Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old May 9th, 2004, 09:03 PM
jpeach jpeach is offline
New Member
 
Join Date: May 2004
Posts: 2
Browser Hijack?? Proxy Override 127.0.0.1

Hey everyone. Thanks in advance.

I can't seem to get ANYWHERE in IE 6. I can access the internet just fine through Netscape but IE is a bust. I get a "Page cannot be found" error no matter where I go. On top of this I can't get anything through MediaPlayer 9 also I cannot get out to Live Update for Norton updates. I assumer it has something to do with the "R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local" that I found in my HiJackThis log... however I really do not know. I've tried to change those setting in RegEdit but the ALWAYS change back. Even if I try to delete them... they come back. Very frustrating...

I've also tried running WinsockXPFix.. still won't work though..


I have run SpyBot and Ad Aware several times and I'm at a loss... can somebody give my hijackthis log.. much appreciated.




Logfile of HijackThis v1.97.7
Scan saved at 12:29:05 PM, on 5/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
F:\WINDOWS\System32\Kyg30vv.exe
F:\WINDOWS\wanmpsvc.exe
F:\WINDOWS\System32\Qjfe4.exe
F:\Documents and Settings\Julian\Desktop\HijackThis.exe
F:\Program Files\iPod\bin\iPodService.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (F:\Documents and Settings\Julian\Application Data\Mozilla\Profiles\default\ilvcl1sk.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (F:\Documents and Settings\Julian\Application Data\Mozilla\Profiles\default\ilvcl1sk.slt\prefs.j s)
O4 - HKLM\..\Run: [35XZWYN39Z7QLD] F:\WINDOWS\System32\QhpXq.exe
O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM (HKLM)
Reply With Quote


  #2  
Old May 9th, 2004, 09:12 PM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 12
Posts: 11,532
Hi buddy welcome to CTH...you could give these two a try...

Close IE and go to Start > Run, and run the following commands, one after the other, each line followed by 'enter':

regsvr32 shdocvw.dll
regsvr32 urlmon.dll
regsvr32 comcat.dll
regsvr32 actxprxy.dll
regsvr32 Shell32.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 jscript.dll

Run each line individually. After each run, you should see a short message saying the command was successful.

If that doesn't work try this...here's a regfile that will restore the Windows defaults for everything Start page-related.
Save to disk, close all browser windows, double click the file and answer 'yes' when asked to add its contents to the Registry.

STARTFIX

Let us know how you go.
Reply With Quote
  #3  
Old May 9th, 2004, 09:14 PM
don77 don77 is offline
CTH Subscriber
 
Join Date: Mar 2004
Location: Mass. USA
Age: 50
Posts: 3,037
Hi Jpeach and welcome to CTH.

He did it again,

Don
Reply With Quote
  #4  
Old May 9th, 2004, 09:21 PM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 12
Posts: 11,532
lol
Reply With Quote
  #5  
Old May 9th, 2004, 10:22 PM
jpeach jpeach is offline
New Member
 
Join Date: May 2004
Posts: 2
Still no luck

I followed those instructions and it's still giving me the Page not Found error.

In the status bar I can see it saying "conecting to site 127.0.0.1"

Here is a new HJT log... looks the same though...

Thanks agian.


Logfile of HijackThis v1.97.7
Scan saved at 2:21:32 PM, on 5/9/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\AIM\aim.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
F:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
F:\WINDOWS\System32\Kyg30vv.exe
F:\WINDOWS\wanmpsvc.exe
F:\WINDOWS\System32\Qjfe4.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\SBC\Connection Manager\CManager.exe
F:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
F:\PROGRA~1\BROADJ~1\CLIENT~1\CFD.exe
F:\Program Files\Netscape\Netscape\Netscp.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Documents and Settings\Julian\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (F:\Documents and Settings\Julian\Application Data\Mozilla\Profiles\default\ilvcl1sk.slt\prefs.j s)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (F:\Documents and Settings\Julian\Application Data\Mozilla\Profiles\default\ilvcl1sk.slt\prefs.j s)
O4 - HKLM\..\Run: [35XZWYN39Z7QLD] F:\WINDOWS\System32\QhpXq.exe
O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{599D039B-87D6-4A83-BE7C-5F17A417E0C1}: NameServer = 64.169.10.7 206.13.28.12
Reply With Quote
  #6  
Old May 11th, 2004, 11:26 AM
dammit's Avatar
dammit dammit is offline
Rampant Rabbit
 
Join Date: Dec 2002
Location: New York/Paris/Milan/pie country
Age: 12
Posts: 11,532
Hi again..have hijack fix these....then use the startfix...see if that works.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 07:39 AM.