Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 - Error messages from webpage


  • Please log in to reply
16 replies to this topic

#1 Daniel Beach

Daniel Beach

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 03 December 2012 - 08:46 PM

When I sign into Internet Explorer and when I start to type in a search box or click on any website (even yours) I first get and error pop up box "message from website" inside the first box says "DirectSearchFrame.createTBO_IE:Access is denied" I click ok then another box pops up from website and says "DirectSearchFrame.init:Unable to get value of the property 'GetReg':object is null or undefined" The websites pull up with no problem I just keep getting the pop ups. Not sure what is going on. Also my flash player wont play videos but it is updated and I noticed this happened at the same time the pop ups started. Help?

Edited by hamluis, 06 December 2012 - 02:23 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:41 AM

Posted 04 December 2012 - 05:21 AM

TBO_IE:Access is denied

Hi -
The error seems to say that you have a Toolbar that is not being recognised, or should be removed -

This tool can remove most Add-on bars if you would like to try it -
Please download AdwCleaner by Xplode onto your desktop.
If you are prompted, please disable your Antivirus; Information on temp disable HERE
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Thank You -

#3 Daniel Beach

Daniel Beach
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 05 December 2012 - 02:18 PM

I know I disabled my avast and malwarebytes-(I think)... something is running a security scan and I cant figure out what but it will not let me save the file but it did let me run it and this is what I got

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 14:12:27
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Daniel - EMSPC1
# Boot Mode : Normal
# Running from : C:\Users\Daniel\Documents\Wallmart stuff\Raleigh Sams #8223\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Daniel\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\Daniel\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\Daniel\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Folder Found : C:\Program Files (x86)\Ilivid
Folder Found : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Found : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Daniel\AppData\Local\Ilivid Player
Folder Found : C:\Users\Daniel\AppData\LocalLow\searchquband
Folder Found : C:\Users\Daniel\AppData\LocalLow\Searchqutoolbar

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\SearchquMediabarTb
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-3182349910-3965242867-595913029-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.8] : homepage = "hxxp://www.searchqu.com/406",
Found [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Found [l.42] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=306&systemid=406&sr=0&q={searchTerms}",
Found [l.449] : homepage = "hxxp://www.searchqu.com/406",
Found [l.636] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]

*************************

AdwCleaner[R1].txt - [7811 octets] - [05/12/2012 14:12:27]

########## EOF - C:\AdwCleaner[R1].txt - [7871 octets] ##########


I'm sure I did something wrong If so let me know what to do :/

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:41 AM

Posted 05 December 2012 - 03:21 PM

Hi -
Please re-run the program, but this time click on the "Delete" button.
This should remove Searchqu.ini / Searchqutoolbar / iLivid Toolbar / Tarma Installer

These are what we need to remove - Close and save all open programs first, including your Internet browser.
Repost the new log after your computer auto reboots

Thank You -

#5 Daniel Beach

Daniel Beach
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 05 December 2012 - 06:24 PM

ok got it this time...both boxes are still popping up

# AdwCleaner v2.011 - Logfile created 12/05/2012 at 18:17:01
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Daniel - EMSPC1
# Boot Mode : Normal
# Running from : C:\Users\Daniel\Downloads\adwcleaner (5).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Daniel\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\Daniel\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\Daniel\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Folder Deleted : C:\Program Files (x86)\Ilivid
Folder Deleted : C:\Program Files (x86)\Windows iLivid Toolbar
Folder Deleted : C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Daniel\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Daniel\AppData\LocalLow\Searchqutoolbar

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://www.searchqu.com/406",
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]
Deleted [l.42] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=306&systemid=406&sr=0&q={searchT[...]
Deleted [l.449] : homepage = "hxxp://www.searchqu.com/406",
Deleted [l.636] : urls_to_restore_on_startup = [ "hxxp://www.searchqu.com/406" ]

*************************

AdwCleaner[R1].txt - [7914 octets] - [05/12/2012 14:12:27]
AdwCleaner[S1].txt - [7859 octets] - [05/12/2012 18:17:01]

########## EOF - C:\AdwCleaner[S1].txt - [7919 octets] ##########

Edited by Daniel Beach, 05 December 2012 - 06:25 PM.


#6 Daniel Beach

Daniel Beach
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 07 December 2012 - 02:23 PM

One more time I believe I did it right this time


# AdwCleaner v2.011 - Logfile created 12/07/2012 at 14:17:22
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Daniel - EMSPC1
# Boot Mode : Normal
# Running from : C:\Users\Daniel\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Registry is clean.

-\\ Google Chrome v23.0.1271.95

File : C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [786 octets] - [07/12/2012 14:16:56]
AdwCleaner[S1].txt - [718 octets] - [07/12/2012 14:17:22]

########## EOF - C:\AdwCleaner[S1].txt - [777 octets] ##########

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:41 PM

Posted 11 December 2012 - 11:52 AM

Hello, try running the FIX-IT here
http://support.microsoft.com/mats/ie_performance_and_safety/en-us
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 Daniel Beach

Daniel Beach
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 13 December 2012 - 08:19 PM

Ran the FIX-IT .. it took care of a few issues but I am still having the same problem :/
Also my flashplayer is as updated as possible and I cant run videos or a game as it wont load an tells me I need to update my flashplayer

Edited by Daniel Beach, 13 December 2012 - 09:18 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:41 PM

Posted 17 December 2012 - 11:54 AM

Hello,look a bit further.
Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode


Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.



Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Daniel Beach

Daniel Beach
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 18 December 2012 - 11:05 AM

Hi BOOPME and thank you for responding .. I started up in safe mode only to find out that I cannot connect to the internet via WiFi .. I need to find someone that has internet via plug in. This may take a while as I am now traveling out of town. Unless you know a way I can use wifi in safe mode? As soon as I reach my destination I will begin to look as I really want this problem taken care of so please dont give up on me if I'm not responding quick enough. Thanks so much for helping me.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,530 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:41 PM

Posted 18 December 2012 - 12:26 PM

You may need to copy the tools to a flash Drive or CD to run them
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Daniel Beach

Daniel Beach
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 02 January 2013 - 12:33 PM

Sorry been out of town and asa we got back he had to take the computer to a jobsite out of town (this is my husbands work computer). I will try to copy the the tools to a cd and try it that way ... hold on

#13 Daniel Beach

Daniel Beach
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 02 January 2013 - 01:25 PM

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/02/2013 01:03:58 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/02/2013 01:04:17 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

#14 Daniel Beach

Daniel Beach
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 02 January 2013 - 01:27 PM

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-02 13:05:04
-----------------------------
13:05:04.132 OS Version: Windows x64 6.1.7601 Service Pack 1
13:05:04.132 Number of processors: 4 586 0x2505
13:05:04.132 ComputerName: EMSPC1 UserName: Daniel
13:05:05.037 Initialize success
13:05:06.659 AVAST engine defs: 13010200
13:05:12.010 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:05:12.010 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
13:05:12.026 Disk 0 MBR read successfully
13:05:12.026 Disk 0 MBR scan
13:05:12.463 Disk 0 Windows VISTA default MBR code
13:05:12.494 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:05:12.775 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463564 MB offset 3074048
13:05:12.821 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11875 MB offset 952453120
13:05:13.133 Disk 0 scanning C:\windows\system32\drivers
13:05:27.392 Service scanning
13:05:49.497 Modules scanning
13:05:49.497 Disk 0 trace - called modules:
13:05:49.528 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
13:05:49.528 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80059c1060]
13:05:49.528 3 CLASSPNP.SYS[fffff88001b8443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800496f050]
13:05:50.495 AVAST engine scan C:\windows
13:05:52.383 AVAST engine scan C:\windows\system32
13:08:22.830 AVAST engine scan C:\windows\system32\drivers
13:08:48.710 AVAST engine scan C:\Users\Daniel
13:11:06.880 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Documents\MBR.dat"
13:11:06.880 The log file has been saved successfully to "C:\Users\Daniel\Documents\aswMBR.txt"

#15 Daniel Beach

Daniel Beach
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 02 January 2013 - 02:49 PM

C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\Daniel\AppData\Local\Temp\DropDownDealsSetup.exe multiple threats cleaned by deleting - quarantined
C:\Users\Daniel\AppData\Local\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application deleted - quarantined
C:\Users\Daniel\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\Users\Daniel\AppData\Local\Temp\YontooLayers.crx Win32/Adware.Yontoo.C application deleted - quarantined
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2fd1b4ee-6082384c a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined
C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1e57fa2f-1a47e11d a variant of Java/TrojanDownloader.Agent.NDJ trojan deleted - quarantined




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users