Can't install Internet Explorer

Welcome to Major Geeks!

Why would you ever uninstall IE to begin with? It is an integral part or the OS and is required for accessing thousands of sites including Microsoft. Without IE you cannot even get updates from Microsoft!

I doubt malware is preventing you from installing IE. Where are you trying to install it from?

What malware problems were you having the prompted you to run the READ & RUN ME to begin with?

 

Now I'm a little confuse. If you (or someone else) did not uninstall IE, why does it need to be reinstalled.

Skip the online scans and complete ALL other steps. Then attach the below requested logs from the READ ME:

• CounterSpy - only for Windows XP, 2K, & NT users
• AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

 

Okay! Just attach them to this thread when you finish!

 

Uninstall CounterSpy now since we are finished with it!

You did not attach one of the logs which is very important! Don't attach it right now though. I will ask for it at the end of this procedure.

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to Client IP-IPX
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/pasteClient IP-IPX into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After clicking Fix, exit HJT.

Now run Ccleaner

Now reboot in normal mode

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now locate the below folder and delete it if found:
C:\Program Files\Common Files\{272612F5-01F1-1033-1010-990321000001}


Now attach the below new logs and tell me how the above steps went.

1. ShowNew
2. HJT

We have more work to do which will require a special procedure. I wanted to get the above finished first.

 

After you complete the instructions in message # 9, continue on with the below!



Please download and install Registrar Lite Make sure you select a Majorgeeks download link and not the Authors!

Run Registrar Lite navigate to each of the following keys (one at a time) and take ownership of them (I explained how to do that further down).

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NETWORK_MONITOR
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_NETWORK_MONITOR
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR

To take ownership of the key do the following:

• Copy & Paste the registry key from above into the Address bar of Registrar Lite and hit the enter key. This will bring you to the registry key.
• Click-on Security in the top Menu
• Select Take Ownership
• Repeat these steps for all of the registry keys given above before continue to the next steps below.
• Now leave RegistrarLite running and continue
• Now run the fixME.reg REGISTRY PATCH below in this message.
• Tell me the results. Any error messages?
• Now in RegistrarLite click View and then Refresh
• Now navigate one at a time to each of the above keys we took ownership of to make sure they were deleted.
• If any of the keys still exist, move on down to PART 2 - Setting Permissions for Everyone below!.

Here is the Registry Patch

Now Copy the bold text below to notepad. Save it as fixNM.reg to your desktop. Be sure the Save as type is set to all files Once you have saved it double click it and allow it to merge with the registry.

PART 2 - Setting Permissions for Everyone
Run the below if some of the registry keys still exist after running the above steps.

Now I want you to use Registar Lite again to navigate to each of the below keys (one at a time) by pasting them into the Address Bar and hitting return. But this time click the Security menu item and select Edit Permissions so we can change permissions to everyone ( I describe this down below the list of registry keys).

After click Edit Permissions , here is what I expect you to see in the Group or user names area of the form:

Everyone
SYSTEM

Select Everyone by clicking on it. Now at the bottom in the Permissions box click the check box for Full Control. The click Apply and then OK to get back to the main Registrar Lite screen. Nowright click on the registry key and select Delete. The click View and Refresh. Check to see if the registry key just deleted truly deleted. If so, move on to the next to work thru the whole list. If it does not delete, I want you to boot into safe mode and repeat these exact same steps to see if we can do it from safe mode.

Then reboot your PC!

Now run GetRunKey again and attach a new log!

 

Re: Reply to Message #10

You did not follow my instructions properly. The first instruction in message # 9 was to uninstall CounterSpy and you did not do this. Please do this now. Also I have a feeling that Assassin G13 is getting in the way of our fixes. That Client IP-IPX service is still showing in HJT and the O6 lines from your HJT log I asked you to fix are still there too. So after uninstalling CounterSpy also uninstall or at least stop Assassin G13 from loading while we fix your problems.

After doing the above, run the fix for the Client IP-IPX service again!

Now let's repeat more fixes that did not work.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Also if you see the below line, fix it too:
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)

After clicking Fix checked, exit HJT.

Now run Ccleaner

Now reboot in normal mode


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

Re: Reply to Message #10

Did you install WinVNC yourself? And have you been using it today to access this PC???

Also note that you did not uninstall Viewpoint Media Player as requested in step 0 of the READ ME!

You have a bunch more nasty problems to remove!!!! After I get the next logs, we will continue.

 

Re: Vnc

How could you not know what you are using to access hospital systems remotely? Yes this is what you could be using. You should double check to see what it is that you run when you connect to those systems.

 

Does the below folder exist:
C:\Program Files\Assassin G13

Did you install this program?

That's because they are all gone now. Perhaps last time your HJT log was an old log or was obtained out of order. You may have saved the log before fixing. You must fix first and then run a new scan.

 

Okay then fix the line related to it in HijackThis.

Remember in message # 14 I said there was more to do!!

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT

Make sure you tell me how things are working now!

 

To help keep you moving along while I may not be around, after you complete the steps in message # 20, continue on with the below steps.



Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Now download FileASSASSIN and save to your desktop

Create a new folder on C:\ called FileASSASSIN and extract (unzip) it to that folder.

• Now print the below instructions because you need to reboot into safe mode and keep all browsers and other unnecessary applications closed before doing the below.
• Once in safe mode, open the C:\FileASSASSIN folder and double-click on FileASSASSIN.exe.
• Select the following file to delete by copy and pasting it onto the text area or select it using the (...) browse button.

C:\Program Files\Common Files\uuqk
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\ms03806645656.exe
C:\WINDOWS\system32\setup9x.exe
C:\WINDOWS\system32\app.exe
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\system32\winticomsv32.exe
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
​

• Select a removal method. Start with "Attempt FileASSASSIN's method of file removal."
• Click delete and the removal process will begin.
• If that did not work then, start FileASSASSIN again and this time check "Use delete on reboot function from windows.".

After doing the above, reboot into normal mode and attach new logs from the below:

1. GetRunKey
2. ShowNew
3. HJT

How are things working?

 

Re: Reply to Message #20 & #21

You still have some infection and ComboFix is the easiest way to removed them. Manual steps can be tricky. Please shut down all protections software (Norton/Symantec and anything else running) and the try running ComboFix again. If it does not run in normal boot mode, see if it will run in safe mode.

If you do get it to run thru to completion, attach the ComboFix log and a new log from ShowNew.

 

The directions for ComboFix indicated

Are you sure you are not clicking the mouse after running it? You are the only user I have ever seen thus far (in many hundreds of users) that cannot get this to run.

Attach this file here:
C:\Documents and Settings\bassett\Desktop\ComboFixError.txt

 

Please delete the below folders? Note that the Questionmarks represent unprintable characters that were found during the scans, but they may appear to you as normal characters when you locate them using Windows Explorer. I will add comments in RED next to each item. Note the date of the folders which will help you to locate them:

Code:

"C:\Documents and Settings\bassett\My Documents\"
STEM~1        Apr 18 2007              "??stem"  [B][COLOR=red]<-- may look like system[/COLOR][/B]
 
"C:\Program Files\"
SSTEM3~1      Apr 11 2007              "s?stem32"  [B][COLOR=red]<-- may look like system32[/COLOR][/B]
 
"C:\Program Files\Common Files\"
YMBOLS~1      Apr 14 2007              "?ymbols"   [B][COLOR=red]<-- may look like symbols[/COLOR][/B]

 

Possibly but I'm not sure.

Just run the manual steps I gave in my last message. Be sure to observe the dates of the folders as mentioned and delete only the folders matching those dates.

This should manually complete the removal of PurityScan which is what I wanted to use ComboFix for anyway. Then attach a new ShowNew log.


Are you having any malware problems at this time?

 

Your log is clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you run Avenger, you can delete all files related to Avenger now.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
8. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
9. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

 

You're welcome. Surf safely!