Unlock Browser settings???

My original problem was my web browser is constantly be redirected to INTERNET OPTIMIZER by YOOGEE. DNS ERROR "ads.msn.com" cannot be found.

Does anyone know how to unlock browser settings?
Internet Options is locked "see administrator". I am the administrator - this is my personal PC.

I have a Mcafee Firewall. I have recently ran SPYBOT search and destroy to try to solve the problem. I have also installed spyware blaster.

PLEASE HELP.

 

Hello marchiafava

Please download HijackThis and run "Scan". Do not fix anything yet. Most of what it shows is either harmless or necessary. After the scan finishes - the scan button turns into a "Save Log" button. Save the log and post it here and some expert will advise you on what to do next.

 

Thanks, but the link you put on your message will not work either. It does not lead anywhere? I then foun the web site by search, but when I pressed the download button it directed me to a blank MSN search page

 

http://www.merijn.org/files/hijackthis.zip

 

Yes the link does work. We just tried it from the post page. It sounds like you may have a major browser hijack going on. We then recommend another site for the file here.

 

try to cut and paste the url in explorer instead of internet explorer
Dolf

 

Here's the log!!




Logfile of HijackThis v1.97.7
Scan saved at 2:10:13 AM, on 12/14/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSER~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\WINDOWS\hh.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM215.DLL
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - Startup: Resume Windows Update Installation.lnk.disabled
O4 - Global Startup: InControl Desktop Manager.lnk.disabled
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

marchiafava

Have HijackThis fix the following by placing a check in the appropriate boxes and hitting 'Fix Checked'. Make sure all browser and all Windows Explorer windows are closed before fixing. Reboot when done.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM215.DLL

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL


Afterwords rerun Spybot S&D and update, scan, and hit "Check for Problems". Have Spybot S&D fix all RED items it finds if any. Reboot when finished.

Best wishes.

 

Hi marchiafava,

Also have HijackThis Fix:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
which will solve the problem you originally posted about.

Regards,

Pieter

 

I did all of the above. Still all my page links in e-mails are dead and "ads.msn.com" cannot be found. MSN support sent me an e-mail with a link to Brown University for a "Trojan Ghost" program, but the link to download the program won't work Any further suggestions? Can I try to save a new copy of ie6 in my documents, then uninstall all the old stuff, then load the new ie6

 

Hi marchiafava,

Seeing that you have not yet installed SP1 for IE6, I would try that first. A lot of files will be replaced by newer versions, which might solve your problem.

Choose the correct language here: http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.asp before you proceed.

Regards,

Pieter

 

Thanks, I'll try that. Also the link in your response leads me nowhere. I will try to get to the site by typing it into the address bar on my browser.

Thanks again



I have tried this when the problems started. I just tried it again a couple of times. I have closed all apps and still get a message - " setup was unable to install all of the components. Please close all applications and try again"

 

I believe your problem is with an option you have enabled with spybot itself.Go to immunise section of spybot and untick "lock ie control panel against opening from within ie (current user)"
me

 

Thanks for your help. I will check that again, but I did uncheck that once. I'll check that and try again.

Thanks

 

I did check it and the only one checked is " Lock hosts file read-only as protection against hijackers" Is that OK

 

i dont use any hosts files , to block ads etc as i blobk with other apps ,however it wont hurt to untick for now and see if that makes a difference.The initial problem does seem very much like the ie lock option being ticked ,though its now unticked Maybe worth ticking it and then trying to access the internet options , then untick it again and try.
me

 

I'll try anything.
THANKS

 

heres what happens when that options ticked (onw9
see attach
me

 

Thanks for the visuals. That was exactly what I was getting yesterday when I tried to access my internet options toolbar, but I got that fixed last night. I have checked and unchecked all the options in "immunize", still gots problems. I think my biggest problem is that the webpage "ads.msn.com" has been blocked or rerouted somehow. Maybe even by me. I did block a bunch of stuff in McAfee Firewall, but I think I unblocked everything. The problems began before I blocked anything.

Anyway, thanks for the help.


Still willing to try anything!!!

 

Hey marchiafava

Can you please post a fresh HijackThis log so we can get a better sense of whether changes made were kept out or reintroduced?

Thanks

 

Thanks Dan,

Here's the log.

Logfile of HijackThis v1.97.7
Scan saved at 9:33:57 PM, on 12/14/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSER~1.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ads.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - Startup: Resume Windows Update Installation.lnk.disabled
O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
O4 - Global Startup: InControl Desktop Manager.lnk.disabled
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Okay,

can you please close out of all applications/windows and select and fix the following;

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ads.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Then reboot and continue on with your apparently incomplete update of IE and let us know how it goes once that update is complete.

Thanks

 

Hey Dan,

I did the same thing with the same results. Incomplete installation. Rebooted. Still dead end surfing. Here is a new log from HijackThis.

10:50 PM 12/14/2003Logfile of HijackThis v1.97.7
Scan saved at 10:50:28 PM, on 12/14/2003
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSER~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\unzipped\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - Startup: Resume Windows Update Installation.lnk.disabled
O4 - Startup: Resume Windows Update Installation.lnk = C:\WINDOWS\Windows Update Setup Files\ie6setup.exe
O4 - Global Startup: InControl Desktop Manager.lnk.disabled
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

Have you tried disabling McAfee Firewall to see if the browse/link problem goes away? Also, have you tried a non-IE browser such as Firebird or Opera?

Not thinking of these as a workaround but merely to help show the extent of the issue and maybe to help isolate the source.