1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: IE problems - blank screens and no java

Discussion in 'Virus & Other Malware Removal' started by ellenak, Jan 26, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. ellenak

    ellenak Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    8
    Hi all! I'm new to posting, so advance apologies if I don't make perfect sense. I've recently started using AdAware and PC-Cillin, along with the Windows XP security center, and things seem to be working ok(expect that I still get quite a few pop-ups, but that's a rant for another day). Except I'm afraid I might have tweaked some security setting a little too much.

    The problem I need help with is that I am taking classes online, and when I click on links to documents on my class websites, they just open a blank window. I can overcome that by copying and pasting the shortcut, but I would really like to know how to fix it. All the dll files are fine and running, and links to other websites work fine - it's just links to documents. My biggest problem right now is that I cannot get to the site that holds quizzes for one class - here is a link to one of the quizzes: javascript: ow('/cgi-bin/SaCGI.cgi/ace1app.cgi?FNC=AcePresent__Apresent_html___english_sims_tech_communication_2e_06',1,600,400,1,0,1,0,0,1,100,100)
    I've tried to make sure that all the java settings are enabled on my browser, but still no luck - just a blank screen. I'm not familiar with java, and even less with javascript: ow (at first I thought it might be a comment :) ), so any help or ideas would be greatly appreciated!
    Thanks! Really!
    I'll stop now.

    Ellen
     
  2. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,371
    First Name:
    Wayne
    Hi, and welcome to the TSG forum :) (y)

    try these tests for java settings http://www.bodo.com/javame.htm
    look for two things
    1) the following text displayed
    YES!...IF YOU CAN READ THIS, YOU ARE JavaScript ENABLED!
    2) black box with wiggling text

    try this test
    site called www.keats.biz - then going onto the "hazelmere" button then search for "properties in this area" button, on my laptop it used to opens a blank screen.
    so the fix for me was to

    With IE closed, Start, Run, REGSVR32 URLMON.DLL, OK. Then open IE, Tools, Internet Options, Programs, Reset Web Settings button.

    and it fixed my problem...
     
  3. ellenak

    ellenak Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    8
    Thanks so much for your reply! Unfortunately, now that I am actually on my home computer (I was writing from work before), the situation seems to have gotten worse. I tried running the dll files again, and they went through fine, but now I'm getting quite a few pop-ups with blank windows and still getting blank windows from most links. I tried running Hijack This, but got a Windows error report saying it's "encountered a problem and needs to close". Before it closed, the Hijack This report looked very long and scary.

    I emptied all of the temp files, just for kicks. Didn't seem to make a difference. I am on a wireless home network (secured, only two computers - a PC and my laptop), if that makes any difference.

    I am considering reinstalling the whole windows system, but am uncertain about what I need to back up. I have the original system discs, but don't have an external backup drive, and have had no luck backing up on CDs. Again, I am grateful for any help you can offer. I'm about at the end of my rope.
    Ellen
     
  4. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,371
    First Name:
    Wayne
    boot into safe mode
    when the PC startup hit f8 a few times
    you should get a menu


    SAFEMODE:-
    http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam
    http://support.microsoft.com/default.aspx?kbid=315222

    The try running hijackthis and posting a log - also if you can download a copy of lpsfix see below
    HIJACK THIS:

    Download and copy hijackthis [should be version 1.99] to its own folder , it makes backups so keeping them separate and available can be useful.
    SO DO NOT put hjt onto the desktop or temp files.

    create a directory say my documents/hjt


    Note the Spyware tools websites are very often under attack and so I have provided more than 1 location to download from:

    Version at 16/12/04

    http://computercops.biz/zx/Merijn/hijackthis.zip (Version 1.99)
    http://www.merijn.org/files/hijackthis.zip (Version 1.99)
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip (Version 1.99)
    http://209.133.47.200/~merijn/downloads.html (Version 1.99)
    http://www.thespykiller.co.uk/ (Version 1.99)
    http://aumha.org/downloads/hijackthis.exe (Version 1.99)
    http://www.tomcoyote.org/hjt/ (Version 1.99)
    http://www.majorgeeks.com/download3155.html (Version 1.99)
    http://www.thewhities.com/ (Version 1.99)

    http://www.lurkhere.com/~nicefiles/ (1.98.2)
    http://www.net-integration.net/tools/hijackthis.html (Version 1.98.2)
    http://www.merijn.org/files/hijackthis1982.zip (Version 1.98.2)
    http://computercops.biz/zx/Merijn/hijackthis1982.zip (Version 1.98.2)

    http://www.sherrylynn.us/privacypolicy (this has an older version 1.97 - if you can not get to any of the above sites)

    {NOTE: Systems infected with the 'Ms4Hd' rootkit parasite will experience crashes in HijackThis 1.99.x since this parasite deliberately crashes programs that try to detect it. For such cases, Use HijackThis 1.98.2 }


    Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”.
    Click on “Save Log” and then it should save and open in NotePad.
    Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.
    DO NOT FIX ANYTHING wait advice from one of the many security experts in this forum.

    I currently do not have the skill/competence to advise and poor advice can be far more damaging to your PC with this software, and so I will be unable to add any advice on the log and so will nolonger be replying to your post with regards to the HJT issue, so please have patience and wait for one of the secruity experts to provide further detailed advice

    i will however, be notified when you post the log

    The secruity forum gets very busy - so you may not get an instant reply to your log - If you do not get a response in 24hrs - they post another reply and this will bring the log back to the top of the forum, just in case its missed



    ----------------------
    Just in case download LPSfix
    http://www.cexx.org/lspfix.htm
    and keep safe - do not use until requested
     
  5. ellenak

    ellenak Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    8
    Thanks so much, etaf! I finally had time to follow your advice, and got hijack this to run in safe mode.
    Here's what it came up with:

    Logfile of HijackThis v1.99.0
    Scan saved at 10:29:45 AM, on 1/30/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\DOCUME~1\ellen\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
    O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
    O9 - Extra button: Advisor - {460692F5-B18A-4EBB-AE05-1B321C876AA2} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
    O15 - Trusted Zone: http://*.windowsupdate.com
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
    O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
    O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


    I know there's a lot of junk on there, but am not sure how to sort it out. A million thanks again!

    Ellen
     
  6. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,371
    First Name:
    Wayne
    i have asked for the thread to be moved to secruity forum
     
  7. GOTzMADsKILLz

    GOTzMADsKILLz

    Joined:
    Apr 18, 2002
    Messages:
    431
    check out my post here, this might help you:

    CLICK HERE
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    You are running hijackthis from a temporary folder. The backups that hijackthis creates can be accidentally deleted when not in a permanent folder. Please do the following;

    Click My Computer, then C:\
    In the menu bar, File->New->Folder.
    That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder. Put your HijackThis.exe there, and double click to run it.

    Post another log when you have moved it.
     
  9. ellenak

    ellenak Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    8
    Here's what happened when I ran it again. Thanks again for your help.

    Logfile of HijackThis v1.99.0
    Scan saved at 8:25:42 PM, on 1/31/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\Program Files\Common Files\WinTools\WSup.exe
    C:\hijackthis\hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
    O9 - Extra button: Advisor - {460692F5-B18A-4EBB-AE05-1B321C876AA2} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
    O15 - Trusted Zone: http://*.windowsupdate.com
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
    O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)
    O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  10. crushbone

    crushbone

    Joined:
    Aug 5, 2004
    Messages:
    1,137
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
    O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
    O2 - BHO: (no name) - {8DA5457F-A8AA-4CCF-A842-70E6FD274094} - C:\PROGRA~1\COMMON~1\WinTools\WToolsT.dll
    O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
    O9 - Extra button: Advisor - {460692F5-B18A-4EBB-AE05-1B321C876AA2} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
    O15 - Trusted Zone: http://*.windowsupdate.com
    O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
    O23 - Service: WebSeach Toolbar support NT service - Unknown - C:\PROGRA~1\Toolbar\TBPSSvc.exe (file missing)

    Close all applications and browser windows before you click "fix checked".


    Restart in Safe Mode

    Open Windows Explorer. Go to Tools, Folder Options and click on the View tab.
    Make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files".
    Now click "Apply to all folders", Click "Apply" then "OK"


    Delete these folders:
    C:\Program Files\Toolbar
    C:\Common Files\WinTools

    Reboot.

    Download Adaware SE http://lavasoft.element5.com/software/adaware/

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window: Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Reboot and post another HJT log for review.
     
  12. ellenak

    ellenak Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    8
    Thanks again for the help, cybertech! It all went well, and here is the log. I haven't had any popups since doing this (and thank God that stupid toolbar is finally gone!!), but links still open a blank window. Little by little, I guess!

    Logfile of HijackThis v1.99.0
    Scan saved at 6:57:03 PM, on 2/1/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Sony Handheld\HOTSYNC.EXE
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\hijackthis\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
    F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\Msjava.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
    O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://www.linksysfix.com/netcheck/24/install/gtdownls.cab
    O23 - Service: HP Configuration Interface Service - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Trend Micro Central Control Component - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)

    Close all applications and browser windows before you click "fix checked".

    Quit all programs that are running.
    Click Start, and then click Run.
    Type regsvr32 urlmon.dll, and then click OK.

    Repeat for each of these:
    Shdocvw.dll
    Msjava.dll
    Actxprxy.dll
    Oleaut32.dll
    Mshtml.dll
    Browseui.dll
    Shell32.dll
     
  14. ellenak

    ellenak Thread Starter

    Joined:
    Jan 26, 2005
    Messages:
    8
    I'll say it again - thank you so much for your help. Things are running almost perfectly! No more popups, and most of the links are working fine. I still get a blank screen when I try to open word documents from my school web pages - not sure what that's about. I've sent inquiries to the help desk there but theyr'e not too quick to respond. I'll keep on them. :)

    Yahoooooo! You guys are awesome. Now maybe you can help me tackle my desktop computer. . .
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    That's great! :)

    One thing you may try regarding the word documents is to change your settings in IE go to Tools, Internet Options, Settings, under Check for newer version of stored pages set to "Automatically". The word document is probably coming from your cache and if the setting is incorrect the document won't be found.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/323730

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice