Jump to content


Photo

Brower Trouble


  • This topic is locked This topic is locked
64 replies to this topic

#51 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 18 July 2006 - 01:17 AM

Ok if you havenít tried the following, letís give it a try and see. Iím still looking for more ways to solve this.

Make sure your security options for Microsoft Internet Explorer are set to enable ActiveX controls and plug-ins. Check your browser's security page In Microsoft Internet ExplorerÖ
Click the Tools menu
Click Internet Options/Security
Click Custom Level to open Security Settings dialog box for the corresponding Web content zone,
Make sure the Run ActiveX controls And plug-ins option is anable.

Also check your restricted sites Zone to see if those sites you are having problems with are there.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#52 fook

fook

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 18 July 2006 - 10:18 AM

Hi, just checked the security settings. Run Active X and plug-ins was already enabled however it was not enabled in the restricted zones option so I enabled it there and there are still no changes. I also want to point out that (not sure if it is of any significance) the two values I deleted in HJT regarding rr.com has Spybot producing the messages that the values have changed each time at start up of computer.

#53 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 18 July 2006 - 01:02 PM

Hi, just checked the security settings. Run Active X and plug-ins was already enabled however it was not enabled in the restricted zones option so I enabled it there.


It shouldn't be enable in the restricted zone. You don't want those retricticted sites to run any active-x at all. I just wanted you to check and see if the sites you are having problems with were in the restricted zone. Click the Restricted sites icon and then the Sites.. box to see if those sites you are having problems with are in that list. if they are, you can highlight them and then remove them so that you can access them with your browser.

I also want to point out that (not sure if it is of any significance) the two values I deleted in HJT regarding rr.com has Spybot producing the messages that the values have changed each time at start up of computer.

That is why whenever doing any kind of fix, it's necessary to disable all realtime protection programs so they don't restore the file again. If you run a scan with HJT agan and those files appear, disable all your realtime protection programs just like we did before in post #43 and try the fix again.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#54 fook

fook

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 18 July 2006 - 10:07 PM

I jsut scanned and the rr/com registries did not come up.

Logfile of HijackThis v1.99.1
Scan saved at 11:54:04 PM, on 07/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\hijackthis\hjt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

#55 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 19 July 2006 - 04:28 PM

Hi fook,

That is interesting!!! :scratchhead: There is one entry related to Sun Java Browser Helper Object that came as a left over. The rest still looks fine.

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

Did you fix the following entry by accident? The previous one is related to it.

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll


Iím assuming the browser problem is still there.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#56 fook

fook

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 July 2006 - 05:23 PM

Actually I don't remember fixing that one. That's weird. I did not even see it until this last scan.

#57 fook

fook

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 July 2006 - 05:25 PM

Oh yeah I just had a thought...could it be a problem with a spyware program because I was thinking that in safe mode no program are loaded up so maybe it could be conflicts with one of the programs.

#58 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 19 July 2006 - 06:27 PM

That could be possible because you have more than one realtime protection program running at start up at present time. I kind of doubt it, but you can try uninstalling one, or better yet disabling in one and see what happens with only one running at start up.

As for the No name No file entry, it wasn't there before. You actually had the whole entry of Sun Java there instead of the No name no file. If you didn't fix it, that's a real mystery to me!!! I wonder how that happened. Is your Sun Java working?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#59 fook

fook

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 July 2006 - 08:40 PM

I think I just had a breakthrough. I opened Spybot and went to the list where it shows what programs load at Startup and unchecked programs like Quicktime, Microsoft Works, and etc. (including Spybot) and now all web pages are working 100%. Only problem is I have to go back and keep restarting to see which program is actually causing it. Also how would I know if my SunJava is working?

#60 fook

fook

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 July 2006 - 09:04 PM

Okay I think I just found the source, Peerguardian. Everything seems to be working correctly.

#61 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 19 July 2006 - 10:33 PM

Also how would I know if my SunJava is working?

First check the BHOís in Spybot and see if is there. Look for SSVHelper Class. I see the entry at start up is still shows in the HJT log. I think it should still be working. Just in case, go to control panel and click the Sun Java icon. If it doesnít seem to work, you can always download it again.

Okay I think I just found the source, Peerguardian.

Did you check its block list? Is that the only firewall you have running at the moment?

Everything seems to be working correctly

Wonderful!!! :p Should we celebrate?
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#62 fook

fook

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 19 July 2006 - 10:57 PM

Yes I think it is time to call for a celebration. Thank you so much. I appreciate all the time and effort you put in. I'm so relieved.
At this point, should I not use PeerGuardian anymore? Also would you ahve any recommendations on programs for cleaning and protecting my computer?
Again thank you so much, I appreciate all the help.

#63 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 19 July 2006 - 11:45 PM

Yes I think it is time to call for a celebration.

:bounce: :boing: :hyper:

At this point, should I not use PeerGuardian anymore?

I would recommend Zone Alarm as the firewall instead. I have that one myself. Makes sure you turn off your windows firewall, so you only have one running at the time. You can read the tutorial that comes with it to get familiar with its functions. You can download Zone Alarm from here:

http://www.zonelabs....d=dbtopnav_zaav

Again thank you so much, I appreciate all the help.

You are very welcome!! It was definitely a team effort!!

Also would you ahve any recommendations on programs for cleaning and protecting my computer?

I know you have Ad-Aware SE, Spybot, SpwareBlaster and SpywereGuard, I have those also, along with IE/Spyad, and I strongly recommend installing IE/Spyad if you donít have it yet:

IE/Spyad places over 4000 websites and domains in the IE Restricted list, which will stop many attempts to infect your system. It is free. More info and download is available at:
http://www.spywarewa...uc/resource.htm

I know you have two registry cleaners already, but if you like, you can get CCleaner to try and see how you like it. That is the one I use. You can try it and decide which one of the three you one to keep. You can download it here:

http://www.filehippo...d_ccleaner.html

Install it, but do not install Yahoo Toolbar that comes with it!
Open it
Under ďoptions/advancedĒ uncheck ďOnly delete files in Windows temp folders older than 48 hours.Ē
Click Cleaner/Run cleaner/OK.
Uncheck "Old Prefetch Data" and close the program.
If you like you can go to Options/Cookies and keep any cookies you want.

And also see this:
So how did I get infected in the first place?

If you keep your AV updated and scan with it, along with Ad-Aware, Spybot and CCleaner, you should have some protection for now. With all these programs, you should be able to keep your system clean enough until you get your legal XP so you can get the updates. Just be carefull about what you download, and delete temp files regularly. I personally run CCleaner everyday to do that before I turn my PC off.

Happy surfing!!!!! :wave:
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image

#64 fook

fook

    Member

  • Full Member
  • Pip
  • 37 posts

Posted 20 July 2006 - 09:09 AM

Thank you!

#65 iguagaby

iguagaby

    Forum Deity

  • Trusted Advisor*
  • PipPipPipPipPip
  • 2,220 posts

Posted 20 July 2006 - 07:27 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
THEY CAN HIDE, BUT THEY CAN'T ESCAPE!

IPB Image




Member of UNITE
Support SpywareInfo Forum - click the button