Major probs with IE

[willowmoon]

Hey there, I am new to this site. There is another tech site that I generally frequent but lately they have not seemed to be of much help.

Here is my story....I will try to make it short and to the point. Some time ago my whole system just started acting goofy (a highly technichal term in MY techie dictionary...lol) programs did not open right, my IE disapeared, it would not open, then my Netscape did the same. I had to use only Mozilla for the longest time because it was the only browser I could get to open.

Ok, so, I finally broke down and decided to reinstall the XP. That seemed to do it, everything worked great, all my messeners were working again, all of my broswsers worked great, programs opened and ran with out a hitch.

This morning I tried to access my yahoo mail through the desk top icon (the IE yahoo mail link) it seemed to work fine, typed in my name and password. The mail screen remained just long enough for me to see how many messages I had then it went to some funky search screen which in the address bar said -- about:blank. No matter what I am trying to access via IE, I can see it breifly then it goes to -- about:blank. Occassionally I get a pop up there that tells me that I have a virus or spywear. Even then if I click on that pop up, it sends me only to a search engine that I don't know what it is and in the address bar it says -- about:blank!!!!!

So far everything else on my system is doing ok. Messengers are still working and so is Netscape. I can access my yahoo email through Netscape. Is something up with IE......I really don't think that it could be my system again. I have a really great deep scan AV prog which is not finding any problems, I also have Ad-aware and SpyBot. They found a few things, but after running them and clearing them out I still have the same BS with IE!!

Any ideas will be greatly appreciated, please either post or email or message me.

Thanks

Willow

[kr5kernel]

Make sure you have the current IE updates - windowsupdates.microsoft.com
Make sure you have current AV signatures, AVG is free - grisoft.net
Download and install Adaware or spybot to check for spyware.
Download Hijackthis and post the logs

[willowmoon]

AV programs are all up to date and are finding nothing. I already ran both Ad-aware and Spy Bot. I cannot update the IE because I can only access it through Netscape and it is telling me that I must have IE 5.0 or newer to run. I do (or did as of this morning) have IE 6....(I think) 2. Since my IE pages always go to About:blank and some messed up search engine I cannot do it using IE.

[kr5kernel]

check IE tools > connection > lan and proxy options and make sure its not routing you through a proxy.

Even after reinstalling XP IE shoudl have bee returned to an out of the box state, which leads one to believe a virus or spyware. Run Hijackthis and post the log.

Maybe looks into Firefox....

[willowmoon]

It was set to go through a proxy, so I changed it and it changed itself right back!!

I am going to run Hijackthis and see what happens

[kr5kernel]

ya see thats more similair to spyware or a trojan, make sure you update the adaware defs as well.

You can manually check your registry for junk running:
start > run > regedit

Local Machine
Software
Microsoft
Windows
Current Version
Run

only valid programs should have keys, get rid of things like run32.dll /GJHSGDJHGF
or msbb.exe, or HJGSJHGSHDGhgjfhdf.exe

Once again spybot or adaware shoudl have picked thing like that up.....

[willowmoon]

Here is what Hijackthis is showing me. I have not yet made any changes.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
N3 - Netscape 7: user_pref("browser.startup.homepage", "yahoo.com"); (C:\Documents and Settings\Curtis Pigman\Application Data\Mozilla\Profiles\default\okdxqgmu.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Curtis Pigman\Application Data\Mozilla\Profiles\default\okdxqgmu.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn5\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Basic\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O2 - BHO: (no name) - {C18A70F9-6155-4670-BB6F-3BBAB02EF91D} - C:\WINDOWS\System32\gfb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn5\ycomp5_5_7_0.dll
O3 - Toolbar: Pa&nicware Pop-Up Stopper Basic - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Basic\psbasic.dll
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [RCScheduleCheck] C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [DWHeartbeatMonitor] C:\PROGRA~1\THEWEA~1\DWHeartbeatMonitor.exe
O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min
O4 - HKCU\..\Run: [PopUpStopperBasic] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSBasic.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow personal info to reach this site - file://C:\Program Files\GhostSurf\info.allow.html
O8 - Extra context menu item: Allow popups on this site - file://C:\Program Files\GhostSurf\popup.allow.html
O8 - Extra context menu item: Allow this advertisement - file://C:\Program Files\GhostSurf\menu.allowimg.html
O8 - Extra context menu item: Block personal info from this site - file://C:\Program Files\GhostSurf\info.block.html
O8 - Extra context menu item: Block popups on this site - file://C:\Program Files\GhostSurf\popup.block.html
O8 - Extra context menu item: Block this advertisement - file://C:\Program Files\GhostSurf\menu.blockimg.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe
O9 - Extra 'Tools' menuitem: GhostSurf Privacy Center - {578FC4E3-151E-456c-AF8E-B63061EFE228} - C:\Program Files\GhostSurf\LaunchPCC.exe
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06e96027...p/RdxIE601.cab
O18 - Filter: text/html - {EEC86FD4-BD37-48A0-8153-33DCA97822EC} - C:\WINDOWS\System32\gfb.dll
O18 - Filter: text/plain - {EEC86FD4-BD37-48A0-8153-33DCA97822EC} - C:\WINDOWS\System32\gfb.dll

[kr5kernel]

Ok, so do you use things like Willdtangent, Weatherbug, Ghost Surf and Seti? I would can that crap. The stuff that looks kind of suspicious is the last couple lines, software-dl.real.com, perhaps is Real Audio, not sure about the gfb.dll.....you might want to confirm what that is.

[willowmoon]

I do use ghostsurf and seti.......what about the first few lines where it refers to IE and says navigation failure?

[kr5kernel]

Ya, it looks like it is setting your search pages to crap, and still throwing you in through a proxy listening on port 7212 , getting rid of that would be a good start.

you could do a netstat -o to see what process is listening on port 7212, then check the pid in task manager and see what file is actually running the process.