Incomplete immunization - Internet Explorer 32 Bit Software Domains

[Zenobia]

Yes,the export of the domains key is of value,because if anything goes wrong when attempting to take ownership,it should be able to take you back to where you started.A bad backup is better than no backup.
Also,could you refer to this page and do a full registry backup,as well:
http://pcsupport.about.com/od/windows7/ht/backup-registry-windows-7.htm
Name it fullregistrybackup,or something similar,and keep it somewhere close by in case it's needed.I just want to be extra cautious.

On Karen/PC,please go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,click on Domains,then rightclick,select Permissions.Let me know if you get any errors.When/if the permissions window comes up,please click the Owner tab,and if you wouldn't mind give me a screenshot of it.

 

[lapper4]

Your instructions from your last post included "On Karen/PC,please go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,click on Domains,then rightclick,select Permissions.Let me know if you get any errors.When/if the permissions window comes up,please click the Owner tab,and if you wouldn't mind give me a screenshot of it."

I have assumed you meant "On Karen/PC,please go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap,click on Domains,then rightclick,select Permissions, then select the advanced button, and on the advanced button popup box select the Owner tab. Let me know if you get any errors.When/if the permissions window comes up,please click the Owner tab,and if you wouldn't mind give me a screenshot of it."

Attached is an image of the Owner tab that appears on the advanced button popup box.



I have already backed up the complete registry.

I didn't receive any error messages in getting to the Owner tab or while backing up the complete registry.

 

[Zenobia]

Yes,I meant the advanced tab.Sorry,it was going on for 4 a.m. at the time,and I was getting a bit yawny(though I didn't realize I was quite that tired.I was actually in my own registry looking at my own Domains permissions at the time,typing instructions as I went!) :spider: :laugh:

Please open Spybot,go to Immunization,then Undo Immunization for Internet Explorer (32-bit) \Software (Domains) only.
Then click the start orb,and type regedit,then click regedit.exe.Say yes to the UAC prompt.
Go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains.If all the sites have been removed below Domains,continue on to the next step.However,if there are still sites listed there,please come back and tell me before continuing.

Click on and then rightclick Domains and select Permissions.Beneath the area where it says 'No permissions have been assigned for this object',click the Add...button.
In the box below Enter the object names to select,type in Administrators,then click Check Names.This should change it to KAREN-PC\Administrators,then press OK.
Back under Group or User Names,click on Administrators (Karen-PC\Administrators).Checkmark Full Control and Read,then click the Advanced button,and under Permissions,beside the Administrators (Karen-PC\Administrators) listing,make sure it says This key and subkeys beneath 'Applies To'.Click Ok,then back in the Permissions for Domains box click Apply and OK.

If that all goes well, go to Spybot and try to Immunize Internet Explorer (32-bit) \Software (Domains)

 

[lapper4]

If you review my post times, you will see I am up all hours of the night. I get pretty tired at times, so I can empathize.

In my ignorance, I was wondering if the problem could be fixed by using regedit to delete all the files in the Domains folder, then adding Karen administrator permission to the Domains folder, and then immunizing again.

I also wondered if the problem could be solved by using regedit to export the Domains folder files from the computer that completely immunized and then "adding" (a regedit phrase that might actually mean overwriting existing files in this case) these files to the registry of the computer that won't completely immunize, then adding Karen administrator permission to the Domains folder.

I have to head out for a doctor's appointment now, but will do as you instruct when I get back.

Thanks for all your time and expertise.

 

[lapper4]

I unimmunized the Internet Explorer (32-bit) \Software (Domains) only. Opened regedit and looked at the folders in HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains. It appears that only the folders that had a dword of 4 were removed from the Domains folder. I assume 507 folders were removed and 14,985 folders remain per Spybot.

If I try to export any of the remaining folders, I get the same error message as before "The selected branch does not exist. Make sure that the correct path is given". This makes me wonder if the immunization software can even "see" these folders.

Why not try to use regedit to delete the remaining, apparently damaged files? Or delete and then recreate the Domains folder?

What are your orders master?

 

[Zenobia]

You're welcome.

A couple people did nickname me Insomniac in real life,which gave me a giggle.
(Or maybe it was overtired,giddy laughter.) :laugh:

Why not try to use regedit to delete the remaining, apparently damaged files? Or delete and then recreate the Domains folder?

Yes,we might have to try one or the other.I'm not sure if you would have problems deleting Domains or the Subfolders without ownership,though,so try taking ownership of Domains and the subkeys/sites listed below Domains first,to try to avoid any problems.
Click the start orb,and type regedit,then click regedit.exe.Say yes to the UAC prompt.
Go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Click on and then rightclick Domains and select Permissions.Beneath the area where it says 'No permissions have been assigned for this object',click the Add...button.
In the box below Enter the object names to select,type in Administrators,then click Check Names.This should change it to KAREN-PC\Administrators,then press OK.
Back under Group or User Names,click on Administrators (Karen-PC\Administrators).Checkmark Full Control and Read,then click the Advanced button,and under Permissions,click on Administrators (Karen-PC\Administrators),then make sure that 'Include inheritable permissions from this object's parent' is checkmarked,and then put a checkmark beside 'Replace all child object permissions with inheritable permissions from this object.',then click Apply.You'll get a warning prompt asking if you'd like to continue,click Yes.(It's normal for the 'Replace all child object permissions with inheritable permissions from this object.' to disappear from the checkbox after you click Yes,so don't worry.)Then click OK.That should give Administrators full control on Domains and the sites listed below it.Let me know how it goes,and then we'll go from there.

 

[lapper4]

When I followed the instructions on your last post, things went according to plan until the Advanced button permissions tab. I added a check to the “Include inheritable permissions from this object's parent” check box and added a check to the “Replace all child object permissions with inheritable permissions from this object.” check box. When I clicked the Apply button, an error message popped up. When I closed the error message, 3 new users and a duplicate of the Karen/PC Administrator user appeared on the Advanced button permissions tab and 3 new users without the duplicate Karen/PC Administrator user appeared on the Domains permissions tab. Images of the error message, the Advanced button permissions tab after closing the error message, and the Domains permission tab after closing the error message are attached.

 

[Zenobia]

The error appearing isn't so great,but as for the three new users,not to worry,that is good news,actually.They normally appear.I will show you mine:




The permissions on the users appear to be correct as well.
The duplicate Administrators should be removed,though.Click the Advanced button,then click on the Administrators (Karen-PC\Administrators) that says <not inherited>,then click Remove,then Apply and OK.
Then click on Apply and Ok on the Permissions for Domains box.

The error message you recieved probably means you didn't get ownership of the subkeys,but please check one of them just to see for sure.Click any one of the sites listed below Domains,then rightclick and select Permissions.Are there four Users listed under 'Group or user names'?If Administrators (Karen-PC\Administrators) is listed there,please click on it.Does it have Read and Full Control checkmarked?

 

[lapper4]

The duplicate Karen/PC Administrator (not inherited) on the permission tab of the Advanced button popup box has been removed. On the Domains permission tab there 4 users and the Karen/PC Administrator user has full control and read privileges. The other 3 user names and privileges match the 3 other user privileges on my computer. I checked the Domains file permission privileges for the first file, last file, and a few files in-between those two files. In all cases, the Permissions tab showed 4 users and the Karen/PC Administrator user had full control and read privileges.

Things looked so good that I tried to immunize again. Spybot showed the computer had 520 unimmunized Internet Explorer (32 bit) SOFTWARE (Domains) sites before the immunization as opposed the previous 14,000 plus unimmunized sites Spybot showed. After immunization there were 0 unimmunized Internet Explorer (32 bit) SOFTWARE (Domains) sites. Spybot now shows all sites in all categories are protected. :thanks:

Gee, I'm somewhat sad that the problem appears to be solved. I learned some new things, which I always enjoy and I enjoyed our correspondence. Please don't take that the wrong way, I do have a life. :laugh:

 

[lapper4]

Hello Zenobia:

A few more questions.

Do you know or suspect how that section of the registry became messed up or corrupted? I assume the problem was the result of a program making changes to the registry, since Karen has never changed the registry directly. We didn't have this problem when using Spybot 1.6. The problem started when we updated to Spybot 2.4 and used 2.4 for the first time. Therefore, could the problem be related to the Spybot update?

What is the purpose of the Creator Owner user that has only the special permissions check box checked. What are the special permissions?

Are you and the other Spybot team members Spybot employees or volunteers?

 

[Zenobia]

Good,glad to hear Internet Explorer (32 bit) SOFTWARE (Domains) immunized.
If you wouldn't mind,please go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains and click on a couple of sites listed below,that look like they would belong to Spybot,and make sure they have a Dword Value of 4.That puts them into the Restricted Zone in Internet Explorer.

Gee, I'm somewhat sad that the problem appears to be solved. I learned some new things, which I always enjoy and I enjoyed our correspondence. Please don't take that the wrong way, I do have a life. :laugh:

Me,too.You had a somewhat more difficult problem to deal with,and you followed along and did everything excellently.

Do you know or suspect how that section of the registry became messed up or corrupted? I assume the problem was the result of a program making changes to the registry, since Karen has never changed the registry directly. We didn't have this problem when using Spybot 1.6. The problem started when we updated to Spybot 2.4 and used 2.4 for the first time. Therefore, could the problem be related to the Spybot update?

That was in the back of my mind,actually.I'll check with you that the computer seems okay,otherwise,no apparent problems with it?
Other than that,no,I don't know what could have caused the problem for sure.Perhaps it was a problem with immunization that went unnoticed between Spybot 1.6 and 2.4,perhaps something went wrong,or perhaps it was another program,or maybe it was just one of those things that happen for no known reason,but those are all just guesses on my part.

This is a description of the Creator Owner group,you might have to scroll down a little bit until you see Table 6.3:
http://books.google.ca/books?id=raO...X&ei=Va_-U_zGH4OeggT6pYHQBw&ved=0CCcQ6AEwATgK
The special permissions for Domains is all permissions available(Full Control),but on subkeys only.You can view the permissions if you go to HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains,rightclick and select Permissions,click the Advanced Tab,then on the Permissions tab click on Creator Owner,then click Edit,and a box will come up showing you the full list of permissions.The checkmarks will likely be greyed out,that's normal.

I'm a volunteer.I'm not 100% sure on the others,but I think most or all of them are volunteers as well.

 

[lapper4]

Hello Zenobia:

I look in the HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains folder for any file that contained Spybot in the folder name. I found 28 such folders. Each folder included a dword value of 4. An image of the Domains folders with Spybot in the name is attached. I wonder if some of these Spybot files are leftover from previous versions of Spybot and are no longer needed. If so, perhaps a good registry cleaner can determine which folders can be safely removed.

Karen has used the computer since Spybot immunization was completed to surf the net and create an Excel spreadsheet. So far the computer appears to be working OK.

Thank you for the link to information about the Creator Owner user. I found some information on the net. However, the information either didn’t cover my interest or the information was at odds with what someone else had typed. I was amused by the Group Policy Result Tool. If an operating system is so complicated that a special program is needed for someone to determine what policies will be applied when a user logs in, then maybe it’s time for a new, hopefully more straight forward operating system.

Sorry to hear you are a volunteer and therefore not getting paid for all the hours you spend helping people. I hope it is at least a labor of love.

Now that the immunization problem is solved, I would like to turn your attention to a minor Spybot inconvenience. Should this be a new thread?

After I installed Spybot 2.4 on both computers, I clicked on the Settings Icon, then the Internet Protection tab, and checked the “Use Spybot proxy” check box. As expected, website pages take more time to load and email programs take longer to download and send emails. It also takes longer to update email files. The time require to load website pages is 2 to 3 times longer with the Spybot proxy in service. The slowdown is noticeable but tolerable. The exception is Microsoft Outlook on my computer. I have 4 active email addresses in Outlook. One address receives work emails from the office servers via Microsoft Exchange. Prior to implementing the proxy, it took about 20 seconds after clicking the “Send receive all folders” button to receive the “All folders are up to date” message. With the proxy running it takes almost 4 minutes to complete the same operation. This is more than a tenfold slowdown. Karen’s Thunderbird email program is only 2 to 3 times slower with the proxy operating by comparison.

Do you know why the proxy slows down Outlook so much more than other programs? More importantly, do you have any suggestions for speeding up Outlook when the proxy is running?

 

[Zenobia]

I meant sites that looked like they would belong to spybot immunization,not speciifically containing the Spybot name.The reason I asked was I wanted to see if the sites were added to the registry with a dword value of 4 so I knew that immunization went ok,and none of the former sites listed that couldn't be removed before changing permissions were left behind under Domains.Sorry for the confusion.
The sites in your attachment are all part of Spybot immunization,and are supposed to be there.

Glad to hear the computer's working good.

Spybot's my favorite antimalware program,and I love helping people here when I can,so volunteer is a good thing.

No,it's okay to stay in this thread,no new one needed.
The Spybot proxy used to be enabled by default.I saw that a few people on the forums had some problems with it(some had slowdowns,some sometimes had troubles reaching certain websites,etc.)After that,the proxy was no longer enabled by default,but anybody can enable it if they wish to.Since you're having some slowdown problems,you might want to consider disabling the Spybot proxy.

I'm not overly familiar with Microsoft Outlook,so please look to see if what I post applies to you.
If you prefer to keep Spybot proxy enabled,you could look into Cached Exchange Mode,if that isn't already turned on.That might not be ideal,but it's something you could have a look at.
http://office.microsoft.com/en-us/o...unt-HA102749453.aspx?CTT=5&origin=HA102809573
http://office.microsoft.com/en-ca/outlook-help/about-cached-exchange-mode-HP001000067.aspx
http://office.microsoft.com/en-us/outlook-help/turn-on-cached-exchange-mode-HA102809573.aspx
(I went to an Outlook 2013 page,you may have a different version)

 

[lapper4]

Hello Zenobia:

I did check other folders in the Domains folder and all the folders I audited had a dword value of 4. I will guess that Spybot does not report that all sites are immunized unless all the folders in the Domains folder have a dword value of 4.

The Cached Exchange Mode check box is already checked, but thanks for the suggestion.

The other thing I have noticed is sometimes when I try to add or change an Outlook rule for sorting email I receive an error message that the computer isn't connected to Microsoft exchange. If I keep trying, usually in 2 to 3 additional attempts to create or modify the rule the rule creation popup box will finally appear rather than the error message. Also before using the proxy, during the email downloading process the words "connected to Microsoft Exchange" were always shown in the bottom right corner of the screen. With the proxy running the words keep switching between "connected to Microsoft Exchange" and "trying to connect" Most of the time the "trying to connect" message is present. My impression is that with the proxy running the computer is only intermittently connected to Microsoft Exchange rather than constantly connected. This may explain why my work emails are so slow to download and upload. However, the other 3 personal email accounts receive and send emails through my internet service provider which doesn't utilize Microsoft Exchange, but these email accounts are also an order of magnitude slower with the proxy running. Everything works, although repeated attempts may be required to get something to work. If it becomes too annoying I can always disable the proxy. :sad:

 

[Zenobia]

Yup,a dword value of four is what I was looking for.Good.

Yes,it might be a good idea to disable the proxy due to the slowdowns,etc.,though it's up to you,of course.