Solved IE won't open

fay · Aug 17, 2012

This is for my sister in laws PC. Somehow IE has gone missing from her pc. I tried installing IE 7 and then 8. After installation, the browser was like dead. It kept saying 'Connecting' on the tab. So I uninstalled 8 then kept 7, same thing with 7. I uninstalled 7, and was left with 6; at least that's what I thought. It's not in Add/Remove or desktop or start menu. What did I do wrong? Let me back up a bit. My son was using her computer a couple of days ago and spyware ended up on it.I removed it using Malwarebytes and I thought I had it all removed. Maybe I didn't. I'm not sure anymore. I ran avg and it found 5 warnings and 1 spyware. But now I can't even open IE from the Start Menu. Also, I can't open Administrative Tools. When I right click, it says Open, Explore, and Create Shortcut. Nothing else in Control Panel says that. When I click Explore the desktop opens up. I think I might have made her PC worse. I am racking my brain doing research, but nothing is working. I read that you can't do a reinstall of IE 6 because it comes with Windows. Is that true?
I want to try to fix it before she wants to use it. I am hoping to have it fixed by tomorrow afternoon if possible with PCHELPs assistance.
The OS for this PC is Windows XP Home Edition.
Thank you
Fay

Malnutrition · Aug 17, 2012

Complete the instructions below then Attach the requested logs in your next reply,and our security team will be with you A.S.A.P.
http://www.pchelpforum.com/xf/threads/prework-please-read-before-posting.131846/

fay · Aug 17, 2012

I tried to run OTL but it encountered and problem and had to close.
I didn't expect that.

Pancake · Aug 17, 2012

Ok.Just try running it in safe mode.

fay · Aug 17, 2012

Hello again.
You're not gonna believe this. OTL won't run in safe mode either, even safe mode with networking. I don't know what's going on. It's like I'm not the administrator. I even tried the administrator account. I can't use IE so I use Chrome, but in order to use it, I have to right click and choose open. It won't open if I double click. I can't open anything unless I right click and choose open. I tried to run IE from task manager, but it just opens for a second and then closes.

Pancake · Aug 17, 2012

Ok.see if you can run this.

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool

Choose Change Parameters and make sure all the options are checked

Click the Start Scan button

After the scan has finished, click the Close button

Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

====================================================

Please download Malwarebytes Anti-Malware from Malwarebytes.org
Alternate link: Download Mirror

(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.
If Malwarebytes fails to download please use the following link:

http://malwarebytes.org/mbam-download-exe-random.php

fay · Aug 18, 2012

I uploaded one of the log files cos it said the post was too long and to shorten it.
There were 2 log files for TDSSKiller. The link for it was dead; it just opened a blank tab. I had to search for it.
During installation of Malwarebytes a dialog box came up: CoCreateInstance Failed; code 0x80040154 Class not registered. I had to click that box 5X for it to go away. Click Finish. I left Launch and Update boxes checked. Then two more dialog boxes: vbAccelerator Grid II Control and it said>>>Runtime error '0' and Re '440' Automation error. It showed those 2 boxes twice.
Seems like my son really messed up her PC. I've never seen this before. I've always been able to run what y'all tell me.
17:42:05.0718 4692 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
17:42:06.0093 4692 ============================================================
17:42:06.0093 4692 Current date / time: 2012/08/17 17:42:06.0093
17:42:06.0093 4692 SystemInfo:
17:42:06.0093 4692
17:42:06.0093 4692 OS Version: 5.1.2600 ServicePack: 3.0
17:42:06.0093 4692 Product type: Workstation
17:42:06.0093 4692 ComputerName: TOM-90C27137F2D
17:42:06.0093 4692 UserName: Owner
17:42:06.0093 4692 Windows directory: H:\WINDOWS
17:42:06.0093 4692 System windows directory: H:\WINDOWS
17:42:06.0093 4692 Processor architecture: Intel x86
17:42:06.0093 4692 Number of processors: 2
17:42:06.0093 4692 Page size: 0x1000
17:42:06.0093 4692 Boot type: Normal boot
17:42:06.0093 4692 ============================================================
17:42:06.0968 4692 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
17:42:07.0000 4692 ============================================================
17:42:07.0000 4692 \Device\Harddisk0\DR0:
17:42:07.0000 4692 MBR partitions:
17:42:07.0000 4692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
17:42:07.0000 4692 ============================================================
17:42:07.0062 4692 H: <-> \Device\Harddisk0\DR0\Partition1
17:42:07.0062 4692 ============================================================
17:42:07.0062 4692 Initialize success
17:42:07.0062 4692 ============================================================
17:43:37.0875 4676 Deinitialize success

Pancake · Aug 18, 2012

I'd like you to scan your machine with ESET OnlineScan

Scan your system with Online Scanner

Place a check mark in the box YES, I accept the Terms Of Use.

Click the button.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).

Click on to download the ESET Smart Installer. Save it to your desktop.

Double click on the icon on your desktop.

Check

Click the button.

Accept any security warnings from your browser.

Check

Make sure that the option to "Remove Found Threats" is UN checked.

Push the "Start" button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push

Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Push the button.

Push

fay · Aug 18, 2012

Here is the ESETScan log file:
H:\Documents and Settings\Owner\Application Data\FCTB000100815\Toolbar\Toolbar.dllWin32/Toolbar.BHO.B application
H:\Documents and Settings\Owner\Local Settings\Temp\jar_cache3329638805204605866.tmpJava/Exploit.CVE-2012-0507.AP trojan
H:\Documents and Settings\Owner\Local Settings\Temp\jar_cache987173251468471945.tmpJava/Exploit.CVE-2012-0507.AP trojan
H:\Documents and Settings\Owner\Local Settings\Temp\lhootsa.exemultiple threats
H:\Documents and Settings\Owner\Local Settings\Temp\LhootUpgrade.exemultiple threats
H:\Documents and Settings\Owner\Local Settings\Temp\nsm1F9.tmpa variant of Win32/Adware.180Solutions application
H:\Documents and Settings\Owner\Local Settings\Temp\SetupDataMngr_Searchqu.exea variant of Win32/Toolbar.SearchSuite application
H:\Documents and Settings\Owner\Local Settings\Temp\1B4EA106-BAB0-7891-B5E2-99537694A129\Latest\MyBabylonTB.exeWin32/Toolbar.Babylon application
H:\Documents and Settings\Owner\Local Settings\Temp\42AFD15D-BAB0-7891-8429-59CA2000B3A2\Latest\MyBabylonTB.exeWin32/Toolbar.Babylon application
H:\Documents and Settings\Owner\Local Settings\Temp\53694B27-BAB0-7891-BECE-ED7E449726F5\Latest\MyBabylonTB.exeWin32/Toolbar.Babylon application
H:\Documents and Settings\Owner\Local Settings\Temp\is87173921\ezLooker-S-Setup_Suite1.exeprobably a variant of Win32/Adware.DFJFHGU application
H:\Documents and Settings\Owner\Local Settings\Temp\is87173921\MyBabylonTB.exeWin32/Toolbar.Babylon application
H:\Documents and Settings\Owner\Local Settings\Temp\nsb33D\nse33E.tmp\SetupDataMngr_Searchqu.exea variant of Win32/Toolbar.SearchSuite application
H:\Documents and Settings\Owner\My Documents\Downloads\ultimatemediaplayer_2.exeWin32/InstallIQ application
H:\Documents and Settings\Owner\My Documents\Downloads\video_downloader (1).exeWin32/Adware.Bundlore application
H:\Documents and Settings\Owner\My Documents\Downloads\video_downloader (2).exeWin32/Adware.Bundlore application
H:\Documents and Settings\Owner\My Documents\Downloads\video_downloader.exeWin32/Adware.Bundlore application
H:\Program Files\FLVPlayer\FLVPlayer.exea variant of Win32/InstallCore.A application
H:\Program Files\FLVPlayer\Uninstall\Uninstall.exea variant of Win32/InstallCore.T application

Pancake · Aug 18, 2012

Ok.Give me a while to sort this lot out.

Pancake · Aug 18, 2012

WARNING these fixes are designed for this user only and may cause damage if run on any other machine.

Please download the OTM.exe by OldTimer.
Save it to your Desktop.
Please double-click OTM.exe to run it.
Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
Code:
 
:File
H:\Documents and Settings\Owner\Local Settings\Temp\jar_cache3329638805204605866.tmp
H:\Documents and Settings\Owner\Local Settings\Temp\jar_cache987173251468471945.tmp
H:\Documents and Settings\Owner\Local Settings\Temp\lhootsa.exe
H:\Documents and Settings\Owner\Local Settings\Temp\LhootUpgrade.exe
H:\Documents and Settings\Owner\Local Settings\Temp\nsm1F9.tmp
H:\Documents and Settings\Owner\Local Settings\Temp\SetupDataMngr_Searchqu.exe
H:\Documents and Settings\Owner\Local Settings\Temp\nsb33D\nse33E.tmp\SetupDataMngr_Searchqu.exe
H:\Documents and Settings\Owner\My Documents\Downloads\video_downloader(1).exe
H:\Documents and Settings\Owner\My Documents\Downloads\video_downloader(2).exe
H:\Documents and Settings\Owner\My Documents\Downloads\video_downloader.exe
 
:Commands
ipconfig /flushdns /c
C:\recycler\
[clearallrestorepoints]
[createrestorepoint]
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]
 
Return to OTM.exe, right click in the "Paste Instructions for Items to be Moved" window (under the light yellow bar) and choose Paste.
Click the red Moveit! button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

fay · Aug 18, 2012

The same thing that occurred with OTL (A problem has been encountered and needs to close) has happened with OTM.

Pancake · Aug 18, 2012

Ok.Lets try a restore. Cick on Start \ programs\ Accessories \ System Tools \ System Restore, and you’ll be given a wizard screen.

Restoring from a Restore Point
To restore from a previously created restore point, open System Restore and select “Restore my computer to an earlier time”. Note that System Restore is going to reboot your computer in order to restore.

Click the next button, and you’ll be shown a calendar with bolded dates wherever there is a restore point. Click on the date to before you had the troubles, and then click a restore point in the right hand side.

You’ll get a confirmation screen asking if you really want to do this. We’ll assume that there’s a problem requiring you to restore, so go ahead.

Your system will reboot and then restore your computer back to the previous configuration.

fay · Aug 18, 2012

I've actually tried a system restore before all this. When I first found out about all the spyware, I tried sytem restore, then ran all the other programs, Malwarebytes, AVG, etc. But I will try again.

fay · Aug 18, 2012

I'm back from trying system restore. I tried 3 different restore points. They were all a bust.

Log in or Join Us

Solved IE won't open

fay Gold Member

Malnutrition Moderator

fay Gold Member

Google Advertisement

Pancake Security Team

fay Gold Member

Pancake Security Team

fay Gold Member

Attached Files:

TDSSKiller.2.8.6.0_17.08.2012_17.45.55_log.txt

Pancake Security Team

fay Gold Member

Pancake Security Team

Pancake Security Team

fay Gold Member

Pancake Security Team

fay Gold Member

fay Gold Member

IE won't open

Log in or Join Us

Solved IE won't open

fay Gold Member

Malnutrition Moderator

fay Gold Member

Google Advertisement

Pancake Security Team

fay Gold Member

Pancake Security Team

fay Gold Member

Attached Files:

TDSSKiller.2.8.6.0_17.08.2012_17.45.55_log.txt

Pancake Security Team

fay Gold Member

Pancake Security Team

Pancake Security Team

fay Gold Member

Pancake Security Team

fay Gold Member

fay Gold Member

IE won't open

Useful Searches