Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 49

Thread: Need Help uninstalling iLivid

  1. #31
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Step 4 EST online scanner

    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application


    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
    C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

  2. #32
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi Bruce C,

    Thank you again for the logs.

    Those files detected by the ESET scan will be dealt with in the final cleanup process.
    We're almost there. Please bear with me.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    SystemLook

    1. Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Copy and Paste the text in the code box below into SystemLook's main text entry window:
      Code:
      :filefind
      *MS AntiSpyware 2009*
      
      :folderfind
      *MS AntiSpyware 2009*
      
      :regfind
      MS AntiSpyware 2009
      
      :contents
      C:\_OTL\MovedFiles\12272011_185541.log
    3. Click on the Look button to start the scan.
      Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
    4. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
      A log file will be created on your Desktop named SystemLook.txt.
    5. Please post the contents of the SystemLook.txt file in your next reply.

    Step 2:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. SystemLook.txt.
    3. How is the computer now running?


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  3. #33
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi Bruce C,

    It has been over 48 hours since my last post.

    1. Do you still need help?
    2. Do you need more time?
    3. Are you having problems following my instructions?
    4. In line with Safer-Networking's policy, topics will be closed after 3 days without a response.
    5. If you do not reply within the next 24 hours, this topic will be closed.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  4. #34
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Delay between posts

    I apologise for the delay since my last post . I try to complete each step when my wife is home as I often need her help ,but she works long days so its not always easy to get her assistance since she has so many other things to do when she is home. I'll give it a shot right now , as it still seems a little slow other than that it sometimes displays "cannot display page"
    Thanks , Bruce

  5. #35
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Results of scan :systemlook scan

    Hi Scolobar
    No problem with instructions , however I did'nt see a SystemLook .txt on my Desktop so I copy and pasted the results here.Thanks Bruce
    Log created at 07:14 on 06/01/2012 by Bruce
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "*MS AntiSpyware 2009*"
    No files found.

    ========== folderfind ==========

    Searching for "*MS AntiSpyware 2009*"
    No folders found.

    ========== regfind ==========

    Searching for "MS AntiSpyware 2009"
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]
    [HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]

    ========== contents ==========

    C:\_OTL\MovedFiles\12272011_185541.log - Opened succesfully.

    ’žAll processes killed
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"|"- /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
    Registry key HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ not found.
    Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe not found.
    Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
    ========== FILES ==========
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk moved successfully.
    C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318} folder moved successfully.
    File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk not found.
    File\Folder C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318} not found.
    C:\Users\Public\Desktop\iLivid Download Manager.lnk moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid folder moved successfully.
    File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid not found.
    File\Folder C:\Program Files\iLivid not found.
    File\Folder C:\Program Files\Windows iLivid Toolbar not found.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Bruce\Desktop\cmd.bat deleted successfully.
    C:\Users\Bruce\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bruce
    ->Temp folder emptied: 320628 bytes
    ->Temporary Internet Files folder emptied: 63747516 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 1867 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 90 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 27648 bytes

    Total Files Cleaned = 61.00 mb

    Error: Unable to interpret <[resethosts]Then click the Run Fix button at the > in the current context!

    OTL by OldTimer - Version 3.2.31.0 log created on 12272011_185541

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF937D.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF9389.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF93DB.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF93E7.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF9421.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF942D.tmp not found!
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\0f0ca97dac[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\blank[1].gif moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\blank[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\ProductDisplay[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\showthread[2].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJUL4508\mybostonharley_com[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJUL4508\questionshome[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJUL4508\reviews[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3B7SFPP4\proxy[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

  6. #36
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi Bruce C,

    Thank you again for the logs and feedback.

    Please can I remind you to post an update to keep this topic "live" as I had requested the topic to be closed.

    Quote Originally Posted by Bruce C
    ... it still seems a little slow other than that it sometimes displays "cannot display page"
    I am going to ask you to run some additional checks.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Create System Restore Point

    Please create another System Restore Point following the instructions previously posted before continuing any further.

