reply to LoPhatPhuud A question - I would like to uninstall & then reinstall Firefox. Should i do this or do you think I'm better off not using Firefox at all any more? When I go to Tools/options it is still showing apype as default browser although Malwarebytes is blocking it.
[*]Then click the Run Fix button at the top [*]Let the program run unhindered, reboot the PC when it is done [*]Once you see a message box "Fix complete! Click OK to open the fix log." [*]Click the OK button [*]The log will open in Notepad (your default text editor). {*]Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
reply to Carcassonne First: Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.
Second: Time for a reality check.
What problem(s), if any, are still unresolved? -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
So sorry - I posted the report but I don't think it took because it was too long. I now attach it. Everything A OK now except I still have the apype problem although it is being stopped by Malwarebytes
OTL logfile created on: 30/11/2012 17:22:17 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\annas\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 61.23% Memory free 7.81 Gb Paging File | 7.29 Gb Available in Paging File | 93.37% Paging File free Paging file location(s): C:\pagefile.sys 3057 3057D:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.82 Gb Total Space | 27.58 Gb Free Space | 39.51% Space Free | Partition Type: NTFS Drive D: | 68.36 Gb Total Space | 61.50 Gb Free Space | 89.97% Space Free | Partition Type: NTFS Drive E: | 195.31 Gb Total Space | 50.71 Gb Free Space | 25.96% Space Free | Partition Type: NTFS Drive F: | 202.09 Gb Total Space | 25.55 Gb Free Space | 12.64% Space Free | Partition Type: NTFS Drive G: | 10.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: DELL | User Name: annas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
reply to Carcassonne First: Use Add/Remove Programs to uninstal all UniBlue Products. From the logs I see these: Uniblue SpeedUpMyPC Uniblue RegistryBooster Uniblue DiskRescue 2009 Uniblue DriverScanner 2009
The first two are valueless and may cause more problems than they fix. The other twto are guilt by association
Second: THe following should remove apype from FIrefox.
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:
:OTL FF - prefs.js..browser.startup.homepage: "http://apype.com" FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..keyword.URL: "http://apype.com/results.php?q=" FF - user.js - File not found
[*]Then click the Run Fix button at the top [*]Let the program run unhindered, reboot the PC when it is done [*]Once you see a message box "Fix complete! Click OK to open the fix log." [*]Click the OK button [*]The log will open in Notepad (your default text editor). {*]Save the log. Post a copy of that log in your next reply.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Third: To double check for apype, run Microsoft Safety Scanner. Here is a link to a Microsoft Answers thread on removing apype.com. Use Method 2.
Okay - I've removed all Uniblue programs. I ran OTL as described & here the log is attached. I ran Microsoft Safety Scanner and it found nothing. I launched Mozilla & I got -search.starburnsoftware.com! I went to tools & apype was still showing as my homepage - I reset it to my Google homepage. I relaunched Mozilla and.......I got my Google Homepage! However if I open a new tab the search bar says, "Go to a Website" and there is a blank page with a search bar and Starburn Search written on it the it goes to search.starburnsoftware.com I have installed Bit defender & it is saying that ,"this page is safe"
OTL by OldTimer - Version 3.2.69.0 log created on 12052012_124656
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot... -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
[*]Double click on ComboFix.exe & follow the prompts.
[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
-- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
reply to LoPhatPhuud Having problems posting my replies here - once more with feeling. Attached is the report from the Combofix scan. starburnsearch is still trying to open but is being blocked on Int. Explorer. Unfortunately after the machine had restarted after the scan Bitdefender opened up and i could not stop it without interfering with Combofix finishing - i don't know if that had any effect? Thans for your continuing patience - it is appreciated.
reply to Carcassonne Still no siogn of Starburn, arrgh!
Out of curiosity, is there an entry in Add/Remove Programs for 'Starburn'?
I want to cross check a few entries in the Combofix log. Please run OTL again, and post the new log in this thread.
In the meantime, I am going to do some more research on Starburn and how to remove it. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
No nothing in "Add/remove programs. What I am also getting which is new is that Word is falling over if I try to print anything +printer not working. I got this message just now when |I tried to print, AppName: winword.exe AppVer: 9.0.0.3822 ModName: kernel32.dll ModVer: 5.1.2600.5781 Offset: 0000a308 Also this morning when I booted up but before I signed in, I got the following, "wmi.prvse.exe Application Error. The installation at "0x7c809823" referenced memory at "0x5f4cfff4" The memory could not be written. Click OK to terminate the programme. I'll now run OTL pip pip
OTL logfile created on: 07/12/2012 18:13:26 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\annas\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.66% Memory free 7.81 Gb Paging File | 7.17 Gb Available in Paging File | 91.75% Paging File free Paging file location(s): C:\pagefile.sys 3057 3057D:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 69.82 Gb Total Space | 25.88 Gb Free Space | 37.07% Space Free | Partition Type: NTFS Drive D: | 68.36 Gb Total Space | 61.50 Gb Free Space | 89.96% Space Free | Partition Type: NTFS Drive E: | 195.31 Gb Total Space | 50.64 Gb Free Space | 25.93% Space Free | Partition Type: NTFS Drive F: | 202.09 Gb Total Space | 24.81 Gb Free Space | 12.28% Space Free | Partition Type: NTFS Drive G: | 10.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive H: | 3.66 Gb Total Space | 2.07 Gb Free Space | 56.69% Space Free | Partition Type: FAT32
Computer Name: DELL | User Name: annas | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
·
