Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE11 won's download except safe mode; need help with Farbar results


  • This topic is locked This topic is locked
18 replies to this topic

#1 Terri13th

Terri13th

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 13 February 2016 - 12:11 PM

Computer virus/malware scans coming up clean, so not thinking virus but was told to post here. On Windows 7, IE 11 won't download anything unless in safe mode w/networking, which works fine. Adw scan came up clean, so ran Farbar Recovery Tool but have no clue where to begin w/the results and don't want to allow any fix without guidance. Here's the Farbar results, sending both files it generated. Thanks for any help,

Attached Files


Edited by Terri13th, 13 February 2016 - 12:39 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 14 February 2016 - 08:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

When you removed Norton if you did not download and run their uninstaller I suggest you do it now.

Follow the instructions on this page.
https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us
===

Restart the computer normally.

If the problem persists let me know of any error message when the download fails.
===

Please Download and run the ComboFix tool.

How to use ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Follow the instructions on the page.

Post the content of the C:\ComboFix.txt file for my review.

p.s.
When all is well you can remove the tool by following the Uninstall instructions on the same page.

#3 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 14 February 2016 - 12:39 PM

Thanks for your help, but your mention of Norton puzzles me--I've never had Norton on this computer. Also I was hoping someone could ck the Farbar Recovery Tool results I had in my first post.

 

There is no error code when downloads fail, and also no response whatsoever to my clicking on any download button in IE11--nothing happens at all.

 

Were you able to find anything in Farbar report--looks like quite allot of problems were found, but I don't want to allow it to 'fix' without expert guidance.

 

In the meantime, I'll be going into Safemode with networking to download Combofix, as that's the only way I can download anything. I'll come back and ck the forum once I download it, and will run it in normal Windows mode. Thanks, Terri


Edited by Terri13th, 14 February 2016 - 12:49 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 14 February 2016 - 02:34 PM


Well I did look at your logs this morning.
The last five item in the quote box below are all related to Norton.

Run this fix to remove them.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

[B]HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-2807117327-2435628761-4039029709-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-2807117327-2435628761-4039029709-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-2807117327-2435628761-4039029709-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FirewallRules: [{22653329-A4D8-4CE9-AD75-2EBD47BAE255}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS384E.tmp\SymNRT.exe
FirewallRules: [{F1047F8B-2169-4284-9C2B-9C3FA9396AF8}] => (Allow) C:\Users\Gary\AppData\Local\Temp\7zS384E.tmp\SymNRT.exe
FirewallRules: [{DCFDCFBE-24A1-47B5-BC63-5BBE40B3687D}] => (Allow) C:\Users\Gary\AppData\Local\Temp\nsbF27D.tmp\CnetInstaller-10847481.exe
FirewallRules: [{BF57CDA9-70C7-40E7-A52C-D5687F64BE80}] => (Allow) C:\Users\Gary\AppData\Local\Temp\nsbF27D.tmp\CnetInstaller-10847481.exe
C:\Users\Gary\AppData\Local\Temp\7zS384E.tmp
C:\Users\Gary\AppData\Local\Temp\nsbF27D.tmp
[/B]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

========

Can you run ComboFix in normal mode?

#5 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 14 February 2016 - 04:28 PM

When coying text do I include start and end?

Also, when inserting it into folder Farbar is in, in my case downloads, is it correct that it's listed separately and is not in the Farbar exe folder itself?

 

Yes, I can run Combo in normal mode...would you have preference on which I ran first, combo or farbar?


Edited by Terri13th, 14 February 2016 - 04:33 PM.


#6 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 14 February 2016 - 09:28 PM

I just ran ComboFix since I didn't have any questions on how to do that...will await answer to my questions b/f running the code with Farbar.

 

Here's ComboFix log...

Attached Files


Edited by Terri13th, 14 February 2016 - 09:30 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 15 February 2016 - 07:35 AM

When coying text do I include start and end?
Also, when inserting it into folder Farbar is in, in my case downloads, is it correct that it's listed separately and is not in the Farbar exe folder itself?


Yes include Start - Stop commands
Please the Fixlist.txt in the Dowload folder where FRST is located.

Run the fix.

Restart the computer normally.

Test to see if you can now download in normal mode.
===

Reset IE as suggested on this page.

http://www.sevenforums.com/tutorials/1222-internet-explorer-reset.html

Is the download working now?

p.s.
In normal mode can you download with Chrome and or Firefox?

#8 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 15 February 2016 - 12:02 PM

I just ran ComboFix since I didn't have any questions on how to do that...will await answer to my questions b/f running the code with Farbar.

 

Here's ComboFix log...

It appears ComboFix did fix my problem! Thank you so much! I noted a change immediately when I opened IE as security prompt came up that I had never seen before, saying 'you are about to view pages over a secure connection...' Then when I clicked on Bleep Comp, another security prompt came up, saying not so secure....I am assuming this is part of the 'Protected Mode' of IE, which I had enabled as part of my troubleshooting of the download problem? I know you can stop such prompts by clking 'don't show again,' but generally speaking is 'Protected Mode' worth enabling in your opinion, or is it just another slowdown for IE11? Anyway, then I tried a download, and it worked! Thanks a million! Also, it cleared up a problem within email where I couldn't directly open attachments by clking paper clip but had to save them to open, a real pain which I suspected may have been connected to IE problem.

So would you say Conbofix reset some windows settings that got messed up?

Before closing this, I'm hoping we can also address the Norton problem. I've set restore point and will try Farbar fix now, so I hope you can bear with me just a little longer.



#9 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 15 February 2016 - 12:37 PM

Here's the results from the Farbar batch file fix you sent me. Everything went as you said...hopefully nasty Norton is gone now?

Hmmm, having trouble attaching the fix file...can't figure out what I'm missing, I'm logged in and remembering to hit 'attach this file,' after putting in the file from my download folder...any ideas on this?



#10 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 15 February 2016 - 01:01 PM

Well, I keep trying to send Farbar log, and can't seem to do it now. After I browse and locate file, and get it's location to show up in the box, I click 'attach Files,' and that's totally non-responsive and does nothing. It's very weird b/c I did successfully attach that ComboFix log before running that Farbar fix, and everything seemed to go smoothly, but I can't for the life of me attach the log and get it posted. Will try old fashioned copy/paste to body of post since it's short...nope, can't do that either.

Any ideas on this?

 

 



#11 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 15 February 2016 - 01:48 PM

Ok, I cleared out IE temp files, cookies, etc. and retried and it worked!

 

Here, finally, is result of Farbar fix log after running Farbar with your batch file...Has Norton finally left the house?

Attached Files


Edited by Terri13th, 15 February 2016 - 01:49 PM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 15 February 2016 - 01:52 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 15 February 2016 - 01:57 PM

Nasdaq, are you saying my initial problem was security related or a result of some sort of virus or malware?

 

Also, does the log show Norton is gone?

 

Thank you so much for all your help!



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:01 PM

Posted 16 February 2016 - 07:36 AM

No. There were some Norton traces that we removed.
How they got there is unknown to me. Possibly the original computer came with it and it was deleted.

You cleaning the Temp files and cookies may have helped also.

Glad to see that all is well.

#15 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:01 PM

Posted 16 February 2016 - 11:17 AM

Thanks for all your help! I believe you're right and Norton came packaged w/computer when new, and the Windows uninstall left remnants. That was before I began using Revo Uninstaller, which seems to get the last bits.

 I did want to ask you about Windows Defender working with MSE. I saw it has been disabled, and wondered if I should enable it, and how?

And, lastly do you have any recommendations for start-up clean-up programs? Startuplite by Malwarebytes didn't seem to work on Windows 7, 64 bit.

Seriously, thanks, again!


Edited by Terri13th, 16 February 2016 - 11:17 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users