Lost Internet Options

please rerun Hitman and have it delete Potential Unwanted Programs.


Download and run OTM.

Download OTM by Old Timer and save it to your Desktop.

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Files
C:\Documents and Settings\Tracy\My Documents\5729
C:\Documents and Settings\Tracy\Local Settings\Application Data\4662
C:\Documents and Settings\Tracy\Application Data\3888
C:\Documents and Settings\Tracy\Application Data\BabSolution
C:\Documents and Settings\Tracy\Application Data\Babylon
C:\Documents and Settings\All Users.WINDOWS\Application Data\1374
C:\Documents and Settings\All Users.WINDOWS\Application Data\4794
C:\Documents and Settings\All Users.WINDOWS\Application Data\8680
C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
C:\Program Files\Internet Explorer\SIGNUP\SET2F.tmp
C:\Program Files\Internet Explorer\SIGNUP\SET381.tmp
C:\Program Files\Internet Explorer\SIGNUP\SET80.tmp
C:\Program Files\Internet Explorer\SIGNUP\SET9.tmp

:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document into a text file and attach it here in your next post.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

• Right-click OTM.exe And select " Run as administrator " to run it.
• Paste the following code under the http://farm3.static.flickr.com/2455/4173556815_a721a91733_o.png area. Do not include the word Code.

Code:

:Files
C:\Documents and Settings\All Users.WINDOWS\Application Data\Babylon
C:\Documents and Settings\Tracy\Application Data\BabSolution


:Commands
[emptytemp]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
• Push the large http://farm3.static.flickr.com/2782/4174320048_f01c448b32_o.png button.
• OTM may ask to reboot the machine. Please do so if asked.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document into a text file and attach it here in your next post.


Now run Hitman again and attach log.

 

That is very nice of you to say, and you really are welcome. I love killing malware so let's plough onwards to be rid of this rubbish that's left.

http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool to your desktop.

• Please save the work in your browsers before proceeding.
• Double-click JRT.exe to run (Vista/7 right-click and select Run as Administrator)
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Please attach JRT.txt to your next message. (See: HOW TO: Attach Items To Your Post )

Now rescan with Hitman and atach log.

 

Is everything running well currently?

 

Temporarily disable the Panda Cleaner from running and also MSSE and then let me know whether intenet options are available now or not.

 

Uninstall anything Panda related please. Reboot, and then let me know if the problem persists.

 

I am a volunteer here and will do what I can to remove malware, we are almost finished with that now, so any outstanding issues you will have to work out in the software forum.

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Attach both of these logs into your next reply.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this.

Let us know of any problems you may have encountered with the above instructions and also let me know how things are running now!

 

I have alerted the head of malware, Chaslang, to your thread, as soon as he gets chance he will take a look.

 

Seem you have other issues going on besides malware. Simply downloading OTL would not cause any of these problems. Nor would anything else the Kestrel13! has done. For that matter, the junkware that you had would not cause these problems either. And there was no real insidious malware. Justy the basic junkware stuff.

Have you been running anything else on your own? Making any changes at all or running any other scans or tools....etc? Is see from your logs that you had run Combofix on 6/30/2013. Who asked you to run this? Were you working on another forum?

Per the All Users.WINDOWS user account folder seen in your logs you either had previous and/or current problems with Windows. Had you done an inplace reinstall at anytime? This is not the normal All Users profile name. Same is true for LocalService.NT AUTHORITY.000


Can you boot your PC up in safe boot mode?

Note you should never have installed Panda Antivirus and Microsoft Security Essentials at the same time. Not that it has anything to do with not being able to login now but it sure could contribute to the slowness. And so can the lack of adequate memory. Per your logs you have

Code:

Total Physical Memory 1,024.00 MB 
Available Physical Memory 371.39 MB 

I recommend at least 3 times this especially for older slower processors like you have.


Additional question: When you say you lost internet options, are you referring to it not showing or not being selectable in Internet Explorer? Or did you mean it does not show in Control Panel. It is possible to block seeing these due to settings in Spybot!

 

One more question: In your first logs attached I noticed the below

Code:

"C:\WINDOWS\Tasks\"
activa~1.job  Jul  1 2013         282  "Activate Windows.job"

Is a legit copy of Windows? Has it been activated?

 

Please download this registry patch and save to your Desktop: Restore Internet Options

Double-click it to merge it to the registry.

Now Reboot your PC.

Note: if the reg patch opens as a text file when you double click it then right-click it and select Open With > Choose Program... Then, select the Registry Editor.

If the Registry Editor is not in the list, browse to C:\WINDOWS and select regedit.

 

Open Windows Explorer by pressing the Windows Logo key + the 'e' key at the same time. Navigate to the C:\windows\system32 folder. Do you see a file named inetcpl.cpl

 

Okay do you see one in this folder C:\windows\ie8

If yes, copy the one in the above folder to the C:\windows\system32 folder

Now reboot your PC ( only if you found the file and did the copy successfully ). After reboot see if anything has changed.

 

I'm not sure what you mean. This makes no sense. notepad is a program in Windows that is a simple text editor. You will not find the files in the C:\Windows\system32 folder in a notepad file so I'm not quite sure what you mean.

You need to copy ONLY the inetcpl.cpl file!!!!! Notice the file extension ( the .cpl ). If you do not still have viewing of file extensions enable as per the READ & RUN ME then perhaps you are not seeing file extensions and you thus cannot tell on file from another. See the below:

How to view hidden, system files & folders!

Also makes no sense. There can only be one file named inetcpl.cpl in any given folder. It is impossible to have the same file name duplicated. Again, perhaps you are not seeing file extensions. Or maybe you are not using Windows Explorer to locate files?

 

:-D

Let's see if we can locate a copy of the file.

please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  Code:

  :filefind
  inetcpl.*
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. You can just close this notepad window since the log is already saved on your Desktop. Be patient! It may look like it is not doing anything, but it takes awhile for this to scan thru your whole system look for matches.
• Please attach the SystemLook.txt log found on your Desktop to next reply.

 

Okay back in message # 30 you said you could not find inetcpl.cpl in c:\windows\system32 and also later you said you could not find it in c:\windows\ie8. The correct file is actually located in both folders. Thus this is not the reason for your problem. This is most likely not a malware problem and I may be sending you to the Software Forum for this. However the first thing you may want to try is a repair or reinstall of Internet Explorer 8. See the below link:

http://support.microsoft.com/kb/318378

 

You said the same thing previously in message #18 about your password. Then in message # 26 you said you figured it out. I have to assume you are having the same problems again. If not then I suggest that you continue in the Software Forum because you are not having malware problems that we can help you with.

You may also want to try booting in safe mode and using the Administrator user account ( that is case sensistive ). I don't know whether you ever set a password on it ( like the same one as your account ) or you left it blank which is quite common.

 

You mean Internet Explorer 8.

Yes I would say that you possibly have lots of Windows operating system issues and may need a clean reinstall. A repair install may work, but I would opt for a clean reinstall. These are topics for the Software Forum.

 

You're welcome. Sorry we could not help you further. The only malware forum related issues that we really saw in your logs were some basic adware and the mutliple antivirus programs. All these other issues were not due to malware.