HELP PLEASE !! Browser Problem

[Bart Bailey]

In Message-ID:<[email protected]> posted on
Tue, 20 Sep 2005 10:09:48 +1000, Shayne Robinson wrote: Begin

Well, here it is

Logfile of HijackThis v1.97.5
Scan saved at 10:06:45 AM, on 20/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Wow, it only took four lines to name the problem - MSIE

Then there's all the additional "help"

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Adobe Acrobat
6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3448474F-2D74-50C8-AF0D-7DA401192A3E} - (no
file)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} -
C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {4BD9653E-D4C7-454B-9151-A8517B84BA08} -
C:\PROGRA~1\BITBEA~1\ieplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security -
{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AE7CD045-E861-484f-8273-0445EE161910} -
C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -
C:\Program Files\Norton Internet Security\Norton
AntiVirus\NavShExt.dll

and "tools"

O3 - Toolbar: Yahoo! Companion -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton
Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -
C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: Norton Internet Security -
{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common
Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar1.dll

Plus extra context features

O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program
Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All with BitBeamer -
res://C:\Program Files\BitBeamer\ieplugin.dll/getlinks
O8 - Extra context menu item: Download with BitBeamer -
res://C:\Program Files\BitBeamer\ieplugin.dll/download
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm

And extra buttons

O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)

It's a wonder there's any resources left.

 

[Bart Bailey]

The Browser will not open any web pages so I can't go to sites.

re-run HJT and "fix" all the BHO [O2] entries

without all that distracting "help"
you might be able to direct "your" browser
to where "you" want it to go.

 

[Bart Bailey]

This is NOT the best place to post a HJT Log.
In fact, the software you used is out of date. HJT is upto v1.99.1 Yours is v1.97.5 .

His version HJT is up to date enough
to indicate what an overloaded system he has

 

[David H. Lipman]

From: "Bart Bailey" <[email protected]>

| In Message-ID:<[email protected]> posted on
| Tue, 20 Sep 2005 09:43:49 +1000, Shayne Robinson wrote: Begin
||
| re-run HJT and "fix" all the BHO [O2] entries
|
| without all that distracting "help"
| you might be able to direct "your" browser
| to where "you" want it to go.
|
| --
|
| Bart

If it s a problem from Browser Helper Objects, I suggest installing and updating BHODemon.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm

It can remove the malware BHO's and be used to protect against furure ones.

 

[Shayne Robinson]

From: "Bart Bailey" <[email protected]>

| In Message-ID:<[email protected]> posted on
| Tue, 20 Sep 2005 09:43:49 +1000, Shayne Robinson wrote: Begin
||
| re-run HJT and "fix" all the BHO [O2] entries
|
| without all that distracting "help"
| you might be able to direct "your" browser
| to where "you" want it to go.
|
| --
|
| Bart

If it s a problem from Browser Helper Objects, I suggest installing and updating BHODemon.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm

It can remove the malware BHO's and be used to protect against furure ones.

Thanks for your input fellas, and I really loved the sarcasm dripping
from Bart's posts.

Everything he points to has been there for ages, except the BHO
objects which Norton cannot seem to remove, even though it detects
them and offers to delete them, but even those have been there for at
least a month before this problem arose..

Seems to me though, from posts I've read in
microsoft.public.windows.inetexplorer.ie6.browser, there are a lot
more people than me experiencing this problem.

Once again, I have to say, I CANNOT open http// sites or web pages,
so, until Ican get access to another computer with an internet
connection, I cannot check them out. From where I live, that could be
a long time.

I'll say it again, I appreciate any help I can get, but I certainly
don't need any shit from anyone who gets their jollies from sneering
at someone's woes.

Got that "Bart" ?

 

[David H. Lipman]

From: "Shayne Robinson" <[email protected]>

< snip >

| Once again, I have to say, I CANNOT open http// sites or web pages,
| so, until Ican get access to another computer with an internet
| connection, I cannot check them out. From where I live, that could be
| a long time.
|
< snip >

http:// is a syntax. Just like .HTM or .HTML files may be associated by a particular
program (*.EXE file) URLs are interpreted, and associated with an application and then
launched.

Example URLs.

shttp://
https://
ftp://

When you enter a URL EXPLORER.EXE will interpret the syntax of the URL and will pass along
the URL to the program associated with that URL.

For example if Outlook Express (OE) is your default News Client then if you enter the
following URL s
EXPLORER.EXE will interprest the URL and pass it to the associated program Outlook Express.
Not only will it open OE and setup an account (unsubscribed) but it will also interpret
sas using TCP port 563 instead of TCP port 119.

all these are store in the Registry at:
HKEY_CLASSES_ROOT\

So it is possible that your information may be corrupted and this could have nothing to do
with malware.

 

[John Coutts]

From: "Bart Bailey" <[email protected]>

| In Message-ID:<[email protected]> posted on
| Tue, 20 Sep 2005 09:43:49 +1000, Shayne Robinson wrote: Begin
|

The Browser will not open any web pages so I can't go to sites.

|
| re-run HJT and "fix" all the BHO [O2] entries
|
| without all that distracting "help"
| you might be able to direct "your" browser
| to where "you" want it to go.
|
| --
|
| Bart

************ REPLY SEPARATER ************
All the snide comments aside, Bart is right; your system is very overloaded
with "extras". It is quite possible that there is a conflict between some of
these. Since we do not know your system intimately, we can only offer general
advice. If I was cleaning this system, I would have the customer beside me. and
if the customer didn't know what something was, I would delete it. My own
system has 14 entries to give you some idea. You should only have one R0 and
one R1. You don't need any 02's or 03's, so use your own judgement. Be careful
with the 04's because some of these may be related to specific hardware on your
machine. You do not need any of the 08's or 09's, but 09's are not generally a
problem. You also do not need any of the 16's. There is also supposed to be an
item 17 which shows the DNS Nameserver information in the registry (this one is
missing). Unfortunately I don't know how to restore that one, but I do know
that it is required. Someone else on this list may be able to offer some
advice on that.

Be careful when using HiJackThis, but be cutthroat. Most of these "frills" can
be added back later if you find you really want them, but once cleaned up you
will find system performance improves immensely. If you want to find the
problem source, fix them one at a time.

J.A. Coutts

 

[Bart Bailey]

Got that "Bart" ?

Not really,
but then I don't put a lot of unnecessary crap on my computer, such that
I have to come whining to some group of strangers for help.

Bottom line: do you control what gets installed on the computer in
question or is that someone else's responsibility?

 

[Bart Bailey]

Be careful when using HiJackThis, but be cutthroat. Most of these "frills" can
be added back later if you find you really want them, but once cleaned up you
will find system performance improves immensely. If you want to find the
problem source, fix them one at a time.

In another post someone was admonishing the "victim" about the
obsolescence of his version of HJT, as I use the 1.97 myself I can't
speak for the capabilities of the newer one. In any case when an item is
"fixed" in the older HJT it is assigned to a backup folder and can be
restore to the registry very easily. A reboot might be necessary to
invoke its action however.