I have my niece’s laptop. It stopped working for her this week and she gave it to me to check it out. When booting up in normal mode, all programs fail to load properly. On login there is an error on ie4uinit.exe. Most programs fail to open from explorer. Things work OK when you boot to safe mode with networking. We tried a system restore, same problem. Ran a full scan of Malware Bytes and it found some MyWebSearch items. Cleaned that but it didn’t impact the problem. Ran a full online ESET virus scan and nothing was found. Not sure what to try next? I’ve read that ie4uinit.exe is a windows file but it can also be a virus in disguise.

Any ideas?

upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners

alternative: jotti.org / metascan-online.com

follw this guide and attach the logs… not copy and paste. http://forum.avast.com/index.php?topic=53253.0

Adwcleaner
Malwarebytes
OTL
aswMBR

a removal specialist will then check you logs latervtoday

OTL results.

aswmbr results

Thanks in advance for the help. All programs were run in safe mode as the laptop is only stable in safe mode. I’m not sure if Adwcleaner was able to do everything it needed to do as I ran it in safe mode then rebooted to safe mode. I’m guessing it needed to do something on reboot that safe mode might have prevented. Malwarebytes came up clean as it had previously removed some traces of MyWebSearch.

Ie4uinit is part of internet explorer… Looking at the logs now

Do you have a windows CD ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002YYus&ptb=A3E29947-E523-41D4-8CC8-FF86089E6DBD&psa=&ind=2011101220&ptnrS=XPxdm002YYus&si=CO-f_MCx5KsCFcwEQAodr2pqHA&st=sb&n=77def824&searchfor={searchTerms}
IE - HKU\S-1-5-21-2756630403-3542732566-2569881171-1000\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm002YYus&ptb=A3E29947-E523-41D4-8CC8-FF86089E6DBD&psa=&ind=2011101220&ptnrS=XPxdm002YYus&si=CO-f_MCx5KsCFcwEQAodr2pqHA&st=sb&n=77def824&searchfor={searchTerms}
[2012/10/30 17:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar
[2012/10/30 17:04:26 | 000,000,000 | ---D | C] -- C:\Users\SUDS\AppData\Roaming\ShopAtHome

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Yep, I have a Ultimate DVD. I think the laptop has Home Premium x64 installed. I’ll give this a try.

OK as you have the DVD (you may not need it)

Download Windows Repair (all in one) from this site

Install the programme then run

https://dl.dropbox.com/u/73555776/waio%20start.JPG

Go to step 3 and allow it to run SFC

https://dl.dropbox.com/u/73555776/waio%20step3.JPG

On the start repairs tab click start

https://dl.dropbox.com/u/73555776/waiostart%20rep.JPG

Select the following items and tick restart system when finished

https://dl.dropbox.com/u/73555776/waio%20rep%20list.JPG

Ran the OTL fix. Seems to have things going in the right direction. On reboot, the system installed 14 Windows updates. Now in regular bootup mode the errors do not appear but it loads a temporary profile in instead of the actual user profile. On the next OTL scan, do I add this to the custom scan and run for all users like the initial scan?

netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

Yes, but run the windows repair programme first to cure a few more ills

Here’s the log file for windows repair. Will run OTL now.

New OTL scan. Still running all these from safe mode.

Could you now go back to normal mode and let me know all the errors that you get

No errors on login now. However on the profile that was on the laptop it still creates a temporary profile when you log in. I set up a new profile and that seems to work normally. I saved a document on the desktop, rebooted and logged in with that profile and the doc was there. Programs don’t seem to want to launch unless I run them as administrator. I’m assuming the fix we ran earlier locked things down for troubleshooting purposes?

When you created the new profile was it as an administrator or just as a user ?

The other profile is probably corrupted hence the temporary profile

I did set up the new profile as an administrator.

I also got an error when I tried to bring up task manager. It says it’s side by side configuration isn’t correct. Checked the system and application event logs and for the most part they look ok.

Could you check windows updates as that is usually a C++ problem

Windows update doesn’t want to open. When I open it normally, nothing happens. When I run as administrator (either profile in normal or safe mode) I get the page failed to load.

Also noticed with the new profile I’m unable to browse the windows, users and program files folders.