I can't open Word or PowerPoint after I got infected

[Legaran]

I got infected two days ago on April 2nd, 2014.
I'm using F-Secure and I got a warning message that I was infected by a virus.
Since then I got pop-ups and annoying links from Remarkit and Freeven, and my start page was hijacked by Webs Serches. But the worst thing was that I was unable to open Word or PowerPoint.

After following the guides on Malware Tips, I have removed the pop-ups, banners and sponsored links, and the start page has been reset in Chrome and Internet Explorer (I haven't installed Firefox on this PC). But I still can't open Word or PowerPoint. I am able to open docx files in WordPad, however.

I don't get any error messages when I try to open a file in Word or PowerPoint, I just get the "busy" mouse cursor for a few seconds, and then nothing happens. I had no problems opening documents in Word or PowerPoint before I got infected.

I really need to be able to use Word on my computer, and I'm grateful for any help I can get.
Thanks.

 

[TwinHeadedEagle]

Hi,


Re-run AdwCleaner, but now make sure to hit Clean button after Scan.

***** NEXT *****​

Please download zoek.zip or zoek.rar by smeenk (

) from here or here and save it to your Desktop.
Unpack the archive...

• Close any open browsers
• Temporarily disable your AntiVirus program. (If necessary)
  If you are unsure how to do this please read this or this Instruction.
  
• Double click on zoek.exe to run the tool .
  Please wait while the tool does not start...
  
• Copy the text present inside the code box below and paste it into the large window in the zoek tool:
  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
  
  

  createsrpoint;
  gpt.ini;z 
  C:\Windows\System32\GroupPolicy;v
  C:\Windows\SysWOW64\GroupPolicy;v 
  StandardSearch; 
  emptyfolderscheck; 
  installer-list; 
  installedprogs; 
  uninstall-list;

• Click on
  
  button.
  Please wait until a logreport will open (this can be after reboot)
  
• Save notepad to your Desktop and attach here zoek-results.log
  Note: It will also create a log in the C:\ directory named "zoek-results.log"

 

[Legaran]

Alright.
Here's the log report.

 

[TwinHeadedEagle]

> Re-run zoek with the script below and attach here fresh zoek log results.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

C:\Windows\System32\GroupPolicy\GPT.INI;f
C:\Windows\SysWOW64\GroupPolicy\gpt.ini;f
C:\Windows\System32\GroupPolicy\Machine;fs
C:\Windows\System32\GroupPolicy\User;fs
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"="";r
C:\\PROGRA~2\\SupTab;fs
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
"AppInit_DLLs"="";r64
autoclean;
emptyalltemp;
emptyclsid;
ipconfig /flushdns;b

 

[Legaran]

Thanks
Here's the fresh results.

 

[TwinHeadedEagle]

Ok, let's make another scan. Tell me by the way, how is the situation now?




Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

[Legaran]

Hi. I'm still unable to open Word and PowerPoint.

I was a bit quick and came to divert a bit from your instructions:
I downloaded Farbar (64 bit) and ran it first time directly from my downloads folder (not my desktop). My F-Secure antivirus blocked the program, but I gave it permission to continue. It made the logs FRST.txt and Addition.txt in the downloads folder. I was unsure if the location or the interference of F-Secure had done anything to the Scan, so I disabled F-Secure's safety functions, and moved the program and both log files to the desktop to perform a new scan. When I performed the new scan, it overwrote the first FRST.txt file. That means that the attached Addition.txt is from the first scan, and the FRST.txt is from the second scan.

 

[TwinHeadedEagle]

Your PC seems clean, no malware. Are Word and Powerpoint only apps that you cannot open? Can you make a ScreenShot how it looks like.

Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

Open FRST, and click Fix. Attach me that report after it is finished.