    Step 2:
    Backup MBR

    As a precaution I am going to ask you to back up your PC's Master Boot Record:

    • Please download MBRBackup © Mischel Internet Security Ltd and save it to your Desktop.
    • Double-click MBRBackup.exe to launch the program.
    • Click SaveMBR (top left corner) and save the backup file to your Desktop.
    • It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
    • Exit the program.
    • I strongly advise that you keep a copy of this backup stored on an external device - on an external hard drive, CD/DVD or USB flash drive - for peace of mind.

    Step 3:
    OTL - Script

    Next we need to run another OTL script.

    **IMPORTANT** Please temporarily disable your Norton 360 Realtime Protection again. If active, it could impact fix.

    1. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Copy and Paste the following code into the textbox. Do not include the word Code.
      Code:
      :reg
      [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]
      [-HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]
      
      :commands
      [emptytemp]
    3. Then click the Run Fix button at the top.
    4. Click .
    5. OTL should ask to reboot the machine. Please do so if asked.
    6. The report should appear in Notepad after the reboot.
    7. Please Copy and Paste the contents of that report into your next reply.

    Step 4:
    Rootkit UnHooker (RkU)

    Please download Rootkit UnHooker. Save it to your Desktop.
    Please Note: The resulting log file can be very long. You may need to post it separately.

    1. Right-click on RKUnhookerLE.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Click the Report tab, then click Scan.
    3. Check the Drivers, Stealth Code, Files and Code Hooks options.
    4. Uncheck the rest of the options. Then click on the OK button. (See the image below for reference.)

      The scanning will toggle through the Checked items "tabs". This can take a while, so please be patient.
    5. When the scanner is finished, select File > Save Report.
    6. Save the file Report.txt to your Desktop.
    7. Click on the Close button and then click the Yes button to confirm.
    8. Copy and Paste the entire contents of the Report.txt file into you're next reply.

    Step 5:
    MBRCheck - Scan

    1. Please download MBRCheck.exe © a_d_13 to your Desktop.
      Alternate links: Link 2 or Link 3
    2. Right-click on MBRCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    3. A small black window will open with some information. Please do not fix anything (- if it gives you an option).
    4. If an unknown boot code is detected additional options will be presented. At this time press N then press Enter twice to continue.
    5. When the scan has completed you should see the message Done! Press ENTER to exit... Press Enter to exit the program.
      A file named MBRCheck_mm.dd.yy_hh.mm.ss.txt will appear on your Desktop.
    6. Please Copy and Paste the entire contents of the MBRCheck_mm.dd.yy_hh.mm.ss.txt file into your next reply.

    Step 6:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. OTL.txt.
    3. Report.txt.
    4. MBRCheck_mm.dd.yy_hh.mm.ss.txt.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  7. #37
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Step 3 notepad after reboot

    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bruce
    ->Temp folder emptied: 523043 bytes
    ->Temporary Internet Files folder emptied: 202610430 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 3006 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7290 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 194.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01082012_220908

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2AF2.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2AFE.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2B56.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2B6F.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2BA7.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2BBD.tmp not found!
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TG91WWCK\showthread[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

    Registry entries deleted on Reboot...

  8. #38
    Member
    Join Date
    Dec 2011
    Posts
    30

    Thumbs up Step 4 completed

    I completed step 4 but was unable to copy and paste it and in the prosses I lost it . Thats as far as I can go tonight as I have to bring my wife to the Hospital early tommorow . Tha computer runs much better and if you want to call it quits now thats OK by me. Thank you very much for all of your help , Bruce

  9. #39
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi Bruce C,

    Thanks for the feedback and OTL log.
    Having got this far and if you are happy to continue, it would be good if you could post the logs from the last two steps of my last set of instructions to confirm that the MBR and rootkit scans come back clean, for peace of mind.

    Just try running steps 4 and 5 again and make sure you Save the Report.txt file to your Desktop in step 4 this time.

    Step 6:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Report.txt.
    3. MBRCheck_mm.dd.yy_hh.mm.ss.txt.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  10. #40
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default steps 4 and 5

    Ok I'll give it a shot. Thanks ., Bruce

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •