAPPDATA%\Ilivid Player /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm /S
    %TEMP%\BandooFiles
    %TEMP%\BandooV6.exe
    %TEMP%\SetupDataMngr_Searchqu.exe
    %TEMP%\SweetIMReinstall
    %TEMP%\SweetIMReinstall\SweetImSetup.exe
    %TEMP%\ilivid.7z
    %TEMP%\searchqu.ini
    %TEMP%\searchqutoolbar-manifest.xml
    %USERPROFILE%\AppData\LocalLow\searchquband
    %USERPROFILE%\AppData\LocalLow\searchqutoolbar
    %USERPROFILE%\Downloads\SweetImSetup.exe
    %USERPROFILE%\Downloads\iLividSetupV1.exe
    C:\Program Files\Windows iLivid Toolbar
    C:\Program Files\iLivid
    C:\Windows\Prefetch\ILIVID*
    C:\Windows\Prefetch\SEARCHQUMEDIABAR*
    C:\Windows\Prefetch\SETUPDATAMNGR*
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 3.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the OTL.txt log file
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 2nd, 2011, 11:38 am

Is there another way to set System Restore? The only thing that comes up under Start, select All Programs -> Accessories -> System Tools is "Internet Explorer ( No-Add-ons)".
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 3rd, 2011, 1:26 pm

Hello z147,

I have a few questions regarding Internet access:
  1. Could you access to Internet via one of browsers were installed on you computer - Internet Explorer, Mozila FireFox, and Google Chrome?
  2. Could you receive updates of any programs directly - without Internet browsers?
  3. Do you have another non-infected computer from where you can go to Internet?

You have Malwarebytes' Anti-Malware already installed on your computer. Please follow the next instructions if it is possible:

Malwarebytes' Anti-Malware Rerun
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab, then press the Check for Updates button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab and select FULL SCAN this time, then press the Scan button. This kind of scan will take a while, so please be patient!
    When the scan finishes...
  4. Check all items except any items (if present) in the C:\System Volume Information folder. Then click on Remove Selected.
  5. Let MBAM remove what it can... If there are files to be deleted on reboot, please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  6. Press the LOG tab and locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Please include in your next reply:
  1. Answers for my questions related to your Internet access.
  2. Do you have any problems executing the instructions?
  3. Contents of the most recent MBAM log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 3rd, 2011, 2:47 pm

Could you access to Internet via one of browsers were installed on you computer - Internet Explorer, Mozila FireFox, and Google Chrome? No

Could you receive updates of any programs directly - without Internet browsers? iTunes works and Malwarebytes did in fact update so I'll run it. Any time there is something that's executable it doesn't work
Do you have another non-infected computer from where you can go to Internet? Yes
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby z147 » December 3rd, 2011, 3:55 pm

A. Could you access to Internet via one of browsers were installed on your computer - Internet Explorer, Mozilla Firefox, and Google Chrome? No
Could you receive updates of any programs directly - without Internet browsers? iTunes works and Malwarebytes did in fact update. Do you have another non-infected computer from where you can go to Internet? Yes

B. I don't know about executables
C. MBAM log file below
D. Just that the IE error pops up and multiplies every couple of minutes. Also may of the files on my desktop are faded but accessible

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8298

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/3/2011 2:30:43 PM
mbam-log-2011-12-03 (14-30-43).txt

Scan type: Full scan (C:\|)
Objects scanned: 254555
Time elapsed: 38 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-1275210071-1604221776-839522115-1007\Dc1.exe (PSWTool.OphCrack) -> Quarantined and deleted successfully.
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 3rd, 2011, 6:10 pm

Hello z147,

If you have another computer - it is a good news and you will use it to download tools and then copy them via flash drive or CD/DVD to the infected PC.

I will get back to you as soon as possible, with additional instructions.

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby pgmigg » December 3rd, 2011, 8:30 pm

Hello z147,

Good job! Let continue our treatment...

Please go to the clean computer and download couple of tools.

OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

SystemLook - Download
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.

Please copy both of them via flash drive or CD/DVD to the infected PC and save them on the Desktop too. Then you need to try to run my instructions on infected computer:

Step 1.
Add/Remove Programs
I need you to uninstall one program from your computer.
  1. Click Start -> Run.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. Click the OK. It takes a few seconds for the program list to be populated.
  4. Locate the following program:
    Windows Searchqu Toolbar
  5. Press the "Remove" or "Change/Remove" button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find the program from the list - it may not have an uninstall feature.
  6. When finished, close/exit Add/Remove Programs.

