Inactive Trojan.BHO removed but internet explorer and options issues

[sinc22]

Farbar Service Scanner Version: 30-01-2013
Ran by Ahn Home (administrator) on 31-01-2013 at 20:21:19
Running from "C:\Users\Ahn Home\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
C:\Windows\System32\drivers\afd.sys
[2012-02-16 20:47] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 12:55] - [2012-03-30 07:45] - 1423744 ____A (Microsoft Corporation) 46D448E9117464E4D3BBF36D7E3FA48E
C:\Windows\System32\dnsrslvr.dll
[2011-04-12 17:39] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
C:\Windows\System32\mpssvc.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2009-07-31 17:58] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-07-31 17:59] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2009-07-31 17:58] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2012-10-10 12:09] - [2012-06-01 19:20] - 0174592 ____A (Microsoft Corporation) CA78B312C44E4D52E842C2C8BD48E452
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-07-31 17:59] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF
**** End of log ****

 

[Broni]

Did you reset Internet Explorer?

 

[sinc22]

I attempted it multiple times with the fixit link you sent, but it was unable to complete properly because it couldn't access inetcpl.cpl

 

[Broni]

Can you open IE at all?

If so, click Tools>Internet options>Advanced tab and click on "Reset" button.

 

[sinc22]

Specifically, the error window states "error loading inetcpl.cpl. the operating system cannot run %1"

 

[sinc22]

IE opens, but it doesn't connect to the internet (chrome and firefox running great) and any attempt to type in an address results in an attempted download of a file of similar name (I.e. google.com results in google_com.htm attempted download) then an auto shutdown of IE

 

[Broni]

click Tools>Internet options>Advanced tab and click on "Reset" button.

 

[sinc22]

When I attempt to open tools>internet options, the following error msg comes up
"This operation has been cancelled due to restrictions in effect on this computer.Please contact your system administrator." Even tried opening IE as administrator

 

[Broni]

Uninstall IE. It'll roll back to previously installed version.
See if you have same issue.

 

[sinc22]

How do I uninstall IE? Don't see it as an option under uninstall in control panel

 

[Broni]

Good question.
IE will be actually listed under "installed updates".

 

[sinc22]

Thanks - found it. uninstall in progress. Fingers crossed.

 

[sinc22]

It gives me an error that not all of the updates could be uninstalled

 

[Broni]

..and? any options?

 

[sinc22]

No - just stops there and shows the uninstall updates screen with IE8 still there

 

[Broni]

Go ahead with Eset scan and we'll go back to IE issue after that.

 

[sinc22]

ESET found the following. It was quarantined and subsequently deleted.

C:\Qoobox\Quarantine\C\Users\Ahn Home\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp.vira variant of Win32/Kryptik.GBF trojancleaned by deleting - quarantined

 

[Broni]

Very well.

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

=============================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

• Run JavaRa.exe (Vista and 7 users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

====================================

Now....

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.

See if it fixes your original issue.

 

[sinc22]

When I tried to update adobe, I get the following

"ordinal 459 could not be located in the dynamic link library urlmon.dll"

 

[Broni]

Skip it for now.

 

[sinc22]

Got it - updating java now

 

[Broni]

The above error may be connected to your original issue.
Something in Windows installation is messed up.

 

[sinc22]

Ran Windows Repair and restarted. Computer working better and faster than ever, but still experiencing the IE issue and Control Panel>Internet options issues.

 

[Broni]

The only other thing can suggest would be repair installation: http://www.vistax64.com/tutorials/88236-repair-install-vista.html

 

[sinc22]

Got it - I think my hard drive partition with the recovery windows isn't SP2, so I may have to do a full re-install - was hoping to avoid that.

You asked me to remind you about what to do about my external drive that I backup to. Any special guidance for that drive?