Internet Explorer 6.0
#1
Posted 29 August 2004 - 11:35 PM
Register to Remove
#2
Posted 30 August 2004 - 04:43 PM
#3
Posted 30 August 2004 - 10:47 PM
#4
Posted 30 August 2004 - 11:22 PM
#6
Posted 31 August 2004 - 06:41 PM
sorry for delay. you may have a solution by now. the best thing to do would be to call your ISP internet tech help and ask them to go over what your network settings should be for XP, or if your isp gave you a install cd, ask about running that which would check your network setup and probably reinstall or repair IE for you, if you would like download HijackThis at Major Geeks site:
http://www.majorgeek...wnload3155.html
(to rule out any malware related problem)
Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use something like "C:\Program Files\HijackThis" but feel free to use any name. This is to ensure it makes the necessary backups for recovery if needed. Download and save the contents to the new folder you made and then navigate to the HijackThis.exe. Then, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet. Someone will be along to tell you what steps to take after you post the contents of the scan results...........
#7
Posted 04 September 2004 - 11:28 PM
#8
Posted 04 September 2004 - 11:38 PM
#9
Posted 05 September 2004 - 09:25 AM
To answer your latest question.
You can have as many web browsers on your machine as it will hold.
I have AOL (which actually uses IE as it's web engine), and 3 versions on Netscape on my machine (because I write web pages and need to be sure they appear correct using various browsers). And I can have all of them running "at the same time", if I want.
Now may I offer a liitle insight on your "connecting to site 127.0.0.1" problem.
I started seeing that on my machine as well (I use AOL as my ISP). I finally tracked it down to this. My wife had downloaded a game from AOL. They only allow you to play it for a certain period of time. I went into my IE "history" and found out that this "127.0.0.1" connection was actually going to AOL!!!
They were somehow using that to keep track of how much time was spent playing the game my wife downloaded.
After her time expired, I went into the settings on my Norton Internet Security and blocked any connection to "127.0.0.1". Personally, I think AOL was/is using it for "spying" purposes. Maybe I'm just a little "paranoid".
However, the first time I click something, it still says it's connecting there (for a brief moment) before going on.
Here is an example from my Norton log:
9/5/2004 8:44:29 AM,Supervisor,http://127.0.0.1/heartbeat,User-blocked site,"Restriction: Date Time: 9/5/2004 8:44:29 AM User: Supervisor Action: Blocked Content: User-blocked site Details: http://127.0.0.1/heartbeat "
9/5/2004 8:44:21 AM,Supervisor,http://127.0.0.1/configure,User-blocked site,"Restriction: Date Time: 9/5/2004 8:44:21 AM User: Supervisor Action: Blocked Content: User-blocked site Details: http://127.0.0.1/configure "
I'm still at a loss as to why your machine stalls there.
Edited by Micah_6:8, 05 September 2004 - 09:27 AM.
The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Join the ClassRoom and learn how.
Download Hijack This! My Website: UnSpyMe!
#10
Posted 05 September 2004 - 12:21 PM
I use firefox and as Micah_6:8 says, you can have as many as you want.
If IE is not working, i assume you are using another browser. IE can be downloaded form here: http://www.microsoft...ie/default.mspx
You got IE reinstalled but are having the same problem (127.0.0.1)?
have you tried opening ie and typing a ip-- (http://209.123.109.175) without the () thats dslreports ip.
connectivity issues can be difficult esp when you cant sit in front of the computer.
just to rule out malware (as i assume this just started happening)
heres alink on creating folder for HJT
http://russelltexas....tehjtfolder.htm
and you can get HJT here
http://www.majorgeek...wnload3155.html
post your HJT log in this thread and me or Micah_6:8 will be happy to look at it.
Register to Remove
#11
Posted 05 September 2004 - 10:52 PM
Logfile of HijackThis v1.98.2
Scan saved at 12:46:56 AM, on 9/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOM\SYSTEM~2\MXTask.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking3.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpomau08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoFXM08.exe
C:\PROGRA~1\VCOM\SYSTEM~2\mxtask.exe
C:\Program Files\America Online 9.0f\waol.exe
C:\Program Files\America Online 9.0f\shellmon.exe
C:\Program Files\America Online 9.0f\aolwbspd.exe
C:\Program Files\VCOM\PowerDesk\PDExplo.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~~PDTEMP\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wwe.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P2P Networking3] C:\WINDOWS\System32\P2P Networking\P2P Networking3.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0f\aoltray.exe
O4 - Global Startup: hp officejet 4100 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: RemindU - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.side...00719/sb026.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai..../v6/brix6ie.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://www.otxresear...ia/OTXMedia.dll
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {6F5BBBF0-1978-11D5-8591-009027889212} (Ontrack EasyUpdate Web) - http://www.v-com.com...SP/npEZUWeb.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....21/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://media.toontow...12.5/ttinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?316
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6A5EA2A-6AEC-43C8-B5BD-7571CC7630AA}: NameServer = 205.188.146.146
#12
Posted 05 September 2004 - 11:07 PM
#13
Posted 06 September 2004 - 09:09 AM
Could you move HJt to its own folder, out of the temp please.
your log dosnt look that bad
i would look in the add/remove programs panel and uninstall if present;
\MyWay\myBar. Also i would remove kazaa and p2p networking, as they come bundled with 3rd party malware. (kazaa light is adware free, so is winmx)
the AOL browser only uses certain window OS components of IE. even though you uninstalled it , some of it remains as it is "built in"
Scan with HijackThis and place an check next to the following entries,close all windows, then press *fix checked*
R3 - URLSearchHook: (no name) - {0428FFC7-1931-45b7-95CB-3CBB919777E1} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - (no file)
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.side...00719/sb026.cab
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai..../v6/brix6ie.cab
afterwards post a new hjt log............
#14
Posted 06 September 2004 - 01:29 PM
#15
Posted 06 September 2004 - 02:36 PM
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users