Step 2.
OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"=-
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar]
    [-HKEY_CURRENT_USER\Software\DataMngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_CURRENT_USER\Software\ilivid]
    [-HKEY_CURRENT_USER\Software\searchqutoolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}]
    
    :Files
    %APPDATA%\Mozilla\Firefox\Profiles\SearchquWebSearch.xml /S
    %APPDATA%\Mozilla\Firefox\Profiles\searchqutoolbar /S
    %APPDATA%\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} /S
    %APPDATA%\Microsoft\Windows\Cookies\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt
    %APPDATA%\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt
    %LOCALAPPDATA%\Ilivid Player /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe /S
    %LOCALAppData%\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm /S
    %TEMP%\BandooFiles
    %TEMP%\BandooV6.exe
    %TEMP%\SetupDataMngr_Searchqu.exe
    %TEMP%\SweetIMReinstall
    %TEMP%\SweetIMReinstall\SweetImSetup.exe
    %TEMP%\ilivid.7z
    %TEMP%\searchqu.ini
    %TEMP%\searchqutoolbar-manifest.xml
    %USERPROFILE%\AppData\LocalLow\searchquband
    %USERPROFILE%\AppData\LocalLow\searchqutoolbar
    %USERPROFILE%\Downloads\SweetImSetup.exe
    %USERPROFILE%\Downloads\iLividSetupV1.exe
    C:\Program Files\Windows iLivid Toolbar
    C:\Program Files\iLivid
    C:\Windows\Prefetch\ILIVID*
    C:\Windows\Prefetch\SEARCHQUMEDIABAR*
    C:\Windows\Prefetch\SETUPDATAMNGR*
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 3.
SystemLook
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries into SystemLook's main text entry window:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the OTL.txt log file
  3. Contents of the SystemLook.txt log file
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 4th, 2011, 4:02 pm

A. No probelms executing the instructions
B. OTL.txt file below
C. SystemLook.txt file below
D. I can now access the Internet. No error messages at all

Can you tell me what the problem was? Any recommendations for security?
Thank you very muc.

All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ not found.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ not found.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
========== FILES ==========
File/Folder C:\Documents and Settings\AZ\Application Data\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Documents and Settings\AZ\Application Data\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
Invalid Environment Variable: LOCALAPPDATA
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
Invalid Environment Variable: LOCALAppData
File/Folder C:\DOCUME~1\AZ\LOCALS~1\Temp\BandooFiles not found.
File/Folder C:\DOCUME~1\AZ\LOCALS~1\Temp\BandooV6.exe not found.
File/Folder C:\DOCUME~1\AZ\LOCALS~1\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\DOCUME~1\AZ\LOCALS~1\Temp\SweetIMReinstall not found.
File/Folder C:\DOCUME~1\AZ\LOCALS~1\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\DOCUME~1\AZ\LOCALS~1\Temp\ilivid.7z not found.
File/Folder C:\DOCUME~1\AZ\LOCALS~1\Temp\searchqu.ini not found.
C:\DOCUME~1\AZ\LOCALS~1\Temp\searchqutoolbar-manifest.xml moved successfully.
File/Folder C:\Documents and Settings\AZ\AppData\LocalLow\searchquband not found.
File/Folder C:\Documents and Settings\AZ\AppData\LocalLow\searchqutoolbar not found.
File/Folder C:\Documents and Settings\AZ\Downloads\SweetImSetup.exe not found.
File/Folder C:\Documents and Settings\AZ\Downloads\iLividSetupV1.exe not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\AZ\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\AZ\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator.ANDREW-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Andrew

User: AZ
->Temp folder emptied: 206397625 bytes
->Temporary Internet Files folder emptied: 68051496 bytes
->Java cache emptied: 14909582 bytes
->FireFox cache emptied: 1437393 bytes
->Flash cache emptied: 3642 bytes

User: BZ
->Temp folder emptied: 6833255 bytes
->Temporary Internet Files folder emptied: 1630847 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35964925 bytes
->Flash cache emptied: 1060 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 6721494 bytes
->Temporary Internet Files folder emptied: 934235 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2726300 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14519 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 255296587 bytes

Total Files Cleaned = 573.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: Administrator.ANDREW-PC
->Flash cache emptied: 0 bytes

