|
Post by christina on Aug 3, 2015 1:34:48 GMT -8
IE on desktop still affected. Homepage comes up as search.searchbulls.com/I tried to reset default settings on IE via control panel like before but it keeps reverting to searchbull. Chrome is still clean. IE app came up with google as the home page rather than the 'norton blocking malware' page so I think that's all good. Is there a way to uninstall IE?
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Aug 4, 2015 20:36:41 GMT -8
FIRST >>>>You can "un-update" IE back to the base version that came with the OS (ver 9 or 10) but there is no way to fully uninstall it. SECOND >>>>Let's look for the setting in the registry and attack this from that angle for now. [/b] to disclaimer. Type searchbulls into the Search Box. Press the Search Registry button. It will produce a log called FRST.txt in the same directory the tool is run from. Please copy and paste log back here. [/ul] LAST >>>>Can you explain what you mean by desktop IE and IE app. As far as I know they should be the same but this may also be a clue to the differences you are seeing.
|
|
|
Post by christina on Aug 5, 2015 0:27:03 GMT -8
Thanks I didn't think so. Is the reset I've done a couple of times the same as the un-update? If not is it worth doing? Nothing in the search.... Farbar Recovery Scan Tool (x64) Version:28-07-2015 Ran by Christina (2015-08-05 20:06:35) Running from C:\Users\Christina\Desktop Boot Mode: Normal ================== Search Registry: "searchbulls" =========== ====== End of Search ====== With Windows8 you have the desktop or the 'app menu' (I don't know what it's actually called). On the desktop I have 'normal/original/standard' IE or however you want to refer to it and I have Chrome. In the Windows8 'app' menu I also have IE but it's a very different look and feel. They are linked because favourites I save while using the app IE also are showing up in desktop IE. But it's only the desktop IE that is affected with searchbull. I haven't been able to figure out how to attached a decent screen shot here but here is a link to what I mean by IE app www.softpedia.com/reviews/windows/Internet-Explorer-11-Preview-Metro-Review-366150.shtml Something else that may or may not be of any use in terms of information is that before the search.searchbull.com URL comes up it flashes up as rst.bbb.s3-website-eu-west-1.amazonaws.com/?grp=2Also now when I go into to Internet Options it's stating that google is my homepage (which is obviously not what's coming up) Is there anymore information I can give you? Sorry this is turning into an impossible case!
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Aug 5, 2015 21:44:43 GMT -8
Don't be sorry about this problem; someone found a loophole in MS product and we just need to straighten it out. See if the information on tis site helps any: www.winhelp.us/internet-explorer-11-metro.html I don't have IE11 Metro or IE10 Metro (using Win10 Home now) so I'm not sure why I can't find the settings mentioned in the article on my wife's Win 8.1 machine. Starting the IE Metro app just switches back to a desktop view and loads regular IE11 on that machine.
|
|
|
Post by christina on Aug 6, 2015 0:30:28 GMT -8
The only help that website had was giving me guidance on amending privacy settings. I had all the other settings mentioned. I un-sync'd the app IE from desktop IE.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Aug 6, 2015 22:01:13 GMT -8
If you still have Zoek.exe on your desktop. do the following please:
Start Zoek by double clicking and accepting the UAC prompt that comes up. Click on Options in the bottom right hand corner. Select 'Do a Deep Scan' and then click on 'Run Script'.
Please post / attach the resulting log (zoek-results.log) when the scan is done. Thanks.
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Aug 7, 2015 21:27:20 GMT -8
Please run this batch file.
Open Notepad (go to Start > Run and type in Notepad and click OK). Copy/paste the following text inside the code box into a new notepad document.
Go to the File menu at the top of the Notepad and select Save as. Select save in: desktop Fill in File name: look.bat Save as type: All file types (*.*) Click save Close the Notepad. Locate look.bat on the desktop. Double click the icon or Right-click to run it as administrator if you have Vista or Windows 7. A notepad opens, copy and paste the content (log.txt) to your reply.
|
|
|
Post by christina on Aug 8, 2015 0:46:56 GMT -8
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "AutoHide"="yes" "Security Risk Page"="about:SecurityRisk" "Extensions Off Page"="about:NoAdd-ons" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome" "Anchor_Visitation_Horizon"=hex:01,00,00,00 "Cache_Percent_of_Disk"=hex:0a,00,00,00 "Placeholder_Width"=hex:1a,00,00,00 "ApplicationTileImmersiveActivation"=dword:00000001 "AssociationActivationMode"=dword:00000000 "x86AppPath"="C:\\Program Files (x86)\\Internet Explorer\\IEXPLORE.EXE" "Placeholder_Height"=hex:1a,00,00,00 "Default_Secondary_Page_URL"=hex(7):00,00,00,00 "Use_Async_DNS"="yes" "Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.7.0.11" "Local Page"="C:\\Windows\\System32\\blank.htm" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Delete_Temp_Files_On_Exit"="yes" "Enable_Disk_Cache"="yes" "DoNotTrack"=dword:00000001 "Check_Associations"="yes" "FrameAuto"=dword:00000001 "IEWatsonEnabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds] "406"=dword:00000200 "405"=dword:00000100 "501"=dword:00000200 "404"=dword:00000200 "500"=dword:00000200 "403"=dword:00000100 "409"=dword:00000200 "505"=dword:00000200 "408"=dword:00000200 "400"=dword:00000200 "410"=dword:00000100
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL] "WindowsAnytimeUpgradeUI.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "PresentationHost.exe"=dword:00000001 "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "prevhost.exe"=dword:00000001 "HelpPane.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "iexplore.exe"=dword:00000001 "*"=dword:00000001 "infopath.exe"=dword:00000000 "explorer.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "prevhost.exe"=dword:00000001 "HelpPane.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "HelpPane.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "HelpPane.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "HelpPane.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "prevhost.exe"=dword:00001f40 "HelpPane.exe"=dword:00002710 "Skype.exe"=dword:00002711 "sllauncher.exe"=dword:00001f40 "BackgroundHost64.exe"=dword:00002328
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_Cross_Domain_Redirect_Mitigation] "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING] "*"=dword:00000000 "iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"=dword:00000001 "iexplore.exe"=dword:00000001 "SAPLOGON.exe"=dword:00000000 "SAPLgPad.exe"=dword:00000000 "explorer.exe"=dword:00000001 "SAPGuiIT.exe"=dword:00000000 "wmplayer.exe"=dword:00000001 "SAPfewgsrv.exe"=dword:00000000 "Scale_for_R3.exe"=dword:00000000 "SAPGUI.exe"=dword:00000000 "clview.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "iexplore.exe"=dword:00000001 "ieuser.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "HelpPane.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] "HelpPane.exe"=dword:000186a0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "helppane.exe"=dword:00000001 "devenv.exe"=dword:00000001 "dexplore.exe"=dword:00000001 "PresentationHost.exe"=dword:00000000 "sllauncher.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "prevhost.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES] "sidebar.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "HelpPane.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] @="" "msiexec.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "wm.exe"=dword:00000001 "cs.exe"=dword:00000001 "waol.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "prevhost.exe"=dword:00000001 "HelpPane.exe"=dword:00000001 "iexplore.exe"=dword:00000001 "explorer.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 "clview.exe"=dword:00000001 "Groove.exe"=dword:00000001 "OUTLOOK.EXE"=dword:00000001 "sllauncher.exe"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"=dword:00000004 "Skype.exe"=dword:00000006 "sllauncher.exe"=dword:00000006
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"=dword:00000002 "Skype.exe"=dword:00000006 "sllauncher.exe"=dword:00000006
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "prevhost.exe"=dword:00000001 "HelpPane.exe"=dword:00000001 "iexplore.exe"=dword:00000001 "explorer.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "iexplore.exe"=dword:00000001 "explorer.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "sidebar.exe"=dword:00000001 "outlook.exe"=dword:00000001 "mshta.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "iexplore.exe"=dword:00000001 "explorer.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "ehExtHost.exe"=dword:00000000 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "iexplore.exe"=dword:00000000 "explorer.exe"=dword:00000000 "wmplayer.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "prevhost.exe"=dword:00000001 "HelpPane.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "prevhost.exe"=dword:00000001 "HelpPane.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "prevhost.exe"=dword:00000001 "winmail.exe"=dword:00000001 "msimn.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "PresentationHost.exe"=dword:00000001 "sllauncher.exe"=dword:00000001 "WindowsLiveWriter.exe"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "prevhost.exe"=dword:00000001 "HelpPane.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "HelpPane.exe"=dword:00000001 "iexplore.exe"=dword:00000001 "explorer.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION] "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "prevhost.exe"=dword:00000000 "HelpPane.exe"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "PresentationHost.exe"=dword:00000001 "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "winmail.exe"=dword:00000001 "msimn.exe"=dword:00000001 "outlook.exe"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "HelpPane.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "infopath.exe"=dword:00000001 "winword.exe"=dword:00000001 "excel.exe"=dword:00000001 "powerpnt.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "prevhost.exe"=dword:00000001 "HelpPane.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "HelpPane.exe"=dword:00000001 "sllauncher.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"=dword:00000001 "BackgroundHost64.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "iexplore.exe"=dword:00000001 "explorer.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "iexplore.exe"=dword:00000001 "explorer.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "clview.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "prevhost.exe"=dword:00000001 "iexplore.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "prevhost.exe"=dword:00000001 "iexplore.exe"=dword:00000001 "explorer.exe"=dword:00000001 "wmplayer.exe"=dword:00000001 "PresentationHost.exe"=dword:00000001 "clview.exe"=dword:00000001 "ehExtHost.exe"=dword:00000001 "GROOVE.EXE"=dword:00000001 "OUTLOOK.EXE"=dword:00000001 "wlmail.exe"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate] "1"="www.%s.com" "3"="www.%s.net" "2"="www.%s.org" "4"="www.%s.edu"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "AlwaysShowMenus"=dword:00000000 "Anchor Underline"="yes" "Cache_Update_Frequency"="Once_Per_Session" "Disable Script Debugger"="yes" "DisableScriptDebuggerIE"="yes" "Display Inline Images"="yes" "Do404Search"=hex:01,00,00,00 "DownloadWindowPlacement"=hex:2c,00,00,00,00,00,00,00,00,00,00,00,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,d7,01,00,00,ac,00,00,00,f7,04,00,00,04,\ 03,00,00 "Enable Browser Extensions"="yes" "FormSuggest PW Ask"="yes" "IconCache"="1v2583z" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "NotifyDownloadComplete"="yes" "NoUpdateCheck"=dword:00000001 "Play_Animations"="yes" "Play_Background_Sounds"="yes" "Save_Session_History_On_Exit"="no" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchMigrated"=dword:00000000 "Show_FullURL"="no" "Show_StatusBar"="yes" "Show_ToolBar"="yes" "Show_URLinStatusBar"="yes" "Show_URLToolBar"="yes" "StatusBarWeb"=dword:00000001 "Use_DlgBox_Colors"="yes" "XMLHTTP"=dword:00000001 "SearchDefaultBranded"=dword:00000001 "IE10RunOncePerInstallCompleted"=dword:00000001 "IE10RunOnceCompletionTime"=hex:da,41,de,46,21,d0,d0,01 "ImageStoreRandomFolder"="enkow9h" "ApplicationTileImmersiveActivation"=dword:00000001 "AssociationActivationMode"=dword:00000000 "Isolation64Bit"=dword:00000000 "FormSuggest Passwords"="yes" "Search Bar"="Preserve" "ScriptDebugger_EnableHiddenTabs"=dword:00000000 "ForceGDIPlus"=dword:00000000 "ShutdownWaitForOnUnload"=dword:00000000 "DNSPreresolution"=dword:00000008 "SpellChecking"=dword:00000001 "LangToolsBroker"="{5bbd58bb-993e-4c17-8af6-3af8e908fca8}" "DisablePasswordReveal"=dword:00000000 "Check_Associations"="yes" "DisableRequiresActiveXPrompt"="" "GotoIntranetSiteForSingleWordEntry"=dword:00000000 "AutoSearch"=dword:00000001 "SuppressScriptDebuggerDialog"=dword:00000000 "PredictedViewExpansion"=dword:00000064 "PredictedViewChangeThreshold"=dword:0000000a "PredictedViewChangeThresholdPaint"=dword:0000000a "ContentLayerCacheExpansion"=dword:0000012c "RenderingLoopMaxTime"=dword:000000fa "NscSingleExpand"=dword:00000000 "Error Dlg Displayed On Every Error"="no" "Friendly http errors"="yes" "CSS_Compat"="doctype" "Expand Alt Text"="no" "Display Inline Videos"=dword:00000001 "Print_Background"="no" "Use Stylesheets"=dword:00000001 "SmoothScroll"=dword:00000001 "Show image placeholders"=dword:00000000 "Disable Diagnostics Mode"="no" "Move System Caret"="no" "Enable AutoImageResize"="yes" "UseThemes"=dword:00000001 "UseHR"=dword:00000000 "Q300829"=dword:00000000 "Cleanup HTCs"=dword:00000000 "XDomainRequest"=dword:00000001 "DOMStorage"=dword:00000001 "EnableAlternativeCodec"="yes" "JScriptProfileCacheEventDelay"=dword:00001388 "CrossfadeMinTimeoutInMS"=dword:00007530 "CrossfadeMaxTimeoutInMS"=dword:00007530 "CrossfadeCurrentTimeoutInMS"=dword:00007530 "ScrollTimeoutInMS"=dword:00001770 "IE10RunOnceLastShown"=dword:00000000 "IE10TourNoShow"=dword:00000000 "IE10TourShown"=dword:00000000 "IE10RecommendedSettingsNo"=dword:00000000 "FrameTabWindow"=dword:00000001 "AdminTabProcs"=dword:00000001 "SessionMerging"=dword:00000001 "FrameMerging"=dword:00000001 "HangRecovery"=dword:00000001 "DesktopTransparentCoverWindowTime"=dword:00000008 "TSEnable"=dword:00000001 "IsolationImmersive"="PMEM" "TabShutdownDelay"=dword:0000ea60 "FrameShutdownDelay"=dword:00000000 "MinIEEnabled"=dword:00000001 "RefcountTracker"=dword:00000000 "TabDragOnSingleProc"=dword:00000000 "ForceBFCacheCandidacyPass"=dword:00000000 "Fasterback"=dword:00000001 "BackForwardInstrumentation"=dword:00000000 "DoNotTrack"=dword:00000001 "OperationalData"=hex(b):0d,00,00,00,00,00,00,00 "FullScreen"="no" "Start Page"="http://www.google.co.nz/" "LastFavoritesScope"="" "CompatibilityFlags"=dword:00000000 "Window_Placement"=hex:2c,00,00,00,00,00,00,00,01,00,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,2a,00,00,00,2a,00,00,00,06,06,00,00,76,03,00,\ 00 "Use FormSuggest"="no"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\DataProviders] "CID"="1790EAD4FD8F4441A4549383E86FC12C"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\EnterpriseMode]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "Smartbar.exe"=dword:0000270f
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_MODE] "iexplore.exe"=dword:00000008
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "iexplore.exe"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\Settings] "LOCALMACHINE_CD_UNLOCK"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "iexplore.exe"=dword:00000008
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "iexplore.exe"=dword:00000004
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FormatDetection] "PhoneNumberEnabled"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Touch] "FlickEducatorInfo"=dword:00000000 "GestureZoomMinimumIncrement"=dword:00000001 "GestureTimerInterval"=dword:0000000f
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\WindowsSearch] "Cleared"=dword:00000001 "Cleared_TIMESTAMP"=hex:bc,4d,f0,4e,20,d0,d0,01 "ConfiguredScopes"=dword:00000005 "LastCrawl"=hex:15,51,69,38,1d,d0,d0,01 "UpgradeTime"=hex:fa,45,ac,ca,b5,d1,d0,01 "User Favorites Path"="file:///C:\\Users\\Christina\\Favorites\\" "Version"="6.3.9600.17787" "AutoCompleteGroups"=dword:00000005 "Disabled"=dword:00000000 "EnabledScopes"=dword:00000005
|
|
dbrisen
Malware Removalists
Posts: 3,688
|
Post by dbrisen on Aug 10, 2015 18:12:08 GMT -8
Download the attached file and save it to your desktop. Double click on it and then accept the prompt to allow the merge into the Registry. Once this is done, reboot your machine and see if the error still exists. Attachments:RegFix.reg (245 B)
|
|