Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 35

Thread: No access to Internet Options, connectivity problem, and other problems

  1. #21
    Member
    Join Date
    Nov 2008
    Location
    U.S.
    Posts
    40

    Default

    Hi, again! Thanks for the new instructions. I hope these huge reports are not as endless to dredge through as they look

    Quote Originally Posted by Scolabar View Post
    Don't be fooled. [ComboFix] is a powerful tool that can do some serious damage to a computer system in the hands of someone other than a trained expert.
    Don't worry - I won't be using it without expert direction! With luck, not at all, in future :D

    1. Did you have any problems carrying out the instructions?

    Well, it was *exciting* :D

    A couple of unexpected things happened.

    As soon as I dropped CFScript.txt into ComboFix, ComboFix asked to update. Despite the warning not to touch anything after it started running, I had to give it an answer. I hope I was right to say, Yes. It updated, then brought up the agreement screen, and appeared to run as it did previously, except that it rebooted after.

    OTL complete...but not for a long time. OTL ran the fix quickly, then said, "Processing complete!" I was very pleased about that, until it sat there with that message on the screen, nothing but OTL and the wallpaper, and nothing else happened. I let it sit like that for almost 2 hours, with no idea whether it was going to do anything else or was just stuck. I agonized all that time, whether I'd have to turn the computer off to get back in, before it finally displayed the box where you click OK, and eventually asked to reboot. Thank Heavens!

    I notice you already have ERUNT installed on your system. Let's use this tool to make a backup of the Registry before we proceed.
    (I installed ERUNT before running DDS logs, per Tashi's "Before you post" instructions: http://forums.spybot.info/showpost.p...50&postcount=2

    After OTL ran and rebooted, upon startup, OnlineArmor firewall blocked ERUNT's AUTOBACK.EXE trying to run. When, if ever, should I allow this program to run?

    Just to note, in case others encounter it, Avira re-enables itself, upon reboot. Disabling antivirus, antimalware, and firewall, every time I disable OnlineArmor, it needs to reboot, so I have to remember to disable Avira *after*.

    Also, a little anomaly: Each time ComboFix runs, it deselects an item in the Restricted Sites of SpywareBlaster, Item Name: AntiMalware Guard, Address: antimalwareguard.com, and disables protection from it. I see online, that some others have noticed it, too.


    2. combofix.txt.

    ComboFix 11-12-15.02 - user 12/15/2011 12:14:56.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1611 [GMT -8:00]
    Running from: c:\documents and settings\user\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\user\Desktop\cfscript.txt
    AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_cerc6
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-15 to 2011-12-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-06 18:56 . 2011-12-06 18:58 -------- d-----w- c:\program files\ERUNT
    2011-12-01 13:38 . 2011-12-05 18:20 -------- d-----w- c:\program files\SpywareBlaster(2)
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-06 00:39 . 2010-05-02 18:06 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-01 19:32 . 2011-11-01 19:31 69792 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-01 19:32 . 2011-11-01 19:31 417952 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2011-10-21 15:30 . 2011-03-10 04:49 516692 ----a-w- c:\windows\vampsUninst.exe
    2011-10-21 15:30 . 2011-03-10 04:49 1903021 ----a-w- c:\windows\vamps.scr
    2011-10-10 14:22 . 2009-08-14 01:37 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-14_20.39.35 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-15 20:28 . 2011-12-15 20:28 16384 c:\windows\temp\Perflib_Perfdata_650.dat
    + 2011-12-15 20:01 . 2011-12-15 20:01 208896 c:\windows\ERDNT\AutoBackup\12-15-2011\Users\00000002\UsrClass.dat
    + 2011-12-15 20:01 . 2005-10-20 20:02 163328 c:\windows\ERDNT\AutoBackup\12-15-2011\ERDNT.EXE
    + 2011-12-15 20:04 . 2011-12-15 20:04 208896 c:\windows\ERDNT\12-15-2011\Users\00000002\UsrClass.dat
    + 2011-12-15 20:04 . 2005-10-20 20:02 163328 c:\windows\ERDNT\12-15-2011\ERDNT.EXE
    + 2011-12-15 20:01 . 2011-12-15 20:01 9789440 c:\windows\ERDNT\AutoBackup\12-15-2011\Users\00000001\ntuser.dat
    + 2011-12-15 20:04 . 2011-12-15 20:04 9789440 c:\windows\ERDNT\12-15-2011\Users\00000001\ntuser.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-03-13 61440]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
    "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
    .
    c:\documents and settings\user\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    .
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/8/2010 7:17 AM 228216]
    R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/8/2010 7:17 AM 24440]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/8/2010 7:17 AM 29560]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/7/2010 11:34 PM 136360]
    R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [4/8/2010 7:17 AM 1284600]
    R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/8/2010 7:17 AM 3364856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe --> c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [10/28/2010 9:41 AM 91841]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.safer-networking.org/en/index.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-15 12:31
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(456)
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(156)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\SearchIndexer.exe
    c:\windows\system32\RunDLL32.exe
    c:\program files\Tall Emu\Online Armor\OAhlp.exe
    .
    **************************************************************************
    .
    Completion time: 2011-12-15 12:36:47 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-12-15 20:36
    ComboFix2.txt 2011-12-14 20:42
    .
    Pre-Run: 125,884,575,744 bytes free
    Post-Run: 125,860,433,920 bytes free
    .
    - - End Of File - - 7C4D9C6086869F88F02B1F6541D66939






    3. OTL.txt.

    All processes killed
    ========== OTL ==========
    Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
    Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
    Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
    Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
    Registry key HKEY_USERS\S-1-5-21-1708537768-839522115-1644491937-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
    ADS C:\Documents and Settings\user\Desktop\avira_antivir_personal_en.exe:SummaryInformation deleted successfully.
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
    C:\WINDOWS\SET3.tmp deleted successfully.
    C:\WINDOWS\SET4.tmp deleted successfully.
    C:\WINDOWS\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET29.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET2A.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET2B.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET2C.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET2D.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET2E.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET2F.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET30.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET31.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET32.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET33.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET35.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET36.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET37.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET38.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET39.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET3A.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET3B.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET3C.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET3D.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET3E.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET3F.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET40.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET41.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET42.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET43.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET44.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET45.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET46.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET47.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET48.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET49.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET4A.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET4B.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET4C.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET4D.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET4E.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET4F.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET50.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET51.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET52.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET53.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET54.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET55.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET56.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET57.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET58.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET59.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET5A.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET5C.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET5D.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET5E.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET5F.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET60.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET61.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET62.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET63.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET64.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET65.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET66.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET67.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET68.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET69.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET6A.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET6B.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET6C.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET6D.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET6E.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET6F.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET70.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET71.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET72.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET73.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET74.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET75.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET76.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET77.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET78.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET79.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET7A.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET7B.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET7C.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET7D.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET7E.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET7F.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET80.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET81.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET83.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET84.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET85.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET86.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET87.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET88.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET89.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET8A.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET8B.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET8C.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET8D.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET8E.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET8F.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET90.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET91.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET92.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET93.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET94.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET95.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET96.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET97.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET98.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET99.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET9A.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET9B.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET9C.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET9D.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET9E.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SET9F.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA0.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA1.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA2.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA3.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA4.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA5.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA6.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA7.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA8.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETA9.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETAA.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETAB.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETAC.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETAD.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETAE.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETAF.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB0.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB1.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB2.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB3.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB4.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB5.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB6.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB7.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB8.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETB9.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETBA.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETBB.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETBC.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETBD.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETBE.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETBF.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETC0.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETC1.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETC2.tmp deleted successfully.
    C:\WINDOWS\System32\dllcache\SETC3.tmp deleted successfully.
    C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
    C:\WINDOWS\System32\SET10.tmp deleted successfully.
    C:\WINDOWS\System32\SET11.tmp deleted successfully.
    C:\WINDOWS\System32\SET12.tmp deleted successfully.
    C:\WINDOWS\System32\SET13.tmp deleted successfully.
    C:\WINDOWS\System32\SET14.tmp deleted successfully.
    C:\WINDOWS\System32\SET15.tmp deleted successfully.
    C:\WINDOWS\System32\SET16.tmp deleted successfully.
    C:\WINDOWS\System32\SET17.tmp deleted successfully.
    C:\WINDOWS\System32\SET18.tmp deleted successfully.
    C:\WINDOWS\System32\SET19.tmp deleted successfully.
    C:\WINDOWS\System32\SET1A.tmp deleted successfully.
    C:\WINDOWS\System32\SET1B.tmp deleted successfully.
    C:\WINDOWS\System32\SET1C.tmp deleted successfully.
    C:\WINDOWS\System32\SET1D.tmp deleted successfully.
    C:\WINDOWS\System32\SET1E.tmp deleted successfully.
    C:\WINDOWS\System32\SET1F.tmp deleted successfully.
    C:\WINDOWS\System32\SET20.tmp deleted successfully.
    C:\WINDOWS\System32\SET21.tmp deleted successfully.
    C:\WINDOWS\System32\SET22.tmp deleted successfully.
    C:\WINDOWS\System32\SET23.tmp deleted successfully.
    C:\WINDOWS\System32\SET24.tmp deleted successfully.
    C:\WINDOWS\System32\SET25.tmp deleted successfully.
    C:\WINDOWS\System32\SET26.tmp deleted successfully.
    C:\WINDOWS\System32\SET27.tmp deleted successfully.
    C:\WINDOWS\System32\SET28.tmp deleted successfully.
    C:\WINDOWS\System32\SET29.tmp deleted successfully.
    C:\WINDOWS\System32\SET2A.tmp deleted successfully.
    C:\WINDOWS\System32\SET2B.tmp deleted successfully.
    C:\WINDOWS\System32\SET2C.tmp deleted successfully.
    C:\WINDOWS\System32\SET2D.tmp deleted successfully.
    C:\WINDOWS\System32\SET2E.tmp deleted successfully.
    C:\WINDOWS\System32\SET2F.tmp deleted successfully.
    C:\WINDOWS\System32\SET30.tmp deleted successfully.
    C:\WINDOWS\System32\SET31.tmp deleted successfully.
    C:\WINDOWS\System32\SET32.tmp deleted successfully.
    C:\WINDOWS\System32\SET33.tmp deleted successfully.
    C:\WINDOWS\System32\SET34.tmp deleted successfully.
    C:\WINDOWS\System32\SET35.tmp deleted successfully.
    C:\WINDOWS\System32\SET36.tmp deleted successfully.
    C:\WINDOWS\System32\SET37.tmp deleted successfully.
    C:\WINDOWS\System32\SET38.tmp deleted successfully.
    C:\WINDOWS\System32\SET39.tmp deleted successfully.
    C:\WINDOWS\System32\SET3A.tmp deleted successfully.
    C:\WINDOWS\System32\SET3B.tmp deleted successfully.
    C:\WINDOWS\System32\SET3C.tmp deleted successfully.
    C:\WINDOWS\System32\SET3D.tmp deleted successfully.
    C:\WINDOWS\System32\SET3E.tmp deleted successfully.
    C:\WINDOWS\System32\SET3F.tmp deleted successfully.
    C:\WINDOWS\System32\SET40.tmp deleted successfully.
    C:\WINDOWS\System32\SET41.tmp deleted successfully.
    C:\WINDOWS\System32\SET42.tmp deleted successfully.
    C:\WINDOWS\System32\SET43.tmp deleted successfully.
    C:\WINDOWS\System32\SET44.tmp deleted successfully.
    C:\WINDOWS\System32\SET45.tmp deleted successfully.
    C:\WINDOWS\System32\SET46.tmp deleted successfully.
    C:\WINDOWS\System32\SET47.tmp deleted successfully.
    C:\WINDOWS\System32\SET48.tmp deleted successfully.
    C:\WINDOWS\System32\SET49.tmp deleted successfully.
    C:\WINDOWS\System32\SET4A.tmp deleted successfully.
    C:\WINDOWS\System32\SET4B.tmp deleted successfully.
    C:\WINDOWS\System32\SET4C.tmp deleted successfully.
    C:\WINDOWS\System32\SET4D.tmp deleted successfully.
    C:\WINDOWS\System32\SET4E.tmp deleted successfully.
    C:\WINDOWS\System32\SET4F.tmp deleted successfully.
    C:\WINDOWS\System32\SET50.tmp deleted successfully.
    C:\WINDOWS\System32\SET51.tmp deleted successfully.
    C:\WINDOWS\System32\SET52.tmp deleted successfully.
    C:\WINDOWS\System32\SET53.tmp deleted successfully.
    C:\WINDOWS\System32\SET54.tmp deleted successfully.
    C:\WINDOWS\System32\SET55.tmp deleted successfully.
    C:\WINDOWS\System32\SET56.tmp deleted successfully.
    C:\WINDOWS\System32\SET57.tmp deleted successfully.
    C:\WINDOWS\System32\SET58.tmp deleted successfully.
    C:\WINDOWS\System32\SET59.tmp deleted successfully.
    C:\WINDOWS\System32\SET5A.tmp deleted successfully.
    C:\WINDOWS\System32\SET5B.tmp deleted successfully.
    C:\WINDOWS\System32\SET5C.tmp deleted successfully.
    C:\WINDOWS\System32\SET5D.tmp deleted successfully.
    C:\WINDOWS\System32\SET5E.tmp deleted successfully.
    C:\WINDOWS\System32\SET5F.tmp deleted successfully.
    C:\WINDOWS\System32\SET60.tmp deleted successfully.
    C:\WINDOWS\System32\SET61.tmp deleted successfully.
    C:\WINDOWS\System32\SET62.tmp deleted successfully.
    C:\WINDOWS\System32\SET63.tmp deleted successfully.
    C:\WINDOWS\System32\SET64.tmp deleted successfully.
    C:\WINDOWS\System32\SET65.tmp deleted successfully.
    C:\WINDOWS\System32\SET66.tmp deleted successfully.
    C:\WINDOWS\System32\SET67.tmp deleted successfully.
    C:\WINDOWS\System32\SET68.tmp deleted successfully.
    C:\WINDOWS\System32\SET69.tmp deleted successfully.
    C:\WINDOWS\System32\SET6A.tmp deleted successfully.
    C:\WINDOWS\System32\SET6B.tmp deleted successfully.
    C:\WINDOWS\System32\SET6C.tmp deleted successfully.
    C:\WINDOWS\System32\SET6F.tmp deleted successfully.
    C:\WINDOWS\System32\SET7.tmp deleted successfully.
    C:\WINDOWS\System32\SET70.tmp deleted successfully.
    C:\WINDOWS\System32\SET71.tmp deleted successfully.
    C:\WINDOWS\System32\SET72.tmp deleted successfully.
    C:\WINDOWS\System32\SET73.tmp deleted successfully.
    C:\WINDOWS\System32\SET74.tmp deleted successfully.
    C:\WINDOWS\System32\SET75.tmp deleted successfully.
    C:\WINDOWS\System32\SET76.tmp deleted successfully.
    C:\WINDOWS\System32\SET77.tmp deleted successfully.
    C:\WINDOWS\System32\SET78.tmp deleted successfully.
    C:\WINDOWS\System32\SET79.tmp deleted successfully.
    C:\WINDOWS\System32\SET7A.tmp deleted successfully.
    C:\WINDOWS\System32\SET7B.tmp deleted successfully.
    C:\WINDOWS\System32\SET7C.tmp deleted successfully.
    C:\WINDOWS\System32\SET7D.tmp deleted successfully.
    C:\WINDOWS\System32\SET7E.tmp deleted successfully.
    C:\WINDOWS\System32\SET7F.tmp deleted successfully.
    C:\WINDOWS\System32\SET8.tmp deleted successfully.
    C:\WINDOWS\System32\SET80.tmp deleted successfully.
    C:\WINDOWS\System32\SET81.tmp deleted successfully.
    C:\WINDOWS\System32\SET82.tmp deleted successfully.
    C:\WINDOWS\System32\SET83.tmp deleted successfully.
    C:\WINDOWS\System32\SET84.tmp deleted successfully.
    C:\WINDOWS\System32\SET85.tmp deleted successfully.
    C:\WINDOWS\System32\SET86.tmp deleted successfully.
    C:\WINDOWS\System32\SET87.tmp deleted successfully.
    C:\WINDOWS\System32\SET88.tmp deleted successfully.
    C:\WINDOWS\System32\SET89.tmp deleted successfully.
    C:\WINDOWS\System32\SET8A.tmp deleted successfully.
    C:\WINDOWS\System32\SET8B.tmp deleted successfully.
    C:\WINDOWS\System32\SET8C.tmp deleted successfully.
    C:\WINDOWS\System32\SET8D.tmp deleted successfully.
    C:\WINDOWS\System32\SET8E.tmp deleted successfully.
    C:\WINDOWS\System32\SET8F.tmp deleted successfully.
    C:\WINDOWS\System32\SET9.tmp deleted successfully.
    C:\WINDOWS\System32\SET90.tmp deleted successfully.
    C:\WINDOWS\System32\SETA.tmp deleted successfully.
    C:\WINDOWS\System32\SETB.tmp deleted successfully.
    C:\WINDOWS\System32\SETC.tmp deleted successfully.
    C:\WINDOWS\System32\SETD.tmp deleted successfully.
    C:\WINDOWS\System32\SETE.tmp deleted successfully.
    C:\WINDOWS\System32\SETF.tmp deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\user\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\user\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: user
    ->Java cache emptied: 38543413 bytes

    Total Java Files Cleaned = 37.00 mb


    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 456 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: user
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 2776744 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 13267 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 3.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.31.0 log created on 12152011_125111

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...





    4. Is there any improvement in how the computer is now running?

    I do seem to see a little improvement in IE's speed. This is the only improvement I observe, so far.

    Other than this, everything is as I reported at the end of the instructions just before these, including no access to Internet Options.

    I did also notice, when I went to insert a link in this post, that it brought up what I presume is a dialogue box, but the box was empty, inside. I turned off my pop-up blocker, and tried again, but it still doesn't work.


  2. #22
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi I_dream_of_Mercury,

    Thank you again for all your feedback. You did the right thing to allow ComboFix to update. Thanks also for your patience with the OTL script.

    Quote Originally Posted by I_dream_of_Mercury
    After OTL ran and rebooted, upon startup, OnlineArmor firewall blocked ERUNT's AUTOBACK.EXE trying to run. When, if ever, should I allow this program to run?
    You can always run ERUNT manually at a time that suits you - before the installation of programs/updates, for example. There is no real need to backup up your Registry every time you log on. This is a decision for you to make.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Re-Run ERUNT

    Please backup the registry with ERUNT again before proceeding.

    Step 2:
    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

    Please Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted. Then right-click on it and select "Run as Administrator" to install.
    Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan. Refer to This Howto Topic, if necessary.
    ** Make sure you are using an account that has Administrative privileges **

    1. Double-click on either the IE or FF icon in the Start Menu or Quick Launch Bar to launch your web browser.
    2. Then go to ESET Online Scanner - © ESET (All Rights Reserved) to run an online scan.
    3. Click on the Run ESET Online Scanner button.
    4. Check the box next to "YES, I accept the Terms of Use."
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    5. When prompted allow the Add-On/Active X to install.
      Make sure that the options:
      • Remove found threats is UNCHECKED
      • Scan archives is CHECKED
      • Then click on Advanced Settings and select the following options:
        • Scan for potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth Technology
    6. Click on the Start button.
      ESET scanner will begin to download the virus signatures database. When the signatures have been downloaded, the scan will start automatically.
    7. Do not touch either the Mouse or Keyboard during the scan otherwise it may stall.
    8. Wait for the scan to finish. It may take a while but, again, please be patient.
    9. When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    10. Now click on the Finish button.
    11. Use Notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    12. Copy and Paste the entire contents of log.txt into your next reply.

    Remember to re-enable your Anti-virus protection before continuing!

    Step 3:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. ESET log results.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  3. #23
    Member
    Join Date
    Nov 2008
    Location
    U.S.
    Posts
    40

    Default

    Scolabar, hi! I'm posting this quickly to see if I can catch you while you're still around -

    I see that I'm to run ESET, and so you may have already answered this question, because I mentioned my problem with ESET online scan in my first post, but:

    When I tried to run ESET online scan just previous to getting help on this forum, it said I needed to be an administrator, even though my account is administative. A remedy they suggest in ESET's FAQ didn't work, when I tried it. - please see my first post for details.

    Do you have a way of correcting this problem with ESET, so I can run it?

    Thanks for your help!

  4. #24
    Member
    Join Date
    Nov 2008
    Location
    U.S.
    Posts
    40

    Default

    1. Did you have any problems carrying out the instructions?

    Hi! I was relieved to find that ESET's online scanner allowed me to use it, this time.

    The instructions were clear and easy to follow, thanks.

    2. ESET log results:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=01bf77cf2a9c46478f590efa830757c8
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-12-16 10:15:40
    # local_time=2011-12-16 02:15:40 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=1797 16775141 100 93 0 60486983 0 0
    # compatibility_mode=6401 16777213 66 100 0 51380267 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=76634
    # found=0
    # cleaned=0
    # scan_time=8147




  5. #25
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi I_dream_of_Mercury,

    Well done. :thumright: Now let's see if we can resolve that No Access to 5nternet Options issue.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Re-Run ERUNT

    Please backup the registry with ERUNT again before proceeding.

    Step 2:
    Registry Fix

    Please temporarily disable your Anti-virus real-time protection. If active, it could impact the following fixes. Refer to This Howto Topic, if necessary.
    ** Make sure you are using an account that has Administrative privileges **

    1. Click on Start > Run.
    2. In the text entry box type:

      • notepad


    3. Then click on the OK button.
    4. This will open an empty Notepad file.
    5. Copy and Paste the contents of the box below into the Notepad window:
      Code:
      Windows Registry Editor Version 5.00
      
      [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
      "NoBrowserOptions"=dword:00000000
    6. Make sure there are NO blank lines before Windows Registry Editor Version 5.00..
    7. Click Format and ensure Wordwrap is Unchecked.
    8. Save as fix1.reg to the Desktop.
    9. Save as file type All Files or it won't work.
    10. Double-click on the fix1.reg file on your Desktop. When prompted to merge click on the Yes button.
    11. Wait approximately 30 seconds and then Reboot the computer to complete the fix.
    12. Please confirm whether or not the No Access to Internet Options issue has been resolved.

    Remember to re-enable your Anti-virus application after running the above fix!

    Step 3:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Has the Registry Fix resolved the No Access to Internet Options issue?
    3. How is the computer now running?


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  6. #26
    Member
    Join Date
    Nov 2008
    Location
    U.S.
    Posts
    40

    Default

    Scolabar, hi,

    1. Did you have any problems carrying out the instructions?

    The instructions were easy to follow.

    2. Has the Registry Fix resolved the No Access to Internet Options issue?

    I still don't have access to Internet Options

    I followed the instructions carefully - I disabled OnlineArmor, Resident/Tea Timer, and Avira, made sure there was no blank line or space before the code, that Notepad had Wordwrap unchecked, changed to All Files when I saved, named it fix1.reg. The message I got didn't use the word "merge," but I did say yes to the prompt to proceed. In just a second, it displayed a box saying it was successful. I waited about 30 seconds, then rebooted.

    Neither Tools>Options from inside IE nor the Control Panel access it.

    Although I've confirmed that my current user account has administrative privileges, when it didn't work, I tried logging in as Administrator, which requires Safe Mode, on XP. It still didn't work.

    I noticed, before (and after) running fix1.reg, that there's now no Internet Options icon in Administrator's Control Panel. I cannot turn Avira on, as the Administrator in Safe Mode - I don't know whether that's normal or not.


    2. How is the computer now running?

    The computer's running faster than it was Programs launch more quickly and it performs without lagging, as far as I can tell so far.

    Some other recent symptoms since the infection and working on the computer are still the same, such as not being able to drag and drop text online, and computer sounds sputtering instead of playing smoothly. I've just noticed that although I can turn Pop-up Blocker on and off, I can't access the Pop-up Blocker Settings. One website that was displaying strange behavior, but which is a well-known and normally trusted site, is still acting strange for me.


    A question: Is it alright for me to clean up usage tracks with Spybot S&D, right now?

    Thanks very much for your continued help


    Quote Originally Posted by Scolabar View Post
    Hi I_dream_of_Mercury,

    Well done. :thumright: Now let's see if we can resolve that No Access to 5nternet Options issue.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Re-Run ERUNT

    Please backup the registry with ERUNT again before proceeding.

    Step 2:
    Registry Fix

    Please temporarily disable your Anti-virus real-time protection. If active, it could impact the following fixes. Refer to This Howto Topic, if necessary.
    ** Make sure you are using an account that has Administrative privileges **

    1. Click on Start > Run.
    2. In the text entry box type:

      • notepad

    3. Then click on the OK button.
    4. This will open an empty Notepad file.
    5. Copy and Paste the contents of the box below into the Notepad window:
      Code:
      Windows Registry Editor Version 5.00
       
      [HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
      "NoBrowserOptions"=dword:00000000
    6. Make sure there are NO blank lines before Windows Registry Editor Version 5.00..
    7. Click Format and ensure Wordwrap is Unchecked.
    8. Save as fix1.reg to the Desktop.
    9. Save as file type All Files or it won't work.
    10. Double-click on the fix1.reg file on your Desktop. When prompted to merge click on the Yes button.
    11. Wait approximately 30 seconds and then Reboot the computer to complete the fix.
    12. Please confirm whether or not the No Access to Internet Options issue has been resolved.
    Remember to re-enable your Anti-virus application after running the above fix!

    Step 3:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. Has the Registry Fix resolved the No Access to Internet Options issue?
    3. How is the computer now running?

    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed

  7. #27
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi I_dream_of_Mercury,

    Thanks you for all the feedback once again.

    The Registry Fix should have resolved your Internet Options access issue. I am beginning to wonder whether a possible hardware issue might be responsible for the Internet Explorer and other issues you are continuing to experience. Let's run another

    Quote Originally Posted by I_dream_of_Mercury
    Is it alright for me to clean up usage tracks with Spybot S&D, right now?
    Please wait until after you have completed the instructions below before proceeding with the Spybot cleanup.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Backup All User Data

    Please make sure all user data is backed up to an external device: hard drive, DVD or CD, before proceeding.

    Step 2:
    Check Hard Disk For Errors

    1. Click on Start and select Run.
    2. Then Copy and Paste the following command into the box and then click on the OK button:
      Code:
      cmd /c chkdsk c: |find /v  "percent" >> "%userprofile%\desktop\checkhd.txt"
      A blank command window will open on your Desktop, then close in a few minutes. This is normal.
      A file and icon named checkhd.txt should appear on your Desktop.
    3. Please Copy and Paste the contents of the checkhd.txt file into your next reply.


    Step 3:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. checkhd.txt.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  8. #28
    Member
    Join Date
    Nov 2008
    Location
    U.S.
    Posts
    40

    Default

    Scolabar, thanks for your reply.

    I'm a little embarrassed to confess that I'm only familiar with saving documents to an external device, such as a flash drive, or transferring music to an mp3 player, not doing a user data backup.

    In the course of treating this computer, I've saved only the most important files to a flash drive and saved System State to the internal drive, but haven't done a full external backup of user data, so far.

    So,
    1. Would you please point me to instructions for properly backing up user data, as you instructed, to an external device?

    2. Is a flash drive alright for doing this backup?

    3. How big is the backup, not counting My Documents, likely to be, if it's possible to estimate, so I can anticipate enough space on the external device?

    4. Can the same external drive be used to back up both pc's and Macs? I ask because I might take this opportunity to get a new external drive, and want to consider how much I want to invest in one, in case I get an Apple product, in future.

    Thanks for your help and information.

  9. #29
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    148

    Default

    Hi I_dream_of_Mercury,

    In answer to your questions:

    Quote Originally Posted by I_dream_of_Mercury
    Would you please point me to instructions for properly backing up user data, as you instructed, to an external device?
    The information on how to backup your data was provided at the end of my initial reply.

    Quote Originally Posted by Scolabar
    Quote Originally Posted by I_dream_of_Mercury
    Is a flash drive alright for doing this backup?
    That depends on the volume of data you need to backup and the size of your flash drive. Personally, I would only recommend backing up to flash drives if you have no other alternative. They are the modern equivalent of the old floppy disks, in my view. An external hard drive or DVD's would be preferable.

    Quote Originally Posted by I_dream_of_Mercury
    How big is the backup, not counting My Documents, likely to be, if it's possible to estimate, so I can anticipate enough space on the external device?
    Essentially, your user data data is the contents of your entire User Account directory which in your case would be: C:\Documents and Settings\user. To find out the full size of that directory you may need to need to Show All Files/Folders (- see instructions below). Then navigate to the C:\Documents and Settings directory and then right-click on the user directory and select Properties from the pop-up menu. In the Properties window the amount of actual data to be backed is shown under Size:. The Size on Disk: information will tell you how much space the data actually takes up on the storage device (- C: drive in this case). This can vary depending on the size of the storage device.
    Show Hidden Files and Folders

    Enable the Show Hidden Files and Folders option, like this:

    1. Click Start. Open My Computer.
    2. Select the Tools menu and click Folder Options.
    3. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
    4. Uncheck the Hide extensions for known file types. option.
    5. Uncheck the Hide protected operating system files (recommended) option.
    6. Click Apply to set. Click OK.

    Note: To Disable the Show Hidden Files and Folders option simply revert and save the options.
    Quote Originally Posted by I_dream_of_Mercury
    Can the same external drive be used to back up both pc's and Macs?
    Yes. For optimum performance simply create two separate partitions on the external drive: one for Windows (NTFS format) and one for Mac (HFS+ format). Any external drive can be used, bearing in mind that very few PC's have FireWire ports so USB2 is likely to be the common denominator. You can then use the flash drive to transfer data as required between the two operating systems.

    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  10. #30
    Member
    Join Date
    Nov 2008
    Location
    U.S.
    Posts
    40

    Default

    Hi, again!

    First, here's the checkhd.txt:

    The type of the file system is NTFS.
    WARNING! F parameter not specified.
    Running CHKDSK in read-only mode.
    CHKDSK is verifying files (stage 1 of 3)...
    CHKDSK is verifying indexes (stage 2 of 3)...
    CHKDSK is verifying security descriptors (stage 3 of 3)...
    CHKDSK is verifying Usn Journal...
    Usn Journal verification completed.
    Correcting errors in the Volume Bitmap.
    Windows found problems with the file system.
    Run CHKDSK with the /F (fix) option to correct these.
    156167864 KB total disk space.
    33767296 KB in 91796 files.
    35900 KB in 6791 indexes.
    0 KB in bad sectors.
    206596 KB in use by the system.
    65536 KB occupied by the log file.
    122158072 KB available on disk.
    4096 bytes in each allocation unit.
    39041966 total allocation units on disk.
    30539518 allocation units available on disk.


    Quote Originally Posted by Scolabar View Post
    The information on how to backup your data was provided at the end of my initial reply.
    I did follow those directions, when responding to your initial reply! I had already saved the most important of My Documents to an external device (a flash drive), upon suspicion of infection. The instructions said to select the drives you want to back up, and to select System State, so I did a backup of System State. The Backup Utility said, "Choose a place to save your backup," and Browse opened to C:\Backup Files Folder, by default, so I saved it there.

    This time, when you mentioned user data and external device, and since you were talking about doing something with the hardware, I thought I must need to back up more than My Documents and System State. As I confessed, I'm not knowledgeable about backups beyond getting a copy of My Documents to an external device. I'm sure I'm negligent in this.

    I don't know whether to go into detail about backing up, this time. Basically, the first time I tried, it falsely reported that the medium was full, when it was not nearly full, and aborted the backup. So the next try, I selected files to backup, in the folder you indicated, C:\Documents and Settings\user, leaving out My Documents, so that the file was a fraction the size, and the backup completed. I don't know whether the false report about the drive being full is a problem with the Backup Utility, or with the flash drive.

    Thanks for info about flash drives and external hard drives I'll get a portable external hard drive as soon as I'm able.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •