etavares Posted December 3, 2012 Posted December 3, 2012 Launch services.msc via the run box as before. Do you see Event Log in there? Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
etavares Posted December 4, 2012 Posted December 4, 2012 Do you have your Windows installation CD handy? Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
etavares Posted December 5, 2012 Posted December 5, 2012 OK, new approach. Download ESETSirefefremover and save it to your desktop. Double-click to run it. Follow the prompts and reboot when asked. Download ServicesRepair from ESET. Save it to your desktop. Double-click to run it. Restart when asked. THen, go to services.msc and let me know if Event Log is listed. Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Thridchild Posted December 5, 2012 Author Posted December 5, 2012 Hi etavares Downloaded ESETSirefefremover and ran it came up with an error message Win32\Sirefef has NOT been found on your system Quote
Thridchild Posted December 5, 2012 Author Posted December 5, 2012 Hi etavares Have run ServicesRepair okay and good news is that Event Log is now listed Quote
Thridchild Posted December 5, 2012 Author Posted December 5, 2012 Hey hey WINDOWS SECURITY CENTER IS UP AND RUNNING!!! Quote
etavares Posted December 5, 2012 Posted December 5, 2012 Great! I wish I remembered that ESET had that sooner. :) Please run an FSS Log and also launch OTL, press quick scan, and post the resulting log. Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Thridchild Posted December 5, 2012 Author Posted December 5, 2012 Hi etavares great work Have attached logs as reqd. p.s still have problems with search providerFSS.txtOTL.Txt Quote
etavares Posted December 6, 2012 Posted December 6, 2012 Hello, Thridchild. We'll fix the search provider once we verify you're clean. It looks like you have ESET and MSE installed? I missed MSE when I instructed you to install ESET, than tried to catch you before you installed it, but it appears you were too fast. You can uninstall ESET OR MSE, your choice. Uninstalling an antivirus can be a bit more complicated than a normal program. You usually have to run a removal tool to fully clean it up. ESET: http://kb.eset.com/esetkb/index?page=content&id=SOLN2788 MSE: You can just uninstall it via add/remove programs Step 1 We need to turn on Windows firewall. Click Start --> Run, type firewall.cpl, and then click OK. On the General tab, click On (recommended). Click OK. Step 2 We need run an OTL ScriptPlease download OTL from one of the following mirrors if you do not still have it. This is first Mirror This is the second mirror [*]Save it to your desktop. [*]Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop. [*]Paste the following code under the Custom Scans/Fixes box at the bottom. :OTL SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found DRV - (catchme) -- C:\DOCUME~1\shaun\LOCALS~1\Temp\catchme.sys File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com File not found [*]Click the Run Fix button at the top. [*]let the program run unhindered and reboot when it is done. [*]You will get a log when it is done, please post that in your reply. [*]Please then create a new OTL report.... [*]Click the "Scan All Users" checkbox. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button. [*]A report will open, copy and paste it in a reply here. Step 3 Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 alternate download link 2 MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes. Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen: Click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system. Exit MBAM when done. Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. Step 4 I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Push the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Thridchild Posted December 6, 2012 Author Posted December 6, 2012 Hi etavares have done as requested Eset Scanner found a Java threatOTL.Txtesetscan.txtmbam-log-2012-12-06 (14-46-01).txt Quote
etavares Posted December 7, 2012 Posted December 7, 2012 Hello, Thridchild. Nothing major there, but we do need to update Java and Adobe Reader to protect you. Step 1 Next, we need to update Java. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) 7 Update 9 32-bit version. Note that if you have 64-bit windows, the default is to use a 32-bit browser. If you modified your IE to use the 64-bit version, make sure to also download the 64-bit version. Save it to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version(s) shown below: Java 6 Update 21 J2SE Runtime Environment 5.0 Update 9 Reboot your computer once all Java components are removed. Then from your desktop double-click on the java file you downloaded to install the newest version. If you downloaded the 64-bit version, make sure to install that as well. Step 2 You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features. First, uninstall earlier versions of Adobe Reader. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader. Check (highlight) any item with Adobe Reader in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Adobe Reader version. Please download the latest version from: http://get.adobe.com/reader/download/ And install it. Once installed, launch it, select Help --> Check for Updates and install any updates. You may also try the free Foxit PDF reader if you prefer: http://www.foxitsoftware.com/pdf/reader/ Step 3 Let's try the standard approach again given we've fixed your machine since we last tried to do this. Launch Internet Explorer Click the arrow to the right of the search box by the magnifying glass Click Find More Providers Click the search(es) you want to add. Select the Make this my default search provider for the one you want as default. You can check use search suggestions from provider if you'd like. Click Add. etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Thridchild Posted December 7, 2012 Author Posted December 7, 2012 Hi etavares Have installed lastest Java/Adobe. Still having problems with search provider. When I click on arrow nothing happens also when I try via manage addons nothing happens there as well Quote
etavares Posted December 8, 2012 Posted December 8, 2012 OK, let's reset Internet Explorer. Launch Internet Explorer and then click Tools --> Internet Options Click the Advanced tab. Click Reset UNcheck the Delete Personal Settings checkbox Click Reset. When done, click OK then close IE. Re-launch IE and try to set the default search provider. Let me know how that goes. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
etavares Posted December 9, 2012 Posted December 9, 2012 Where exactly is it failing when you try to add a new search provider? Do you not have the option to do so? Is the list just not populated? Or is it when you try to make one the default? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Thridchild Posted December 9, 2012 Author Posted December 9, 2012 Hi etavares When I open internet explorer the manage addons page appears with no default searchprovider. When I try to add one just get "error on page" bottom left. If i try to search on top right corner next to magify glass nothing happens Quote
RandyL Posted December 10, 2012 Posted December 10, 2012 Please wait for etaveres before doing anything. I'm just adding information. etavares I'm assuming this is IE8 since it is XP and he has the search bar. Even if there is no populated list when clicking the down arrow in the search bar there should still be the other options such as Find on this page... Find more providers... and Manage search providers. When I open internet explorer the manage addons page appears with no default searchprovider. When I try to add one just get "error on page" bottom left I assume this means there are no search providers not just no default search provider. I also assume when he says add one he means he clicked on Find more search providers which should bring up this page. http://www.iegallery.com/en-us/addons?callback=true&featuretype=2 (region specific) which produces no page or a blank page. He didn't say. Of course he might have meant when he clicked on a search provider on that page he got the the error. Unclear. I would have thought the IE reset would have done it but he may need to check the Delete Personal Settings checkbox. With a complete reset the original search options should be there. Or maybe try IE without addons option. Here are some pics. .[ATTACH=CONFIG]915.vB5-legacyid=1787[/ATTACH] [ATTACH=CONFIG]916.vB5-legacyid=1788[/ATTACH] [ATTACH=CONFIG]917.vB5-legacyid=1789[/ATTACH] Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
etavares Posted December 10, 2012 Posted December 10, 2012 Hi, Thanks RandyL. A normal reset should have reset the search providers. But, let's get more aggressive. Before we reset IE's personal settings, let's try it with no add ons. Click Start --> Run type iexplore –extoff and press Enter. Try to add a search provider there...did that work? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
RandyL Posted December 10, 2012 Posted December 10, 2012 It's all yours etavares. Good luck my friend. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Thridchild Posted December 10, 2012 Author Posted December 10, 2012 Hi etavares I get tab labelled Addons disabled and it says Internet Explorer is currently running without add-ons. There is a line highlighted in blue at the top saying click here to manage,disable or remove your add-ons but that just takes me back to manage add-ons page where I cant do anything. . Quote
etavares Posted December 11, 2012 Posted December 11, 2012 OK, here's my plan of attack: We'll try a complete reset of IE. IF that doesn't work, we'll roll it back to IE6 then update again to IE8. If that doesn't work, I'll look at the permissions in the registry and set it manually. First, please reset IE as before. This time please CHECK the box to delete personal settings. Let me know if after resetting it, closing IE and restarting IE, if you can add a search provider. Also, you gave me some new information. You can't manage ANY add-on? Or just search provider? -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Thridchild Posted December 11, 2012 Author Posted December 11, 2012 Hi etavares Some success I now have a default search provider Live Search showing after the spyglass howeverwhen I try to delete it from the manage add-ons page it wont let me and I still canot add google as a serch provider. Quote
etavares Posted December 12, 2012 Posted December 12, 2012 OK, go to Control Panel, Add/Remove Programs and uninstall Internet Explorer 8. Then, download and install IE8 again (do immediately, uninstalling IE8 rolls you back to IE6 which is insecure and outdated) from this link: http://www.microsoft.com/en-us/download/details.aspx?id=43 REboot and let me know if it's back to normal. -etavares Quote etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.