Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91806 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Internet Explorer 6.0


  • Please log in to reply
16 replies to this topic

#1 sparki

sparki

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 29 August 2004 - 11:35 PM

help-when i click on my internet explorer icon, it says connecting to site 127.0.0.1 at the bottom of the window..then nothing happens and the window closes.... after it happened for awhile i have managed to delete IE 6.0 , but when I try to reinstall a window says that "setup was unable to connect to the download site or the system administrator's download server to retrieve the instruction file for the setup program. This could be caused by proxy server settings on your computer that are not valid" I don't know what proxy server settings are, or how I change or get rid of this one so that i can download IE 6 again. Also, when i somehow managed to delete IE , when i reboot the computer it states-IE has been successfully removed-do you want to clean up your personalized settings for this program? I always click no because I'm not sure what they are talking about deleting, and feel I've caused enough damage already.Should I delete these personal settings or not? I have windows xp,on a 2 yr old Dell computer. any helpful info appreciated.

    Advertisements

Register to Remove


#2 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 30 August 2004 - 04:43 PM

hello sparki, 127.0.0.1 is your computer, somewhere in your network setup you may have a selection for a proxy enabled. you can check like this: start>settings>control panel>Network and internet connections>set up or change your internet connection> under the connections tab click the LAN settings button, another window will open, make sure the box under Proxy server is not checked. clicking the advanced button opens still another window(proxy settings), no ip address or port should be listed there unless you have changed these yourself (or a administrator)or are knowingly running a local proxy.
How Can I Reduce My Risk?

#3 sparki

sparki

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 30 August 2004 - 10:47 PM

my xp setup is a little different--i went to start>control panel>internet options>connections> clicked on LAN settings.. in here I had to click on the proxy server box to open the advanced button... in here the 127.0.0.1 was in the proxy setting box and numbers in the port. I deleted these. Then unchecked the box " use the same proxy for all protocols" box. When I did this a box opened that said " the settings for proxy server are blank. This prevents access to the internet. Do you want to turn off proxy connection?" I clicked yes. In the LAN settings box the proxy server is no longer checked. Under my Connections tab there are 3 choices to click on: 1) never dial a connection. 2) dial whenever a network connection is not present or 3) always dial my default connection.--------------------which of these 3 should I check? Thanks for your help

#4 sparki

sparki

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 30 August 2004 - 11:22 PM

I restarted my computer and tried to connect to windows update, the window opened, but at the bottom it said connection to site 127.0.0.1 again. I rechecked the connections> LAN box and they remained clear of the proxy settings...so i attempted again to download internet explorer. when i did, the same box appeared as in my original post. i clicked on the box button that said advanced, and a small box called "windows update setup" opened. It had checked: connect using a proxy server..in the 2 boxes it had the 127.0.0.1 and a port number..I again deleted these and unchecked the box. A small box opened stating "setup cannot complete connection. You must specify an address and port. If you don't know settings, contact your administrator"...This is just a home computer, there is no network system. I don't even have a NIC installed on my computer. When I was in my internet properties , under control panel, I saw that under SECURITY, local intranet 3 items were check: 1) include all local intranet sites not listed in other zones. 2) include all sites that bypass the proxy server. and 3) include all network paths (UNC's). Is this significant? Should all 3 of these be checked? Thank you so much for your help. I'm definitely a novice at this.

#5 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 31 August 2004 - 05:20 AM

hey sparki, i will get back to you soon..........
How Can I Reduce My Risk?

#6 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 31 August 2004 - 06:41 PM

hello sparki,

sorry for delay. you may have a solution by now. the best thing to do would be to call your ISP internet tech help and ask them to go over what your network settings should be for XP, or if your isp gave you a install cd, ask about running that which would check your network setup and probably reinstall or repair IE for you, if you would like download HijackThis at Major Geeks site:

http://www.majorgeek...wnload3155.html

(to rule out any malware related problem)
Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use something like "C:\Program Files\HijackThis" but feel free to use any name. This is to ensure it makes the necessary backups for recovery if needed. Download and save the contents to the new folder you made and then navigate to the HijackThis.exe. Then, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results...........
How Can I Reduce My Risk?

#7 sparki

sparki

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 04 September 2004 - 11:28 PM

sorry it took so long to get back...haven't solved this yet...i did call AOL (that is an ISP-correct) and they said it wasn't their problem, didn't answer any questions... I called Dell and worked for an hour with some young guy who tried to help me reinstall internet explorer, but when it was over and I clicked on the icon-it said the same old thing..............connecting to site 127.0.0.1 When i get a chance I will attempt hijack this..... i have to find out how to make a new folder and all that first -I've never done that before...I'll be back-thanks

#8 sparki

sparki

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 04 September 2004 - 11:38 PM

While I'm trying to figure this all out.would it be okay if I download the Mozilla firefox browser I keep reading about? Can you have this and Internet explorer both on your computer?

#9 Micah_6:8

Micah_6:8

    Evilware Emancipator

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,060 posts
  • Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 05 September 2004 - 09:25 AM

Please pardon my intrusion. :oops:

To answer your latest question.

You can have as many web browsers on your machine as it will hold.

I have AOL (which actually uses IE as it's web engine), and 3 versions on Netscape on my machine (because I write web pages and need to be sure they appear correct using various browsers). And I can have all of them running "at the same time", if I want.

Now may I offer a liitle insight on your "connecting to site 127.0.0.1" problem.

I started seeing that on my machine as well (I use AOL as my ISP). I finally tracked it down to this. My wife had downloaded a game from AOL. They only allow you to play it for a certain period of time. I went into my IE "history" and found out that this "127.0.0.1" connection was actually going to AOL!!!

They were somehow using that to keep track of how much time was spent playing the game my wife downloaded.

After her time expired, I went into the settings on my Norton Internet Security and blocked any connection to "127.0.0.1". Personally, I think AOL was/is using it for "spying" purposes. Maybe I'm just a little "paranoid". :blink:

However, the first time I click something, it still says it's connecting there (for a brief moment) before going on.

Here is an example from my Norton log:

9/5/2004 8:44:29 AM,Supervisor,http://127.0.0.1/heartbeat,User-blocked site,"Restriction:  Date Time: 9/5/2004 8:44:29 AM  User: Supervisor  Action: Blocked  Content: User-blocked site  Details: http://127.0.0.1/heartbeat  "

9/5/2004 8:44:21 AM,Supervisor,http://127.0.0.1/configure,User-blocked site,"Restriction:  Date Time: 9/5/2004 8:44:21 AM  User: Supervisor  Action: Blocked  Content: User-blocked site  Details: http://127.0.0.1/configure  "


I'm still at a loss as to why your machine stalls there. :scratch:

Edited by Micah_6:8, 05 September 2004 - 09:27 AM.

Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#10 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 05 September 2004 - 12:21 PM

hello sparki,

I use firefox and as Micah_6:8 says, you can have as many as you want.

If IE is not working, i assume you are using another browser. IE can be downloaded form here: http://www.microsoft...ie/default.mspx
You got IE reinstalled but are having the same problem (127.0.0.1)?
have you tried opening ie and typing a ip-- (http://209.123.109.175) without the () thats dslreports ip.
connectivity issues can be difficult esp when you cant sit in front of the computer.

just to rule out malware (as i assume this just started happening)

heres alink on creating folder for HJT
http://russelltexas....tehjtfolder.htm

and you can get HJT here
http://www.majorgeek...wnload3155.html


post your HJT log in this thread and me or Micah_6:8 will be happy to look at it.
How Can I Reduce My Risk?

    Advertisements

Register to Remove


#11 sparki

sparki

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 05 September 2004 - 10:52 PM

I hope this is right-here goes



Logfile of HijackThis v1.98.2
Scan saved at 12:46:56 AM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~2\MXTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking3.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\PROGRA~1\VCOM\SYSTEM~2\mxtask.exe
C:\Program Files\America Online 9.0f\waol.exe
C:\Program Files\America Online 9.0f\shellmon.exe
C:\Program Files\America Online 9.0f\aolwbspd.exe
C:\Program Files\VCOM\PowerDesk\PDExplo.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~~PDTEMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P2P Networking3] C:\WINDOWS\System32\P2P Networking\P2P Networking3.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0f\aoltray.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.side...00719/sb026.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai..../v6/brix6ie.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6F5BBBF0-1978-11D5-8591-009027889212} (Ontrack EasyUpdate Web) - http://www.v-com.com...SP/npEZUWeb.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....21/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://media.toontow...12.5/ttinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6A5EA2A-6AEC-43C8-B5BD-7571CC7630AA}: NameServer = 205.188.146.146

#12 sparki

sparki

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 05 September 2004 - 11:07 PM

I have another dumb question-if I have AOL and AOL uses IE ------and my computer told me I no longer have IE, then how am I opening my web pages and accessing the internet? This is all so confusing to me...

#13 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 06 September 2004 - 09:09 AM

hello sparki,

Could you move HJt to its own folder, out of the temp please.
your log dosnt look that bad
i would look in the add/remove programs panel and uninstall if present;
\MyWay\myBar. Also i would remove kazaa and p2p networking, as they come bundled with 3rd party malware. (kazaa light is adware free, so is winmx)

the AOL browser only uses certain window OS components of IE. even though you uninstalled it , some of it remains as it is "built in"

Scan with HijackThis and place an check next to the following entries,close all windows, then press *fix checked*

R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL

O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)

O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.side...00719/sb026.cab

O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai..../v6/brix6ie.cab

afterwards post a new hjt log............
How Can I Reduce My Risk?

#14 sparki

sparki

    New Member

  • New Member
  • Pip
  • 9 posts

Posted 06 September 2004 - 01:29 PM

I have a question-before i delete kazaa and the P2P----when iclicked on p2p to remove a warning came up that said that several programs,especially internet explorer is dependent on p2p and removing it may prevent Internt Explorer from working... is this a concern or should I still go ahead and delete?

#15 shelf life

shelf life

    SuperMember

  • Visiting Fellow
  • PipPipPipPipPip
  • 3,191 posts

Posted 06 September 2004 - 02:36 PM

hello sparki, i would just uninstall them from the add/remove programs panel. from the vendors site: * How to remove P2P Networking from my computer? To uninstall P2P Networking from your computer running Windows go to Control Panel click Add Remove Programs, select P2P Networking and click Change/Remove. -------------------------------------------------------------------------------------------------- about kazza: Kazaa Media Desktop Overview Kazaa Media Desktop is the most widespread peer-to-peer file sharing program. At the time of writing 330.000.000 users has downloaded Kazaa Media Desktop according to download.com. Kazaa Media Desktop has since its first release bundled a large number of products: CyDoor, IncrediFind, Peer Points, NewDotNet, PerfectNav, P2P Networking, n-Case, SaveNow, Gator, b3d Projector, etc. Classification Adware Files kazaa.exe Vendor Kazaa.com Uninstall procedure Uninstall Kazaa Media Desktop from "Add/Remove Programs" in the Windows® Control Panel. shelf life
How Can I Reduce My Risk?

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users