Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Ad-Aware logfile help


  • Please log in to reply

#16
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
In the Control panel click Java Plugin > Cache Tab > click Clear

Does that take care of the IE error?

Regards,
  • 0

Advertisements


#17
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
When I go to the Control Panel of Windows 2000 Professional, I do not see a Java Plugin. I did open up Internet Options and looked around for something similar to what you described, but I wasn't able to find anything that fit your description.

Any other ideas?

Jason...
  • 0

#18
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
That is strange.

Can you find this folder:
C:\Documents and Settings\Jason Fultz\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file

When found delete everything in it, NOT the folder itself just the content.

Regards,
  • 0

#19
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Ok, I found the directory you described and deleted all 5 hundred-something files in it, but I left the folder itself.

I tried to start up IE again afterwards, and found the same problem.

:tazz:

Jason...
  • 0

#20
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Can you try if installing Java again solves it.
http://www.java.com/...load/manual.jsp

I can't help thinking that this is a critical factor in this problem.

Regards,
  • 0

#21
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I downloaded the file from the link you gave me. I installed j2se, as suggested. Then I rebooted and attempted to start up IE. Again, I was met with failure; the same error message appeared.
  • 0

#22
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Can you try something for me?

Click Start > Run > type regsvr32 user32.dll > OK

Let me know what the prompt says that you will get.

Regards,
  • 0

#23
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I'll do just about anything you ask if it helps me fix this annoying problem. :tazz:

When I run the command as you described it, I get the following message:

"user32.dll was loaded, but the DllRegisterServer entry point was not found.
DllRegisterServer may not be exported, or a corrupt version of user32.dll may be in memory. Consider using PView to detect and remove it."

Sounds like you're on to something...what, I don't know yet.
  • 0

#24
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Download and run: http://www.silentrun...ent Runners.vbs

Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.

Let it run. It can take a few minutes. When it has finished it will produce a Startup Programs text file. Copy and paste that text file here in your next reply.

Regards,
  • 0

#25
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
As you requested:

****************************************

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows 2000
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Terminate Popup" = "d:\Program Files\Zero-PopUps\zpu.exe" [file not found]
"Mozilla Quick Launch" = ""d:\Program Files\Netscape\Netscape\Netscp.exe" -turbo" ["Mozilla, Netscape"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Synchronization Manager" = "mobsync.exe /logon" [MS]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"EPoXUSDM" = ""D:\Program Files\EPoX\USDM\USDM.EXE" "5000"" ["EPoX COMPUTER CO.,LTD."]
"iTunesHelper" = "D:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"QuickTime Task" = ""D:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "D:\PROGRA~1\SPYBOT~1\SDHelper.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\System32\hticons.dll" ["Hilgraeve, Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Explode"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office\UNBIND.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Microsoft Office\Office\olkfstub.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\Downloaded Program Files\ymmapi.dll" [file not found]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINNT\Downloaded Program Files\ymmapi.dll" [file not found]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "d:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINNT\Web\Wallpaper\Boiling Point.jpg"


Startup items in "Jason Fultz" & "All Users" startup folders:
-------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"InterVideo WinCinema Manager" -> shortcut to: "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" [empty string]
"MA111 Configuration Utility" -> shortcut to: "D:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe" [null data]
"Microsoft Find Fast" -> shortcut to: "D:\Program Files\Microsoft Office\Office\FINDFAST.EXE" [MS]
"Microtek Scanner Finder" -> shortcut to: "D:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe" [empty string]
"Office Startup" -> shortcut to: "D:\Program Files\Microsoft Office\Office\OSA.EXE -b" [MS]
"TabUserW.exe" -> shortcut to: "C:\WINNT\system32\Wtablet\TabUserW.exe" ["Wacom Technology, Corp."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\rnr20.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\msafd.dll [MS], 01 - 03, 06 - 36
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = "&Yahoo! Companion" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "D:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll" ["Yahoo! Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" [file not found]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll" [file not found]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Alias Documentation Server, aliasdocserver, ""D:\Program Files\Alias\Maya6.0\docs\Wrapper.exe" -s "D:\Program Files\Alias\Maya6.0\docs/Wrapper.conf"" [null data]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINNT\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
C-DillaSrv, C-DillaSrv, "C:\WINNT\System32\DRIVERS\CDANTSRV.EXE" ["C-Dilla Ltd"]
ewido security suite control, ewido security suite control, "d:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "d:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Gear Security Service, GEARSecurity, "C:\WINNT\system32\gearsec.exe" ["GEAR Software"]
iPod Service, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
MySql, MySql, "D:/mysql/bin/mysqld-nt.exe" [null data]
TabletService, TabletService, "C:\WINNT\system32\Tablet.exe" ["Wacom Technology, Corp."]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 126 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 180 seconds)
  • 0

Advertisements


#26
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
In IE click Tools > Internet Options > on the general tab click Delete Files and put a checkmark in the include Offline content box

Then on the programs tab click reset websettings.
On the Connections tab check if the connections listed there are legit.
Remove anything that was not added by yourself.

Regards,
  • 0

#27
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Well, I still can't open IE, so instead I went to Control Panel > Internet Options > then on the general tab I clicked Delete Files. But there was no checkmark option for Offline Content anywhere on any of the tabs that I saw.

Next, I proceeded to the Programs tab and click Reset Web Settings, including resetting my homepage, which it asked about.

When on the Connections tab, I had no connections listed at all. I did find, however, a Blocked/Allow addresses list that I removed style.com from that allowed access always. I'm not sure if I put that in there or not a long time ago, so I removed it anyway.

After all of these changes, I tried opening IE again, and as usual it failed.

I don't know if this is it or not, but could this have anything to do with Spybot or Adaware? I've never had a problem with them before, but after the virus hit me maybe I did some things that screwed up the relationship between them?? *shrugs*
  • 0

#28
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
I wish I knew, but we'll keep looking.

Can you do a Find files for iexplore.exe ?

Let me know where copies of this file are found.

Regards,
  • 0

#29
jasonfultz

jasonfultz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
You betcha:

IEXPLORE.EXE: C:\Program Files\Internet Explorer
iexplore.exe: C:\WINNT\system32\dllcache
IEXPLORE.EXE: E:\Program Files\Internet Explorer

And that's about it.

Any idea why it's in my system32 directory and not in all-caps like the other ones?
  • 0

#30
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,672 posts
Good. Don't worry about the caps. Windows doesn't "see" the difference

In this following order please.

Rename C:\Program Files\Internet Explorer\iexplore.exe to iexplore.old
Copy C:\WINNT\system32\dllcache\IEXPLORE.EXE to C:\Program Files\Internet Explorer\iexplore.exe

Let me know if that works and helps. It may take a reboot for full effect.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP