Major probs with IE
Page 1 of 5 123 ... LastLast
Results 1 to 10 of 45

Thread: Major probs with IE

  1. #1
    Junior Member
    Join Date
    Nov 2004
    Posts
    23

    Angry Major probs with IE

    Hey there, I am new to this site. There is another tech site that I generally frequent but lately they have not seemed to be of much help.

    Here is my story....I will try to make it short and to the point. Some time ago my whole system just started acting goofy (a highly technichal term in MY techie dictionary...lol) programs did not open right, my IE disapeared, it would not open, then my Netscape did the same. I had to use only Mozilla for the longest time because it was the only browser I could get to open.

    Ok, so, I finally broke down and decided to reinstall the XP. That seemed to do it, everything worked great, all my messeners were working again, all of my broswsers worked great, programs opened and ran with out a hitch.

    This morning I tried to access my yahoo mail through the desk top icon (the IE yahoo mail link) it seemed to work fine, typed in my name and password. The mail screen remained just long enough for me to see how many messages I had then it went to some funky search screen which in the address bar said -- about:blank. No matter what I am trying to access via IE, I can see it breifly then it goes to -- about:blank. Occassionally I get a pop up there that tells me that I have a virus or spywear. Even then if I click on that pop up, it sends me only to a search engine that I don't know what it is and in the address bar it says -- about:blank!!!!!

    So far everything else on my system is doing ok. Messengers are still working and so is Netscape. I can access my yahoo email through Netscape. Is something up with IE......I really don't think that it could be my system again. I have a really great deep scan AV prog which is not finding any problems, I also have Ad-aware and SpyBot. They found a few things, but after running them and clearing them out I still have the same BS with IE!!

    Any ideas will be greatly appreciated, please either post or email or message me.

    Thanks

    Willow
    Willow

  2. #2
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Make sure you have the current IE updates - windowsupdates.microsoft.com
    Make sure you have current AV signatures, AVG is free - grisoft.net
    Download and install Adaware or spybot to check for spyware.
    Download Hijackthis and post the logs
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  3. #3
    Junior Member
    Join Date
    Nov 2004
    Posts
    23
    AV programs are all up to date and are finding nothing. I already ran both Ad-aware and Spy Bot. I cannot update the IE because I can only access it through Netscape and it is telling me that I must have IE 5.0 or newer to run. I do (or did as of this morning) have IE 6....(I think) 2. Since my IE pages always go to About:blank and some messed up search engine I cannot do it using IE.
    Willow

  4. #4
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    check IE tools > connection > lan and proxy options and make sure its not routing you through a proxy.

    Even after reinstalling XP IE shoudl have bee returned to an out of the box state, which leads one to believe a virus or spyware. Run Hijackthis and post the log.

    Maybe looks into Firefox....
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  5. #5
    Junior Member
    Join Date
    Nov 2004
    Posts
    23
    It was set to go through a proxy, so I changed it and it changed itself right back!!

    I am going to run Hijackthis and see what happens
    Willow

  6. #6
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    ya see thats more similair to spyware or a trojan, make sure you update the adaware defs as well.

    You can manually check your registry for junk running:
    start > run > regedit

    Local Machine
    Software
    Microsoft
    Windows
    Current Version
    Run

    only valid programs should have keys, get rid of things like run32.dll /GJHSGDJHGF
    or msbb.exe, or HJGSJHGSHDGhgjfhdf.exe

    Once again spybot or adaware shoudl have picked thing like that up.....
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  7. #7
    Junior Member
    Join Date
    Nov 2004
    Posts
    23
    Here is what Hijackthis is showing me. I have not yet made any changes.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
    N3 - Netscape 7: user_pref("browser.startup.homepage", "yahoo.com"); (C:\Documents and Settings\Curtis Pigman\Application Data\Mozilla\Profiles\default\okdxqgmu.slt\prefs.js)
    N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Curtis Pigman\Application Data\Mozilla\Profiles\default\okdxqgmu.slt\prefs.js)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn5\ycomp5_5_7_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
    O2 - BHO: (no name) - {C18A70F9-6155-4670-BB6F-3BBAB02EF91D} - C:\WINDOWS\System32\gfb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn5\ycomp5_5_7_0.dll
    O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
    O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
    O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
    O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
    O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
    O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
    O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
    O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
    O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe"
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\GhostSurf\info.allow.html
    O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html
    O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html
    O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html
    O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html
    O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe
    O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe
    O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06e96027...p/RdxIE601.cab
    O18 - Filter: text/html - {EEC86FD4-BD37-48A0-8153-33DCA97822EC} - C:\WINDOWS\System32\gfb.dll
    O18 - Filter: text/plain - {EEC86FD4-BD37-48A0-8153-33DCA97822EC} - C:\WINDOWS\System32\gfb.dll
    Willow

  8. #8
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Ok, so do you use things like Willdtangent, Weatherbug, Ghost Surf and Seti? I would can that crap. The stuff that looks kind of suspicious is the last couple lines, software-dl.real.com, perhaps is Real Audio, not sure about the gfb.dll.....you might want to confirm what that is.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

  9. #9
    Junior Member
    Join Date
    Nov 2004
    Posts
    23
    I do use ghostsurf and seti.......what about the first few lines where it refers to IE and says navigation failure?
    Willow

  10. #10
    Senior Member kr5kernel's Avatar
    Join Date
    Mar 2004
    Posts
    347
    Ya, it looks like it is setting your search pages to crap, and still throwing you in through a proxy listening on port 7212 , getting rid of that would be a good start.

    you could do a netstat -o to see what process is listening on port 7212, then check the pid in task manager and see what file is actually running the process.
    kr5kernel
    (kr5kernel at hotmail dot com)
    Linux: Making Penguins Cool Since 1994.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •