# Solved: Please Something Is Happeing and I dont know What

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

#### texastoy4her

Hi,

I have recently had to change ISP. When I did, I contacted the tech department at the new IP and they walked me throught the changes that I neeed to make. They were actually little changes. Just change on my outlook account and the phone in which I dial into. So I am not sure what is going on.

But every since I have signed on with this new ISP when I first start my computer and log onto the internet, when I try to open something, either IE or Yahoo IM or anything, I get a pop up box saying " Either you or a program is requesting information from local host. Which local host do you want to use?" Then at the bottom in a little box it gives me the option on which Host I want to use....It has my IP listed. Then at the very bottom gives me the option to connect or cancel. If I hit cancel I can continue with whatever it was I was doing with no problems. Thats why I think there maybe something on my computer.

I have ran ad aware, spybot, and norton. I have deleted and fixed everything that they found. Norton found something called a mini bug transporter. Spybot found wild tangent, and not sure what it was ad aware found.

Please help me with this. It may be nothing which would be great. I just want to make sure. let me know if I need to post a HJTL and I will.

Thanks Alot.

#### Rollin' Rog

On the face of it it doesn't sound like a "Security" issue but a configuration one with the programs you are using or accessing. I don't know what.

But for a security review follow these directions:

Create a new, permanent folder for HijackThis and save the file to that. Run it and select "do a system scan and save the log file". Then copy/paste the contents of the log to a reply

Also when you get that message again, please copy and quote it absolutely exactly. No web hits return for the current message -- and usually we can find something for most error messages.

#### texastoy4her

It kinda threw me cause it didnt start happeing until I switched IP. Never had it happened before.

Here is my Hijack this log.

Logfile of HijackThis v1.98.2
Scan saved at 2:34:48 PM, on 1/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Propel Accelerator\PropelAC.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myleague.com/club8
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\Propel Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\Propel Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\Propel Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\Propel Accelerator\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\Propel Accelerator\pac-image.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7966DF32-53A4-432F-9C69-D4FA082A852F}: NameServer = 209.213.140.17 216.136.33.82

#### Rollin' Rog

I'm not sure what the function of this entry is in the Scanlog:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"

But since it is loading the "Internet Connection Wizard" and that is evidently calling Outlook Express -- it might be involved in the message.

I see no malware in the Scanlog, although you have used an older version, I doubt it would be useful to post with the more recent one at this time.

Try "fixing" that entry with HijackThis. If it doesn't help and the entry is useful for something (perhaps launching Outlook Express every time you launch IE), you can restore it through HijackThis > Config > backups.

If you continue to get the message, please give me an exact quote.

#### texastoy4her

Thanks for your help. I really appreciate it. I will do what is suggested and see what happens. To be honest about it I have not had the problem that I mentioned earlier ie: the box opening says that you or a program is requesting information from local host....since this morning. So I dont know what is going on lol.

Thanks again.

#### Rollin' Rog

Wait until it returns again to try what I suggested. Make sure the problem is repeatable first.

It's possible you may need to disconnect and reboot for it to occur. Whatever configuration setting you are enabling or okaying may only need to be renewed once a session.

I think that R1 entry just launches Outlook Express automatically for you. It's actually rather common in Scanlog now that I've had a look. But if the message is only present when that entry is, then you know it is Outlook Express related.

#### texastoy4her

Hiya Rollin'

I think its fixed now. See what had happened was I was haveing that box open when started IE or Yahoo Im or anything. Thats when I ran norton spybot and adaware and removed and foxed everything it found. I thought it would fix the prob but it would still happen after that. So thats when I came and posted the thread. The next day however by the time you had replyed it quit lol. So I am guessing it was something that 1 of them programs had found. I do really appreciate your help.

Tex

#### Rollin' Rog

Good to hear and you welcome for the review. We'll just mark it up to one of those solved but unsolved Window's mysteries

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

As Seen On