Retrieving my Registry entries

I have been using the computer for about 7 years but I do not know a thing about the technical side of the software or hardware, or even the jargon used for them. I had inadvertantly got my computer infested with malware and one very useful article I found advised use of freewares - Spybot S&D (SS&D), AVG Anti-Spyware and AVG Anti-Virus. SS&D threw up some registry entries asking me to decline or allow them. Out of sheer ignorance, I assumed SS&D was pointing out some errors in my Registry and I readily allowed them - and, to make the things worse, I did not place a tick in the box for remembering the decision. I do not know what harm have I caused to the Regisrty but so far only one thing has come to fore: When I click Tools on my Intenet Explorer 7.0, practically every thing works but 'Internet Options', when clicked, only seems to flash for a fraction of a moment and vanishes. I cannot use it except via the Control Panel. What can I do to reverse whatever I did without keeping a record of the decisions?
I have Windows XP Media Center Edition, which advises me to use Command Prompt. This in turn requires the Windows Installer (Prefetch). I have downloaded it from Windows Update but Windows cannot open it.
Sorry for being lengthy.

you can use system restore to go back a day or two before this problem arose. Click start-all programs-accessories-system tools-system restore. Choose a date at least 1 day before this incident. This process does not cause you to lose recent work, such as game saves or documents, etc.
Also, Please read this information about TeaTimer:
http://www.safer-networking.org/en/faq/33.html

and

http://www.spybot.info/en/faq/index.html

http://www.safer-networking.org/en/faq/34.html

If you surf the web and without any user interaction the teatimer pops up and warns about a registry change, it is better to "deny", but if you install something or make a computer system change by yourself, it is OK to "allow" and remember the change.



Thanks! :)

Be careful about restoring to a day or two before the problem happened if you were infected at that time,though.

Were your malware problems cleared up,or do you feel you may still be infected?

Grateful for the prompt reply .
1. It is obvious -and very much regretted - that I was not elaborate enough in stating my problem. The factual situation is that I downloaded Spybot S&D (SS&D) on 21 February 2008. The other software (Rogue Remover and AVG Anti- Spyware) were also downloaded at about the same time. Prior to that, I was using the paid version of Trend Mico PC-cillin and switched over to the freeware on expiry of the 15-month contract.
2. The article I referred to, mentioned that in the worst-case scenario I might have to go file by file and remove the parasite(s) embedded therein. However, I was lucky, and the various parasites were eliminated just as I installed, updated and used the above programs for first scan. One exception has been the Black & White item “HKEY_LOCAL_MACHINE\Software\Microsoft\Current Version\Run\Flashy Bot=”, which is apparently resident in a flash memory stick. Every time I use it, both SS&D and AVG remove it but somehow it does not get removed from the flash memory itself. I guess, these utilities only remove it from the affected files on my computer when I read the flash memory but do not make any change on the flash memory itself. The other exception has been the virus Win32/Virut, which is sent to the virus vault by AVG on almost every run but keeps re-appearing under modified names in different files.
3. The mistakes that I made in allowing changes in the registry without ensuring that the decisions would be remembered were only in the first day or two of use of SS&D before I got a hang of the program (Not that I am much wiser now, but definitely more careful!). Later, I became wary of allowing any change as advised by 129260, and, in any case, not doing anything without leaving a record of the decision made.
4. It did occur to me to use System Restore after a few days of unsuccessfully trying to retrieve the lost registry items. However, when I did that, all the malwares that had been deleted came back as mentioned by Zenobia – and I also lost a few programs that I had downloaded/installed in the meantime. Today, I took the risk once again and tried to restore the system from a date prior to 21 February but the system won't do it. I guess, it can do that only for a limited period in the past.
5. My questions are:
a) How can I remove a parasite from a removable memory?
b) Windows XP allows repair/rewriting of registry entries via Command Prompt, which requires the Windows Installer. Since my Windows is factory loaded and thus I do not have the CD(s), I have downloaded this Installer from Windows Update but Windows cannot open it. I was directed to a site which downloaded RegCure, which I feel I am not competent to use. What are my options?
c) One option is to reinstall the system from a link provided in the computer but this will restore the computer to the state in which it was shipped. I will lose all programs installed and work done since then.
Once again in an effort to explain the problem in detail, I have got very lengthy. I am sorry for that.
amirali1928

[QUOTE=amirali1928;175128]Grateful for the prompt reply .
1. It is obvious -and very much regretted - that I was not elaborate enough in stating my problem. The factual situation is that I downloaded Spybot S&D (SS&D) on 21 February 2008. The other software (Rogue Remover and AVG Anti- Spyware) were also downloaded at about the same time. Prior to that, I was using the paid version of Trend Mico PC-cillin and switched over to the freeware on expiry of the 15-month contract.
2. The article I referred to, mentioned that in the worst-case scenario I might have to go file by file and remove the parasite(s) embedded therein. However, I was lucky, and the various parasites were eliminated just as I installed, updated and used the above programs for first scan. One exception has been the Black & White item “HKEY_LOCAL_MACHINE\Software\Microsoft\Current Version\Run\Flashy Bot=”, which is apparently resident in a flash memory stick. Every time I use it, both SS&D and AVG remove it but somehow it does not get removed from the flash memory itself. I guess, these utilities only remove it from the affected files on my computer when I read the flash memory but do not make any change on the flash memory itself. The other exception has been the virus Win32/Virut, which is sent to the virus vault by AVG on almost every run but keeps re-appearing under modified names in different files.
3. The mistakes that I made in allowing changes in the registry without ensuring that the decisions would be remembered were only in the first day or two of use of SS&D before I got a hang of the program (Not that I am much wiser now, but definitely more careful!). Later, I became wary of allowing any change as advised by 129260, and, in any case, not doing anything without leaving a record of the decision made.
4. It did occur to me to use System Restore after a few days of unsuccessfully trying to retrieve the lost registry items. However, when I did that, all the malwares that had been deleted came back as mentioned by Zenobia – and I also lost a few programs that I had downloaded/installed in the meantime. Today, I took the risk once again and tried to restore the system from a date prior to 21 February but the system won't do it. I guess, it can do that only for a limited period in the past.
5. My questions are:
a) How can I remove a parasite from a removable memory?
b) Windows XP allows repair/rewriting of registry entries via Command Prompt, which requires the Windows Installer. Since my Windows is factory loaded and thus I do not have the CD(s), I have downloaded this Installer from Windows Update but Windows cannot open it. I was directed to a site which downloaded RegCure, which I feel I am not competent to use. What are my options?
c) One option is to reinstall the system from a link provided in the computer but this will restore the computer to the state in which it was shipped. I will lose all programs installed and work done since then.
Once again in an effort to explain the problem in detail, I have got very lengthy. I am sorry for that.
amirali1928[UNQUOTE]

I would seek help from the malware removal forum. And btw, being lengthy is good on forums, the more information=the more help. Thanks! :) This sounds like a problem that a security expert should look at.

Before you post in the malware removal forum read this:

http://forums.spybot.info/showthread.php?t=288

Here is the link to the malware removal forum:

http://forums.spybot.info/forumdisplay.php?f=22

I am indeed grateful for the advice that I kept receiving from different members from time to time. From the few but unknown number of unremembered decisions that I made in the first day or two after downloading SS&D, I had been facing three problems so far - 1) The 'Internet Options' in the drop-down menu of Tools had stopped working, 2) Internet Explorer had stopped responding to clicks on the links in the mail received by me in the Outlook Express, and even when I wanted Windows Live Messenger not to start every time I started the Windows, it kept coming up.

One of them - about Windows Live Messenger - was resolved by allowing a change that was once again thrown up by SS&D. Also, one Trojan Horse was removed by SS&D and also by AVG Anti- Spyware. Here, the problem was solved after, I think, three scans by both programs on three successive days. This, alongwith reinstalling Internet Explorer 7.0, has not only helped in making the 'Internet Options' functional but it also now responds to clicks on the links in the mail or web pages.

I hope no further problem arises from the unremembered decisions but in case one does arise, I know where to come - most likely to Malware Removal Forum, as advised.

Thanks once again.

anytime. I would post in the malware removal forum as soon as possible.