User: All Users

User: Andrew

User: AZ
->Flash cache emptied: 0 bytes

User: BZ
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 12042011_143259

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


SystemLook 30.07.11 by jpshortstuff
Log created at 14:49 on 04/12/2011 by AZ
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\Documents and Settings\AZ\Cookies\az@searchqu[1].txt --a---- 579 bytes [22:36 29/11/2011] [22:36 29/11/2011] FAF6FFAF4299741117CE35AE1A8F4D4B
C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-0A4036A9.pf --a---- 46086 bytes [19:27 04/12/2011] [19:27 04/12/2011] DC7AF17B4447BE9E99FE66201F10264E
C:\_OTL\MovedFiles\12042011_143259\C_DOCUME~1\AZ\LOCALS~1\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [06:34 12/07/2011] [06:34 12/07/2011] BDD9BB687211DB7604A64BCA36531350

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Documents and Settings\AZ\Application Data\searchquband d------ [21:08 02/08/2011]
C:\Documents and Settings\BZ\Application Data\searchquband d------ [21:32 12/09/2011]
C:\Documents and Settings\BZ\Application Data\searchqutoolbar d------ [21:32 12/09/2011]

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Documents and Settings\AZ\AppData\LocalLow\DataMngr d------ [21:08 02/08/2011]
C:\Documents and Settings\BZ\AppData\LocalLow\DataMngr d------ [21:32 12/09/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=421&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=421&qu={searchTerms}&ft=json"
[HKEY_USERS\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=0&systemid=421&qu={searchTerms}&ft=json"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"="Data Manager"
[HKEY_USERS\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"="Data Manager"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby z147 » December 5th, 2011, 9:07 am

I spoke too soon. There is a pop up that states the Firefox is infected with W32/Blaster.worm and won't open. IE opens for second and then shuts down. Last night I received a message "tfswctrl.exe cannot start. File tfswctrl.exe is infected by W32/Blaster.worm please activate Privacy Protection.

Can you help? Do I need to start of new post?

z147
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 6th, 2011, 11:44 am

Hello z147,
D. I can now access the Internet. No error messages at all

Good job, but... ;) !
I spoke too soon. There is a pop up that states the Firefox is infected with W32/Blaster.worm and won't open.

We are not finished yet and you still have some infections. Let continue our treatment...
Any recommendations for security?

Definitely I will give you recommendations for security to have possibility to keep your computer clean as long as possible but it will be done when you receive 'All Clean' from me...

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before each of my instructions sets...
If you are not sure whether the System Restore feature is turned on and active, let's check, before we go any further.

Step 0.
Turn ON System Restore

If you know System Restore is ON and active, proceed to "Create a New System Restore Point." Otherwise...
  1. Click Start, then right-click My Computer, then click Properties from the menu.
  2. In the System Properties dialog box, click the System Restore tab.
  3. Uncheck the Turn off System Restore check box, if checked.
  4. Click OK. After a few moments, the System Properties dialog box closes.
Note: If the System Restore function was NOT active by turning it ON, a restore point was automatically created.

Create a System Restore Point - Using VBS script
!! You must have Administrative privileges to use this method. !!
Before we make changes to your registry, we need to create a back up, in case we need to restore the registry.
The file created in this step can be used any time you want to make a new System Restore point.
  1. Copy the contents of the Code Box below to Notepad.
    Code: Select all
    Set IRP = getobject("winmgmts:\\.\root\default:Systemrestore")
    MYRP = IRP.createrestorepoint ("My Restore Point", 0, 100)
  2. From the top Notepad menu... select "Save As"
  3. Name the file restore.vbs
  4. Change the "Save as Type" to All Files
  5. Save it to your desktop.
  6. Double-click the restore.vbs file
A new restore point will be created called ... "My Restore Point"... accessible from the normal System Restore process.
:stop: If you did not successfully complete this step. :stop: Do not continue with any fix steps, post back and let me know!

Step 1.
Malwarebytes' Anti-Malware Rerun
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab, then press the Check for Updates button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab and select FULL SCAN this time, then press the Scan button. This kind of scan will take a while, so please be patient!
    When the scan finishes...
  4. Check all items except any items (if present) in the C:\System Volume Information folder. Then click on Remove Selected.
  5. Let MBAM remove what it can... If there are files to be deleted on reboot, please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  6. Press the LOG tab and locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.


Step 2.
OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_USERS\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"=-
    [HKEY_USERS\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"=-
    
    :Files
    C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-0A4036A9.pf
    C:\Documents and Settings\AZ\Cookies\az@searchqu[1].txt
    C:\Documents and Settings\AZ\Application Data\searchquband
    C:\Documents and Settings\BZ\Application Data\searchquband
    C:\Documents and Settings\BZ\Application Data\searchqutoolbar
    C:\Documents and Settings\AZ\AppData\LocalLow\DataMngr
    C:\Documents and Settings\BZ\AppData\LocalLow\DataMngr
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINTS]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [REBOOT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). Please rename it by "File -> Safe As..." to OTL-fix.txt. The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 3.
SystemLook
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *Searchqu*
    *datamngr*
    
    :folderfind
    *Searchqu*
    *datamngr*
    
    :Regfind
    Searchqu
    datamngr
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 4.
OTL Standard Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the most recent MBAM log file
  3. Contents of OTL-fix.txt log file created after OTL Fix Script run
  4. Contents of SystemLook.txt log file
  5. Contents of OTL.txt log file created after after OTL Standard scan
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Browsers will not open

Unread postby z147 » December 6th, 2011, 12:12 pm

VBS script won't open or do anything.
z147
z147
Regular Member
 
Posts: 47
Joined: July 2nd, 2011, 12:13 pm

Re: Browsers will not open

Unread postby pgmigg » December 6th, 2011, 1:03 pm

Hello z147,
VBS script won't open or do anything.

Don't worry! It is possible and we will resolve it in the other way...

For safety reason (to have a good registry to restore if needed), I will ask you download and run ERUNT to create complete registry backup ...

Step 0.
ERUNT - Emergency Recovery Utility NT - program
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Download and Install:
  1. Please download ERUNT by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings: say NO to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.
  4. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  6. Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.
  7. Click on OK, then click on YES to create the folder.

Run to make a full backup:
This will create a full backup of your registry. ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start -> All Programs -> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on OK at the prompt, then reply Yes.
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on OK. A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 1.
Malwarebytes' Anti-Malware Rerun
  1. Please start MBAM (Malwarebytes' Anti-Malware) again.
    You must be connected to the Internet to obtain any updates.
  2. Press the Update tab, then press the Check for Updates button. <<---Important!
    Once any updates are installed or you get the message that you are up-to-date
  3. Press the Scanner tab and select FULL SCAN this time, then press the Scan button. This kind of scan will take a while, so please be patient!
    When the scan finishes...
  4. Check all items except any items (if present) in the C:\System Volume Information folder. Then click on Remove Selected.
  5. Let MBAM remove what it can... If there are files to be deleted on reboot, please reboot the machine so MBAM can finish the removal.
    If you rebooted, then you'll need to start MBAM again.
  6. Press the LOG tab and locate the most current log file.
    Please copy and paste the most recent log (from this new run) in your next reply.

Step 2.
OTL - Run Fix Script
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [-HKEY_USERS\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"=-
    [HKEY_USERS\S-1-5-21-1275210071-1604221776-839522115-1007\Software\Microsoft\Windows\ShellNoRoam\MUICache]
    "C:\PROGRA~1\WINDOW~4\Datamngr\DATAMN~1.EXE"=-
    
    :Files
    C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-0A4036A9.pf
    C:\Documents and Settings\AZ\Cookies\az@searchqu[1].txt
    C:\Documents and Settings\AZ\Application Data\searchquband
    C:\Documents and Settings\BZ\Application Data\searchquband
    C:\Documents and Settings\BZ\Application Data\searchqutoolbar
    C:\Documents and Settings\AZ\AppData\LocalLow\DataMngr
    C:\Documents and Settings\BZ\AppData\LocalLow\DataMngr
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINTS]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [REBOOT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). Please rename it by "File -> Safe As..." to OTL-fix.txt. The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 3.
SystemLook
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *Searchqu*
    *datamngr*
    
    :folderfind
    *Searchqu*
    *datamngr*
    
    :Regfind
    Searchqu
    datamngr
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Step 4.
OTL Standard Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the most recent MBAM log file
  3. Contents of OTL-fix.txt log file created after OTL Fix Script run
  4. Contents of SystemLook.txt log file
  5. Contents of OTL.txt log file created after after OTL Standard scan
  6. Do you see any changes in computer behavior?

Thanks,
pgmigg
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3181
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware