Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Not open for further replies.
1 - 16 of 16 Posts

9 Posts
Discussion Starter · #1 ·
What happened before the browsers wont work: 2 days ago a brandnew rogue antivirus (Antivirus Scan) slipped into my computer and went rampaging around showing fake virusses on my pc, made it unable for me to open my taskmnr, showing pop-ups and messed up my browsers saying that it would be "dangerous" to browse around. Took me a whole night to figure out how to get rid of the mallware... i downloaded mallwarebytes but it coudnt find the virus (it was outdated for 7 days and could not update) in the end i solved the problem by opening ccleaner in safe mode and disabled the autorun, searched back the pad, deleted the file and then after a update let mallwarebytes do the rest on a leftover registery key and file which was found.

Problem: When i open my browser now (explorer9 32&64bit & firefox4 64bit) it wont get me anywere. It keeps loading and it stays blank. Strangly though, Songbird (who has a build-in firefox-like browser) and HP's own internet browser do work. Furthermore when i clicked the activationlink to use my account on this site firefox opened with a blank page yet when i tried again in the buildin browser off songbird it did sayd the account was already activated.

I tried: -messing with the proxy, it was on auto detection but turned it to no proxy. (i dont have a server here)
-reinstalling explorer and firefox and installed chrome to test if it was only with previous installed browsers. resetting browsers.
-browsers are not set as work offline.

I have a: HP DV6 3040us withMS Windows 7 Home Premium 64-bit

I have no idea what else i could try, i hope its enough info, thanks in advance for helping. (even without a solution a reply to show this thread is been looked trough is well appreciated)

9 Posts
Discussion Starter · #2 ·
I also tried to disable all add-ons but still all without success.

And please read the thread before moving it to another section. The virus is old news, the issues lie with my browser that's why i put it in internet & networking the 1st place.

9 Posts
Discussion Starter · #3 ·
good new year to you all. Thought i send another message since my problem is still not solved. I noticed the 2 browsers want to load a few links in an extreme long time. (10-30sec+ and the links are shown really broken, html text everywere, no background, links and text in a standard font etcetc)

I would really appreciate it if someone could solve this problem.

Super Moderator
37,795 Posts
Hiya and welcome to Tech Support Guy :)

Looks like this thread has been moved to Malware for some reason, so lets check fully on that side :)

Can you firstly post the contents of the MBAM log. If you run the program, at the top select the Logs tab, then click on the log shown, and select Open. Then copy/paste the contents here.


9 Posts
Discussion Starter · #5 ·
Its in Dutch to bad, (tried changing language of Mallwarebytes to english but that doesnt changed the logs language,. was worth a try ;P) Not that it would make any difference i guess. To comfort the reading I translated some parts for you, i wrote those changes starting with "edit".

Malwarebytes' Anti-Malware

Databaseversie: 5406

Windows 6.1.7600
Internet Explorer 9.0.7930.16406

28-12-2010 8:35:21
mbam-log-2010-12-28 (08-35-21).txt

Scantype: Volledige scan (C:\|D:\|E:\|)
Objecten gescand: 463385
Verstreken tijd: 1 uur/uren, 32 minuut/minuten, 19 seconde(n)

Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 1 (edit: registerykeys infected)
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 2 (edit: files infected)

Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd) (edit: no evil objects found)

Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd: (edit: registerykeys infected)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\psborweq (Trojan.FakeAlert.Gen) -> Value: psborweq -> Quarantined and deleted successfully.

Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd: (Edit: Files infected)
c:\$Recycle.Bin\s-1-5-21-2580101828-269602043-2128350665-1000\$RGWOK6I\arsggpjlajb.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Rutger\AppData\Local\Temp\00098237.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
P.S: arsggpjlajb.exe (Trojan.Dropper) which was in my bin back then used to be in my Temp files before i tracked it manually and deleted it. this tut. on i found a guide which discribes the rogue. I did not used Rkill that time since i did not know of the program that time (nor followed the removal guide).

Super Moderator
37,795 Posts
Thanks for editing it :up:

Looking at the link you gave, did you manage to use RKill?

Can you post a HijackThis log, so I can see what is there:

Please go here to download HijackThis.
  • To the right of the green arrow under HijackThis downloads click on the Executable button and download the HijackThis.exe file to your desktop.
  • Double-click the HijackThis.exe file on your desktop to launch the program. If you get a security warning asking if you want to run this software because the publisher couldn't be verified click on Run to allow it.
  • Click on the Scan button. The scan will not take long and when it's finished the resulting log will open automatically in Notepad.
  • Save the log file to your desktop. Copy and paste the contents of the log in your post.
Please do not fix anything with HijackThis unless you are instructed to do so. Most of what appears in the log will be harmless and/or necessary..


9 Posts
Discussion Starter · #7 ·
No i have not used Rkill at all. During the scan i only had Songbird opened (my browser atm).
I tried to change as much as possible (like my start page) back to normal again as well after the quarantine of the infection.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:05:26, on 3-1-2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.7930.16406)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\real\realplayer\Update\realsched.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Songbird\songbird.exe
C:\Program Files (x86)\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisPBIE.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisTSR.exe /run
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: RocketDock.lnk = C:\Program Files (x86)\RocketDock\RocketDock.exe
O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Verzenden naar Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Verzenden naar &Bluetooth-apparaat... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SwSetup\QuickWeb\QW.SYS\config\DVMExportService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\Hewlett-Packard\HP SimplePass Identity Protection\EgisService.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

End of file - 14029 bytes

Super Moderator
37,795 Posts

Re-run HijackThis and press Do a System Scan Only, and select this one in the list:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

And then press Fix Checked

Restart and see if that helps.


9 Posts
Discussion Starter · #9 ·
scanned, fixed, reboot but to bad wasnt the cause. HP webbrowser and Songbird still work fine, firefox and explorer (and most likely chrome, and maybe safari ecetc.) do not.

But still thanks allot for taking time looking for my computer its problem. Hope you have more suggestions or ideas.

Super Moderator
37,795 Posts
Okay, lets look a bit deeper :)

Firstly, do this:

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Then, run this program:

Please download DDS by sUBs to your desktop from one of the following locations:

Disable any script blocker you may have as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:


Save them both to your desktop and then proceed on to the next step.

Copy and paste the contents of the DDS.txt file.
Upload as an attachment the Attach.txt file. There is no need to zip it as suggested in the DDS instructions


9 Posts
Discussion Starter · #11 ·
-I downloaded and ran TFC.exe
-deinstalled MBAM so SUPERAntispyware woudnt get confused with possible quarantines or whatever
-downloaded and scanned with SUPERAntispyware
-and tried to download DDR.scr, but your 1st link brings me to the homepage, 2th i can download but when i open it, it opens an notepad with a huge list of only special characters and does not create any attach.txt files (seems i cannot "open with…" the .scr file either, computer sees it as an AutoCAD Script) and the 3th link goes to a webpage with the same sort text as the 2th one.

How do I open .scr correctly which also gives me the ddr.txt and attach.txt?

SUPERAntiSpyware Scan Log

Generated 01/04/2011 at 10:14 PM

Application Version : 4.47.1000

Core Rules Database Version : 6127
Trace Rules Database Version: 3939

Scan type : Complete Scan
Total Scan Time : 01:28:28

Memory items scanned : 875
Memory threats detected : 0
Registry items scanned : 17143
Registry threats detected : 0
File items scanned : 40480
File threats detected : 8

Adware.Tracking Cookie
C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
C:\Users\Rutger\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

Super Moderator
37,795 Posts
Hmmm, lets see if this fixes the file associations:

Download SREng
  • Extract it to Desktop and double click SREngLdr.EXE to run it
  • Select System Repair from the left pane.
  • Click on File Association
  • Select all entries that has an Error status click [Repair]
  • Refer to this image for an example:

  • Close SREng now.

If not, try this program instead:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


9 Posts
Discussion Starter · #13 ·
Now i stupidly didnt tested my browsers after i ran the tfc.exe file or scanned with SUPERAntiSpyware. And when i ran SREng Comodo firewall popped up telling it was a virus or maybe PUP (assuming a false possitive) with the folowing link for more information. And Firefox opperated succesfully.

Tested again on explorer and everything works well. What exactly the reason would be i dont know, temp file which was messing with my browsers? i cleaned all cookies ones before i ran Superantispyware.

Anyway, thank you very kindly for helping me out. You have been a great help to me. On school i needed Explorer for a program which annoyingly only works with Explorer, so it was hard to use my laptop during those classes.

So i wish you a great day further and good luck helping out others.

Super Moderator
37,795 Posts
Glad to see its all working again :)

It may just be that your temp folders needed cleaning up. Just deleting cookies doesn't free up much space.

Also, thanks for that link, it looks like a false positive as we use that tool a lot.

I would suggest runnng TFC monthly, and also doing this:

Go to Control Panel and open the Internet Options. Click on the Advanced tab and do the follwing:
  • Tick Empty Temporary Internet Files When Browser is Closed under Security. Apply and OK

Also, its a good idea to keep on top of removing any Temp files etc every month or so. To do this, Windows has a pretty good tool.
  • Go to Start | Programs | Accessories | System Tools | Disk Cleanup
  • It should start straight away, but if you have to select a drive, click on the C-drive.
  • Let it run, and at the end it will give you some boxes to tick.
  • All are okay to enable, then press OK and then Yes to the question after.
  • It will close after its completed.

It just keeps your system running a bit smoother as well :)


9 Posts
Discussion Starter · #15 ·
Went to take a last peek since with some sites after you hit the Solve button you cannot post or even access the thread anymore. well dont know if u ment HD space or if the pc has some Temp file space (not RAM is it?), but on the C drive there still is 300gb~ left, so HD space should not be of any problem.

Thanks for the advice with the regular temp file cleaning, personally i use Ccleaner from already, a freeware program which does basicly the same. Options to clean browser histories, recycle bin, registry keys were left after removing something, it also has a drive wipe since short, a function to enable/disable programs which start automatically when you start up your computer and etcetcetc... Those same people from piriform also made a program which gives you a whole system summary of your pc (with log and clipboard options, i sometimes use this tool since my laptop likes to go over 75-80°C when running something heavy) and some other tools. Program is popular, so i guess you knew about the program already. But if not i would like to put my two cents in the forum. :p

(Resized the picture a little, but apparently the site does the same already)
Anyway, i'm getting way off topic. Thanks again for helping, i wont forget this site and your generosity. cya.

Super Moderator
37,795 Posts
Having 300G disk space free is just that, disk space. However, over time as you use/install new programs, temp files and folders are created, which don't always get removed after installation.

Also, when using the internet, many don't realise how much temp files are downloaded as you're just surfing general sites.

Over time, these can slow a system, causing problems with slow internet, pictures not displaying correctly, etc ;)

I've heard of CCleaner, never used it myself as I tend to use the tools mentioned above, but whichever program you prefer to use, is fine :)

1 - 16 of 16 Posts
Not open for further replies.