Internet Explorer missing all Toolbars

Fisrt, download ABIremover and save it to its own folder like c:\ABIremover

- Now extract the abiremover.exe file from the ZIP file into the folder you created but do not run the EXE yet.

- Reboot into Safe Mode with no network suppost and do not run anything else but what I tell you to run!

- Run the ABIRemover.exe, press install, wait (explorer window will disapear)

- When it finishes just reboot into normal mode and run the steps below.


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Are you sure you ran ABIremover and you ran it in safe mode before posting that HijackThis log? It does not look like it because many of the problems that it always has removed are still there.

 

Now that's strange! If you don't mind, could you please run ABIremover one more time, but this time run it in normal boot mode. And then post another HJT log. I'm really surprised that some of the problems are not being repaired. If this does not work, I will have to provide you with manual cleaning steps for these items.

 

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Open Control Panel and select Add/Remove Programs look for the below programs and uninstall them if found:
Search Maid
Security IGuard
Virtual Maid

Now exit Add/Remove Programs.

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\System32\ofps.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\winnook.exe


After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsearches.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/

Is the below proxy override something you setup? If so, skip it. If not sure, skip it. Otherwise fix it.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dynhost.inetcam.com;register.inetcam.com
R3 - Default URLSearchHook is missing
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hpDF31.tmp
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Intel system tool] C:\WINDOWS\System32\winnook.exe

If you do not know what the below 3 O16 lines are, fix them too.
O16 - DPF: {0E25CA6C-52AE-47E0-BF44-BC5B3A0403F4} - http://www.anywebcam.com/awc/SGT.ocx
O16 - DPF: {B5ED2DB1-5728-4355-94F0-4A1C856B88F2} (GUNID.UNID) - http://www.anywebcam.com/awc/GUNID.CAB
O16 - DPF: {D7959311-BFA5-11D4-AC33-0050DA92CB80} (VRmallViewer Class) - http://download.humandream.com:8085/cabs/VRmall.cab



After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\ofps.exe
C:\WINDOWS\system32\msmsgs.exe
C:\WINDOWS\System32\winnook.exe
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\Windows\System32\helper.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
C:\WINDOWS\System32\hpDF31.tmp
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Program Files\Search Maid<--- the whole folder
C:\Program Files\Security IGuard<--- the whole folder
C:\Program Files\Virtual Maid<--- the whole folder
C:\Windows\System32\Log Files <--- the whole folder


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and continue with the below.

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixwp.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Double-click on the fixwp.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to add to the registry say yes.

Now please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Now post a new HJT log. And tell me how things are working.

 

Did you install this DesktopWeather program? Are you sure it is safe?
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe

You still have some problems remaining from the last cleanup procedure that we need to fix again. I'm also going to have you repeat looking for some files again just to make sure they did not come back. Make sure you you have viewing of hidden and system files enabled as listed below (Double check). I'm also going to list some processes to kill. You may not see any of them but I want to make sure that you kill them if any are found. If you do not see them, just continue to the next steps.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\System32\ofps.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\msole32.exe
C:\WINDOWS\popuper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\wp.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.startsearches.net/bar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.startsearches.net/search.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.startsearches.net/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.startsearches.net/
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: (no name) - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp49D4.tmp (file missing)


After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\ofps.exe
C:\WINDOWS\system32\msmsgs.exe <--- make sure you find and delete this one
C:\WINDOWS\system32\shnlog.exe
C:\WINDOWS\system32\intmonp.exe
C:\WINDOWS\System32\intmon.exe
C:\Windows\System32\helper.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
C:\WINDOWS\System32\hpDF31.tmp
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\System32\Log Files <--- the whole folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and continue with the below.

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixwp.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Double-click on the fixwp.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to add to the registry say yes.

Now please download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program.

Now post a new HJT log. And tell me how things are working.

 

Have you simply tried enabling your Toolbars by clicking View, Toolbars and then selecting the ones you want?

Your log is clean.

 

I know you said you tried this but try right clicking in the upper area of the border around the text window. Not the very top where the minimize and maximize window buttons are but just below it. If you find the right spot, you will get a menu to enable Standard Buttons, Address Bar, Links and a Lock Toolbar selection. If this does not work, we may need to edit the registry.

FIrst try holding down the ALT key at the same time as the F4 key. Does that help?

If that does not work try running this: http://www.kellys-korner-xp.com/ToolbarRepair.Exe

If that does not work, do the below.

Download the following program Registrar Lite and install it.

- Run it, copy and paste this line to reglite's address bar:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
- Click the "go" tab
- Then click File and select Export
- Save it to a file where you can locate it then upload it here. See the below note.

Note: The file saved will be a .reg . You will need to put it into a zip file or change it to a .txt file to upload it here as an attachment.

 

You're welcome Ken. Now that you are clean, let's try to keep it that way. Check out the below link:

How to Protect yourself from malware!