Author Topic: Can't "Fix"  (Read 51900 times)

0 Members and 1 Guest are viewing this topic.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #45 on: April 15, 2011, 10:48:38 PM »
wait for essex, please...
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Can't "Fix"
« Reply #46 on: April 15, 2011, 10:54:27 PM »
As I said there was a lot of temporary files - OTS is cleaning them whilst rebooting so give it a few minutes more

YoKenny

  • Guest
Re: Can't "Fix"
« Reply #47 on: April 15, 2011, 10:58:31 PM »
As I said there was a lot of temporary files - OTS is cleaning them whilst rebooting so give it a few minutes more
As they say Patience is a virtue

rlakritz

  • Guest
Re: Can't "Fix"
« Reply #48 on: April 15, 2011, 10:59:38 PM »
Before I read your message I pushed the reset button to restart the computer.  It had already been over 15 minutes and I thought the computer was stuck, for sure. Do you think everything was done that needed to be done?  
When the computer rebooted there was the fix log:
All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Unable to update HOSTS file!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AdobeUpdater deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\80888d\BM808_2112.exe deleted successfully.
[Files/Folders - Created Within 30 Days]
C:\Documents and Settings\All Users\Application Data\BMHQP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\80888d\Quarantine Items folder moved successfully.
C:\Documents and Settings\All Users\Application Data\80888d\BMPSys folder moved successfully.
C:\Documents and Settings\All Users\Application Data\80888d\BackUp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\80888d folder moved successfully.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\tasks\PC Health Advisor Defrag.job moved successfully.
[File - Lop Check]
File C:\Documents and Settings\All Users\Application Data\80888d not found!
File C:\Documents and Settings\All Users\Application Data\BMHQP not found!
[Empty Temp Folders]
 
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
 
User: Judith&Yuda
->Temp folder emptied: 97177092 bytes
->Temporary Internet Files folder emptied: 77921318 bytes
->Java cache emptied: 85739360 bytes
->FireFox cache emptied: 83652910 bytes
->Flash cache emptied: 11390 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 65938 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 196790702 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4353712 bytes
%systemroot%\System32 .tmp files removed: 3417617 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1287482 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 104087230 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 253339 bytes
 
Total Files Cleaned = 625.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Judith&Yuda
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: LogMeInRemoteUser
 
User: NetworkService
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTS Restore Point (0)
< End of fix log >
OTS by OldTimer - Version 3.1.42.0 fix logfile created on 04152011_232943

Files\Folders moved on Reboot...
C:\Documents and Settings\Judith&Yuda\Local Settings\Temp\IadHide4.dll moved successfully.
File\Folder C:\Documents and Settings\Judith&Yuda\Local Settings\Temporary Internet Files\Content.Word\~WRS{51CEEE76-0562-43B7-9048-F1BB89DFC64D}.tmp not found!
C:\Documents and Settings\Judith&Yuda\Local Settings\Temporary Internet Files\Content.Word\~WRS{7A49F504-A7D2-465C-9280-C2F158D5B3F1}.tmp moved successfully.
C:\Documents and Settings\Judith&Yuda\Local Settings\Temporary Internet Files\Content.Word\~WRS{92D6BEDC-ADDB-476B-8B95-19DA56FC1D38}.tmp moved successfully.
File\Folder C:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #49 on: April 15, 2011, 11:07:10 PM »
Before I read your message I pushed the reset button to restart the computer.  

 ;D tz tz tz ... more patience.

essexboy can't be everywhere in the wink of an eye.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Can't "Fix"
« Reply #50 on: April 15, 2011, 11:07:21 PM »
Quote
Total Files Cleaned = 625.00 mb
This was why it took a while  ;D

It appeared to be unable to reset your Host file

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?"   in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Could you now check for redirects in IE and Firefox please and let me know the result




rlakritz

  • Guest
Re: Can't "Fix"
« Reply #51 on: April 15, 2011, 11:26:06 PM »
When I try to run the program, it shuts down when I click on the Restore Microsoft's Host file.  I got the following error message:  Cannot create file c:\Windows\system32\DRIVERS\ETC\hosts

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #52 on: April 15, 2011, 11:30:09 PM »

  • Click "Make Hosts Writable?"   in the upper right corner (If available).

Did you do that?
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

rlakritz

  • Guest
Re: Can't "Fix"
« Reply #53 on: April 15, 2011, 11:32:54 PM »
I clicked on it before I clicked on the Restore Microsoft Hosts file but there was no way to tell if it "took".  It was highlighted in red before I clicked it and it was still that way. It was on the left side, however.

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #54 on: April 15, 2011, 11:38:05 PM »
This is how it should be.
Click on the upper left button until it looks like this.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #55 on: April 15, 2011, 11:43:10 PM »
When you start HostsXpert you should see on the right side something like this (maybe not the same content, but at least something).
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

rlakritz

  • Guest
Re: Can't "Fix"
« Reply #56 on: April 15, 2011, 11:46:14 PM »
I don't seem to be able to get the yellow background.  It's there when I click on it but as soon as I move the cursor, it reverts back.

YoKenny

  • Guest
Re: Can't "Fix"
« Reply #57 on: April 15, 2011, 11:50:46 PM »
Please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.

How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

Offline Zyndstoff (aka Steven Gail)

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 2604
  • I can resist anything except temptation.
    • tex62
Re: Can't "Fix"
« Reply #58 on: April 15, 2011, 11:53:54 PM »
Please go to PROFILE then Modify Profile then Forum Profile Information then select your country in Please select your country: then update your Signature: with information like my signature as this helps the helpers offer pertinent advice.

How do I reset the hosts file back to the default?
http://support.microsoft.com/kb/972034

That's no help right now, and the MS will not work either here.
7 x64 SP1, FF 8a Aurora, TB6, 6.0.1203 Free
Free MBAM Clear

rlakritz

  • Guest
Re: Can't "Fix"
« Reply #59 on: April 15, 2011, 11:54:16 PM »
Here's the problem.  When I open HostsXpert I get the following warning: Your HOSTS file is marked as a "system file" and can NOT be manipulated. Press OK to remove the system file attributes, CANCEL to Quit.  ***HostsXpert will NOT reset these attributes***
I pressed OK and then got the following warning:  Your HOSTS file is marked as a "Hidden file" and can NOT be manipulated. etc.  I pressed OK and that's when the "Make Hosts Writable turns red and I can't change it.