80072EFD after Download Box shows up and executes. AOL 9 & with I

Discussion in 'Windows Update' started by Kurt, Nov 28, 2004.

  1. Kurt

    Kurt Guest

    Here is my Story. I have two problems which I suspect are related to each
    other as they seemed to have started to appear at the same time. Problem #1:
    Internet Explorer comes back with a "The page cannot be displayed ... Cannot
    find server or DNS Error" when I am logged into AOL. My AOL Browser works ok.
    Problem #2: Using my AOL browser, I am able to log into the Windows Update
    site and get through everything until it comes to download the update. The
    download status box appears and the progress bar zips across in a split
    second and I get an error message stating that the "updates were unable to be
    successfully installed" when I look at the installation log I have an error
    which turns out to be 80072EFD.
    I have:
    - HP m300Y Media Center PC 2004 version 2002 (build 2600) with Service Pack
    2. (These problems started happening before I added SP2.)
    - Microsoft IE Build 6.0.2900.2180
    - AOL 9.0 version 16.4156.5001 US (a)

    This all started to happen around late August 2004. The last two updates
    from the Windows update site were “Cumulative Security Update for Internet
    Explorer 6 Service Pack 1 (KB867801)†and one for Agre Win Modem. Since I
    was on vacation, I also did some other updates. Unfortunately I did not see
    a black and white “now it works and now it doesn’tâ€. I was hoping that SP2
    would take care of it and since I had days off for Thanksgiving, I was able
    to install SP2. There has been no change in behavior after SP2.
    Update: Now that I think about it more, I remember thinking that this update
    might have been the source of my problems “Update for Background Intelligent
    Transfer Service (BITS) 2.0 and WinHTTP 5.1 (KB842773)â€, but it was not a
    black and white observation on my part as to when this problem started to
    happen. I had made the decision that if this update had screwed up the
    Windows update site, that Microsoft would be on it fast and furious so I
    decided to let time pass.

    I started to study the community help and try things and here is a summary
    of where I am.

    - I do not have Norton Firewall.
    - I completed all of the tasks in http://support.microsoft.com/?kbid=836941
    - When I am unsuccessful at downloaded from the Windows update site, I can
    get the Windows service bulletin number from the error message and track down
    the download from another microsoft web page and I am able to successfully
    download my update in that manner using my AOL Browser.
    - I am able to telenet into a web site using port 80 from the start/run
    screen as one person asked in another thread.
    - I am able to ping an IP address from the start/run screen but not connect
    with IE.
    - From IE, I can log into websites by changing the http: to an https: if
    they have an https:.This is also true if I do the same thing from the Windows
    Explorer screen.
    - From the Windows Explorer screen I was able to get into ftp.windows.com,
    but I can not from IE. From IE, I do not get the "cannot find server" error,
    I get a permission denied.
    - I have Norton Anti-virus software. I have Spybot & Spy Eliminator & AOL
    Spy search software.
    - Internet Explorer worked briefly when I had just completed the scan using
    Spy Eliminator, but before I had actually “cleaned†the WildTangent spyware
    it had found. When I clicked on Spy eliminator's online help link, IE
    launched and worked until I rebooted the next time. I could not recreate
    this.
    - In addition to AOL, I have Earthlink total Access 2004. When I am using
    Earthlink, Internet explorer works just fine after I have to change the IE
    connections setting to no proxy server. I have to do this every time, even
    after launching earthlink twice in a row. I originally thought I was having
    to do this because I was using Earthlink after using AOL.
    * I am also able to use IE through Earthlink to successfully access the
    Windows Update web site and download and install an update. I usually use my
    AOL 9 browser, but just to put my IE through Earthlink a workout, I am using
    it to make this update.
    - When I try to use Internet Explorer through AOL, and I put in
    http://www.java.com and I watch the status bar at the bottom of the IE
    window, I see;
    * “Connecting to http://www.java.com/
    * 127.0.0.1
    * "DONE" (with the cannot find server error).
    # If I turn this into an https://www.java.com address, IE goes right to it.
    # If I type in http://symantec.com/, I get 127.0.0.1 and then the cannot
    find server.
    # If I click the refresh button, I see;
    * Connecting to http://symantec.com/
    * 127.0.0.1
    * DONE, but no “Cannot find Server†error. It is like it is locked up
    with the windows flag waving and my cursor turns into an hour glass when over
    the toolbars.
    * I get it unlocked by clicking the home page (about;blank). Then I
    can do all of the above again.
    - Thinking of the Agre Win Modem update I did. I rolled back my driver and
    no change. Then I downloaded the latest driver from the Agre website and
    still not change in behavior.
    * Since I used the OEM driver 8.30; The Windows update site recognized
    that I did not have the xp approved 8.31 version. This is the update that I
    successfully downloaded using IE through Earthlink.

    Update2: Using IE through Earthlink, I just went back to the Windows Update
    page to get another update. Now IE through Earthlink is acting the same way
    as AOL in that I get all of the way through everything until it comes to
    download the update. The download status box appears and the progress bar
    zips across in a split second and I get an error message stating that the
    "updates were unable to be successfully installed" when I look at the
    installation log I have an error which turns out to be 80072EFD. This is
    most likely the first time I have used IE through Earthlink at the Windows
    Update Site since the problem started. It sounds as if the Windows update
    site is the common denominator??
    * After rebooting and launching Earthlink, I again have to change the
    Tools> Options> Connections setting for no proxy server. (I delete my
    Earthlink connection from the control panel all of the time and let earthlink
    rebuild it when I launch the TotalAccess.)
    * Using IE Through Earthlink; I am able to access a random web site.
    * Using IE through Earthlink; I am now having the same problem with the
    Windows Update site. IE. Get all the way through to the download box and no
    success.

    - On all of the above, I have been using the original Administrator’s
    account or my personal computer administrator’s account. Just on a hunch, I
    created a new computer administrator’s account. In this user account I had
    to let Earthlink rebuild a dialin account. With this new XP Computer
    Administrator account, I did the following;
    * Launched IE through Earthlink, accessed websites OK.
    * Went to the Windows Update site and experienced same problem. IE. Get
    all the way through to the download box and no success.
    * Launched AOL and then Internet Explorer. IE works like it should
    !!!!!!
    * Used IE through AOL to go to the windows update site and experienced
    the same problem.
    # After Rebooting, I tried to recreate the above using my new XP Computer
    Administrator Account.
    * Launched AOL and then Internet Explorer. IE works like it should
    !!!!!!
    * Used IE through AOL to go to the windows update site and experienced
    the same problem.
    # After rebooting again; I logged onto the original Administrator account.
    * Launched AOL and then Internet Explorer. IE gets “Cannot find
    Server…†error.
    # I logged onto my personal Computer Administrator account.
    * Launched AOL and then Internet Explorer. IE gets “Cannot find
    Server…†error.
     
    Kurt, Nov 28, 2004
    #1
    1. Advertisements

  2. Kurt

    Noel Paton Guest

    The key here seems to be that you mention a proxy server - AOL doesn't need
    one, AFAIK.
    What is the proxy configuration?
    It could be the remains of a malware infestation....
    You may have a virus/spyware hijack

    download the Stinger from here and run it to make sure that A-V-disabling
    viruses are not present on your PC
    http://download.nai.com/products/mcafee-avert/stinger.exe

    - update your virus scanner and run a full system scan of all files.

    download AdAware from www.lavasoftusa.com, install, update it, then reboot
    to Safe Mode, enable viewing of Hidden and System files in Windows
    Explorer|Folder options, then run Ad-Aware to remove spyware, adware, and
    other such nasties from your system.

    Check for a HOSTS file - if found, then rename it to HOSTS.OLD, reboot and
    try again.

    See if that helps


    --
    Noel Paton (MS-MVP 2002-2005, Windows)

    Nil Carborundum Illegitemi
    http://www.btinternet.com/~winnoel/millsrpch.htm
    http://tinyurl.com/6oztj

    Please read http://dts-l.org/goodpost.htm on how to post messages to NG's
     
    Noel Paton, Nov 28, 2004
    #2
    1. Advertisements

  3. Kurt

    Kurt Guest

    Thanks for the message. See my responses below. Sorry for the untimely
    response as I can only work on this a little each night.

    Kurt Says: When I open IE>Tools>Options>Connections>AOL dialer Settings>Use
    Proxy server & Bypass for local are both selected>Advanced>HTTP:=localhost &
    port=8082.
    When I do the same thing for my Earthlink connection, it is the same
    HTTP:=localhost & port=8082.
    What does AFAIK mean?
    Kurt Says: McAfee’s AVERT Stinger found the following.
    “c:\Windows\system32\cmd.ftp
    Found the W32/Sasser.worm!ftp virus !!!â€
    I guess this gives McAfee a touchdown against my Norton Anti-Virus.

    Kurt Says: Updated my Norton Anti-virus (which I do weekly) and nothing found.

    Kurt Says: Interesting request to run this in safe mode. What is the
    benefit of doing this?? I have Aluia’s Spyware Elminator which I paid $$ for
    and was rated higher than AdAware in internet reviews I read (if one is to
    believe what they read). I ran it in both full mode and safe mode with the
    same result, nothing found. In what I read, Spyware Elminator does not
    identify tracking cookies.
    I also have Spybot. I ran it in both modes and found the same things.
    “HITSLINK†“AVENUE A, INC.†“â€DOUBLECLICK†“HITBOXâ€
    “MEDIAPLEX†which were all tracking cookies. It also found “DSO Exploitâ€
    (Data Source Object Exploit) which Spybot said that what it found was
    something which had taken advantage of a security hole in Internet Explorer.
    The location of the “something†pointed to IE’s trusted sites.
    Unless there is something more special about AdAware than Spyware
    Eliminator, I am not quick to buy it, but I am open minded and am willing to
    change my mind.

    Kurt Says: In my Task Manager Window I see several svchost.exe processes
    open. System = 3; Local Service = 1; Network Service = 2. I do not recall
    seeing the Network Service svchost.exe before.
    Doing a search of files I find Hosts files in the following locations
    which I change as directed.
    C:\I386
    C:\WINDOWS\I386
    C:\WINDOWS\system32\drivers\etc

    When testing all of this, the following update showed up from Microsoft
    which I loaded. It appears NOT to have affected my situation.
    Cumulative Security Update for Internet Explorer for Windows XP Service Pack
    2 (KB834707)
    Date last published: 11/29/2004
    Download size: 2.9 MB
    A security issue has been identified that could allow an attacker to
    compromise a computer running Internet Explorer and gain control over it. You
    can help protect your computer by installing this update from Microsoft.
    After you install this item, you may have to restart your computer.
    Kurt Says: Just on a hunch, before I went to post this response, and after I
    did my testing to see if there had been a net result; I ran Spybot again.
    This time it again came up with the same DSO Exploit problems. I went to
    www.greymagic.com as spybot suggested and they linked me to a free download
    of NoAdAware.exe v3.0 which I ran both in full mode and safe mode.
    * In full mode NoAdAware found 34 non-critical tracking cookies which I
    did not pay to remove.
    * In safe mode NoAdAware found 22 non-critical tracking cookies which I
    did not pay to remove.
    I ran Spybot again and “fixed†the DSO Exploit problems (5). Then I
    exited Spybot and then ran Spybot again. This time I found the same DSO
    Exploit problems as before. At this point I figured it was time to post my
    results for more expert input.

    The end result of all of the above actions is;
    [No Change]: IE will not work through AOL.
    [No Change]: AOL browser will not download updates from Microsoft Windows
    update.
    [No Change]: To use IE through Earthlink; I have to first turn-off Proxy
    server setting.
    [No Change]: IE through Earthlink; Can not download from Windows update site.
     
    Kurt, Dec 3, 2004
    #3
  4. Kurt

    dak Guest

    AFAIK = As Far As I Know
    In SAFE MODE a lot of drivers and other programs are not loaded, just
    the basic stuff to get into and operate Windows. SAFE MODE eliminates a
    lot of possible problems and/or conflicts compared to the same
    operation/procedure being done in NORMAL MODE.
    If the tracking cookies, or other malware, are triggering frequent
    "error pop-ups" you can disable them:
    -Open Spybot S&D, if you're not on the SPYBOT S&D tab click on it
    -Click IMMUNIZE
    -From the DROPDOWN MENU in the lower section, select "Block all bad
    pages silently."
    In order to see this dropdown menu you must have the "Permanently
    running bad download blocker for IE" enabled.
    The DSO EXPLOITS are incorrectly "fixed" by Spybot S&D so they show up
    again on the next scan. If you are up to date on your Microsoft updates
    and patches then you don't have to worry about the DSO EXPLOITS, as that
    particular security "weakness" has been corrected.

    To get rid of the DSO EXPLOITS false flags you can set Spybot S&D to
    ignore them:
    -Open Spybot S&D, click on SETTINGS.
    -Click on IGNORE PRODUCTS
    -Click on SECURITY
    -Check the DSP EXPLOIT box

    Or you can download and install "Spybot S&D 1.3.1 TX" which corrects
    the DSO EXPLOIT bug in Spybot S&D. This will replace the executable
    ONLY, so you must already have either "Spybot S&D 1.3 FINAL" or "Spybot
    S&D 1.3.1 BETA" installed. You can download "Spybot S&D 1.3.1 TX" from:

    <http://www.majorgeeks.com/download4392.htm>

    If neither of those solutions work, or are suitable to you, then reply
    and I'll give you instructions on editing your registry to manually
    correct the DSO EXPLOITS. Deleting the entries will not correct the
    problem, they need to be properly formatted and correctly written to the
    registery.
    Your HOSTS file should reside in "C:\WINDOWS\system32\drivers\etc".
    Look at its contents with Notepad and delete anything beyond the
    "127.0.0.1 localhost" entry (which should be the first entry) that you
    did not put there yourself.
    You can disable (rather than delete) the other HOSTS files by renaming
    them to something like "HOSTS.TXT".
     
    dak, Dec 3, 2004
    #4
  5. Kurt

    Noel Paton Guest

    Kurt
    dak has already posted a detailed 'critique' - so I'll confine myself to a
    couple of points....

    1) Aluria Spyware Eliminator - Aluria have recently formed a partnership
    with WhenU (purveyors of spyware to the masses) - make of that what you
    will. (http://www.spywareinfo.com/articles/aluria/delisted.php)

    2) Ad-Aware is free for personal use, so you have nothing to lose by trying
    it. No one spyware killer removes @[email protected] - and the beauty of Ad-aware
    is that you can pretty much remove absolutely everything it finds, with very
    rare exceptions (unlike SpyBot S&D, which can cripple your PC if you don't
    know what you're doing).

    --
    Noel Paton (MS-MVP 2002-2005, Windows)

    Nil Carborundum Illegitemi
    http://www.btinternet.com/~winnoel/millsrpch.htm
    http://tinyurl.com/6oztj

    Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

     
    Noel Paton, Dec 3, 2004
    #5
  6. Kurt

    Yolanda RC Guest

    Hi Kurt,
    I had all the same symtoms-called Dell, MSN Virus People, the MSN $$ Expert
    no go. last 2 told me to back up system & scrub my hard drive, I was NOT
    going to do that again - All diagnostics showed my pc was CLEAN! I was
    hijacked, I knew that so I looked thru programs and found it under my Norton
    Internet program- these "geniouses" that develop these viruses can go around
    anything! this one is named Adware Bouncer & ba.exe so its easy to download
    thinking it's Adaware. The virus/spyware reproduces itself and changes the
    registry - it would not let me download Stinger, nor Panda nor update Norton.
    I cound not do research nor use Google. I ran Spy Bot (free) and downloaded
    Adaware again. In desperation I deleted my Norton Internet. I used
    abcnews.com as a search engine for free anti-virus, I like it - and was able
    to get Panda AntiVirus. Used it. Reloaded Norton Internet and everything is
    working fine now. Norton has a small program to unhook these things from
    registry but you have to call a tech to walk thru the process -the name of
    the program is "tbar.exe" It comes with directions but I did not have to
    use-its free. It took a long time to fix my pc - now I'm deleting lots of
    e-mail, not opening attachments espcially from people who love to "forward"
    stuff and no more downloading of anything unless its absolutely safe.
    Firewall, AntiVirus, 3 Spyware Protectors is what I'm using now. Good luck!

     
    Yolanda RC, Dec 3, 2004
    #6
  7. Kurt

    Kurt Guest

    Thanks go to dak & Noel & Yolanda RC for taking the time to respond to my
    dilemma. I can only work on this in the evening so my progress is slow and
    therefore the delay in my progress update. See my responses below, but first
    a review of my situation.

    - IE will not work through AOL.
    - AOL browser will not download updates from Microsoft Windows update.
    - To use IE through Earthlink; I have to first turn-off Proxy server setting.
    - IE through Earthlink; Can not download from Windows update site.


    dak wrote:
    If the tracking cookies, or other malware, are triggering frequent
    "error pop-ups" you can disable them:
    -Open Spybot S&D, if you're not on the SPYBOT S&D tab click on it
    -Click IMMUNIZE
    -From the DROPDOWN MENU in the lower section, select "Block all bad
    pages silently."
    In order to see this dropdown menu you must have the "Permanently
    running bad download blocker for IE" enabled.

    Kurt says: I do not have problems with frequent "error pop-ups" but I went
    ahead and performed the procedure described.

    The DSO EXPLOITS are incorrectly "fixed" by Spybot S&D so they show up
    again on the next scan. If you are up to date on your Microsoft updates
    and patches then you don't have to worry about the DSO EXPLOITS, as that
    particular security "weakness" has been corrected.

    To get rid of the DSO EXPLOITS false flags you can set Spybot S&D to
    ignore them:
    -Open Spybot S&D, click on SETTINGS.
    -Click on IGNORE PRODUCTS
    -Click on SECURITY
    -Check the DSP EXPLOIT box

    Or you can download and install "Spybot S&D 1.3.1 TX" which corrects
    the DSO EXPLOIT bug in Spybot S&D. This will replace the executable
    ONLY, so you must already have either "Spybot S&D 1.3 FINAL" or "Spybot
    S&D 1.3.1 BETA" installed. You can download "Spybot S&D 1.3.1 TX" from:

    <http://www.majorgeeks.com/download4392.htm>

    Kurt Says: My version of Spybot did not say “final†so I downloaded the
    version from www.majorgeeks.com and reinstalled it. I downloaded the latest
    updates. I downloaded and installed the patch. I ran spybot and it worked.
    The DSO exploits no longer showed up. I tested for my four problems listed
    at the beginning and no change.


    Your HOSTS file should reside in "C:\WINDOWS\system32\drivers\etc".
    Look at its contents with Notepad and delete anything beyond the
    "127.0.0.1 localhost" entry (which should be the first entry) that you
    did not put there yourself.
    You can disable (rather than delete) the other HOSTS files by renaming
    them to something like "HOSTS.TXT".

    Kurt Says: There was not anything beyond the "127.0.0.1 localhost" entry.




    Noel Wrote:
    1) Aluria Spyware Eliminator - Aluria have recently formed a partnership
    with WhenU (purveyors of spyware to the masses) - make of that what you
    will. (http://www.spywareinfo.com/articles/aluria/delisted.php)

    Kurt Says: Hmmm. Thanks for the heads up.

    2) Ad-Aware is free for personal use, so you have nothing to lose by trying
    it. No one spyware killer removes @[email protected] - and the beauty of Ad-aware
    is that you can pretty much remove absolutely everything it finds, with very
    rare exceptions (unlike SpyBot S&D, which can cripple your PC if you don't
    know what you're doing).

    Kurt Says: I found the free download of AdAwareSE on the www.BigGeeks.com
    site that dak talked about. I got it set up and ran it in safe mode and in
    full mode. No difference in what it found. It found the following:
    - (35) MRUs
    - (6) softomate toolbar items [TAC=9 and mentions this is a brower
    hijacker]
    - (208) tracking cookies.
    Ad-Aware seems to have outperformed Spyware Elminator. It makes one wonder
    if these internet review sites are taking money under the table to modify
    their ratings of products?

    Nil Carborundum Illegitemi

    Kurt Says: I have spent too much time trying to find out what this means.
    I give up, what nugget of wisdom does this give point to.



    Yolanda wrote:
    I had all the same symtoms-called Dell, MSN Virus People, the MSN $$ Expert
    no go. last 2 told me to back up system & scrub my hard drive, I was NOT
    going to do that again - All diagnostics showed my pc was CLEAN! I was
    hijacked, I knew that so I looked thru programs and found it under my Norton
    Internet program- these "geniouses" that develop these viruses can go around
    anything! this one is named Adware Bouncer & ba.exe so its easy to download
    thinking it's Adaware. The virus/spyware reproduces itself and changes the
    registry - it would not let me download Stinger, nor Panda nor update Norton.
    I cound not do research nor use Google. I ran Spy Bot (free) and downloaded
    Adaware again. In desperation I deleted my Norton Internet. I used
    abcnews.com as a search engine for free anti-virus, I like it - and was able
    to get Panda AntiVirus. Used it. Reloaded Norton Internet and everything is
    working fine now. Norton has a small program to unhook these things from
    registry but you have to call a tech to walk thru the process -the name of
    the program is "tbar.exe" It comes with directions but I did not have to
    use-its free. It took a long time to fix my pc - now I'm deleting lots of
    e-mail, not opening attachments espcially from people who love to "forward"
    stuff and no more downloading of anything unless its absolutely safe.
    Firewall, AntiVirus, 3 Spyware Protectors is what I'm using now. Good luck!

    Kurt Says: Yolanda, I read this and despair enters into my soul. I tried
    the Panda Anti-virus with no luck. I tried to search out Adware Bouncer &
    ba.exe with no luck.

    Kurt Says: I am now at the point of researching the system restore function
    to see if I can take myself back to the time period before all of this
    happened. I also have several images of my hard drive taken by Acronis True
    Image 6.0 . If the system restore function looks like it is lacking, I will
    investigate restoring my hard drive to a time period before this started to
    happen and then rebuild my PC with the updates & patches I have already done
    & then load in my personal files.
     
    Kurt, Dec 10, 2004
    #7
  8. Kurt

    Noel Paton Guest

    Kurt
    With the long time-lag between the inception of your problem, and the
    present date, I'd be very wary of using System Restore to back out :(
    While is should be OK, there's an increasing chance with time that files
    outside the purview of SR will have changed, and that using SR will result
    in version mismatches that can lead to system instability.

    FWIW, I'd proceed by making a note of the proxy settings, and then getting
    rid of them, to see if that helps (I have no idea whether Earthlink needs
    them, but AOL certainly doesn't - and it would account for IE not
    functioning while in AOL)

    AOL's browser cannot be used to use Windows Update - you have to use IE for
    that (unless you can download from direct links for offline install)


    --
    Noel Paton (MS-MVP 2002-2005, Windows)

    Nil Carborundum Illegitemi
    http://www.btinternet.com/~winnoel/millsrpch.htm
    http://tinyurl.com/6oztj

    Please read http://dts-l.org/goodpost.htm on how to post messages to NG's

     
    Noel Paton, Dec 10, 2004
    #8
  9. Kurt

    dak Guest

    I didn't address any of the four problems above, I only addressed the
    issues I had some knowledge of and with which I thought I could be of
    some help.
    I believe it means "Don't let the bastards grind you down."
     
    dak, Dec 10, 2004
    #9
  10. Your HOSTS file should reside in "C:\WINDOWS\system32\drivers\etc".

    That assumes that your %SystemRoot% environmental variable
    points there. Further it assumes that the DataBasePath registry
    value (in TCPIP\Parameters) points there. Certain malware is known
    to change that value which thus changes the location of the active
    HOSTS file. (I don't think that it can change the name of the file that
    is used, fortunately.)

    You can check it from the command line too with the following pipepline:

    netsh diag show adapter /v | find /i "DataBasePath"

    Note: For some reason I have never tried to understand most of them
    show up (empty).


    More importantly you need to tell us if your symptoms have changed.

    E.g. are you still getting messages in your Status bar which refer
    to that address?

    BTW if you change your HOSTS file without restarting Windows
    you should flush your dnscache:

    ipconfig /flushdns


    If those addresses aren't coming from your HOSTS file
    or your dnscache, they must be coming either from your DNS
    (unlikely but testable) or some of the latest malware infiltration (pun),
    which unfortunately is just the opposite, likely but untestable.


    To test this I have been asking users to try some other commands:

    <excerpt>
    FYI for XPsp2 there is a new repair command for the latter possibility:

    netsh winsock reset

    Otherwise there is

    netsh interface ip reset

    You might try checking for abnormalities beforehand by

    netsh winsock show catalog type=LSP

    ipseccmd show filters

    (ipseccmd is on the XP Pro Support Tools)


    BTW you may get better suggestions in a newsgroup
    which specializes in networking for your OS.
    </excerpt>


    Good luck

    Robert Aldwinckle
    ---
     
    Robert Aldwinckle, Dec 10, 2004
    #10
  11. Kurt

    Noel Paton Guest

    Noel Paton, Dec 10, 2004
    #11

  12. Noel,


    OP (Kurt) mentioned SP2 and IE version which indicates that means XPsp2.

    <quote>
    - HP m300Y Media Center PC 2004 version 2002 (build 2600) with Service Pack 2.
    (These problems started happening before I added SP2.)
    - Microsoft IE Build 6.0.2900.2180
    </quote>


    Also he subsequently mentioned finding HOSTS

    <quote>
    Doing a search of files I find Hosts files in the following locations
    which I change as directed.
    C:\I386
    C:\WINDOWS\I386
    C:\WINDOWS\system32\drivers\etc
    </quote>


    The only one in this thread that I'm unsure of re OS is Yolanda RC. <s>


    I still think that this is mostly off-topic for this NG
    and would be better handled in a networking NG
    (regardless of the OS <eg>.)


    ;)

    Robert
    ---
     
    Robert Aldwinckle, Dec 11, 2004
    #12
  13. Kurt

    Noel Paton Guest

    Noel Paton, Dec 11, 2004
    #13
  14. Kurt

    Kurt Guest

    Thanks again to dak & Noel & Robert for taking time to ponder upon my dilemma
    and to take action to help. My responses are shown below.


    Dak says:
    I didn't address any of the four problems above, I only addressed the
    issues I had some knowledge of and with which I thought I could be of
    some help.
    --
    dak

    Kurt Says: Pointing to the Spybot DSO Exploit update was helpful and once I
    got on www.MajorGeeks.com I was able to find the Ad-Aware SE download that
    Noel talked about. Thanks.


    Noel Paton Says:
    Kurt
    With the long time-lag between the inception of your problem, and the
    present date, I'd be very wary of using System Restore to back out :(
    While is should be OK, there's an increasing chance with time that files
    outside the purview of SR will have changed, and that using SR will result
    in version mismatches that can lead to system instability.

    Kurt Says: Thanks for the insight. I will not pursue this option.


    FWIW, I'd proceed by making a note of the proxy settings, and then getting
    rid of them, to see if that helps (I have no idea whether Earthlink needs
    them, but AOL certainly doesn't - and it would account for IE not
    functioning while in AOL)

    Kurt Says: Earthlink does not require, or work, with the proxy settings. I
    have to uncheck the “Proxy Server†setting in order for IE to work with
    Earthlink. I have gotten to the habit where I delete the “Earthlink†network
    connection in the control panel after I use Earthlink. When I launch
    Earthlink, it builds a new connection. I started doing this after I started
    troubleshooting my present dilemma in an effort to see if anything changes
    from attempt to attempt.


    AOL's browser cannot be used to use Windows Update - you have to use IE for
    that (unless you can download from direct links for offline install)

    Kurt Says: Hmmm. It has been such a long time since it has worked for me
    at all ……., I know IE being my only method of accessing the windows update
    site was true for me the majority of the time, but I ?seem? to remember a
    brief time period, my AOL browser working with the Windows update just before
    my condition started. But I would not bet money on this memory.

    --
    Noel Paton (MS-MVP 2002-2005, Windows)



    Robert Aldwinckle Says:
    That assumes that your %SystemRoot% environmental variable
    points there. Further it assumes that the DataBasePath registry
    value (in TCPIP\Parameters) points there. Certain malware is known
    to change that value which thus changes the location of the active
    HOSTS file. (I don't think that it can change the name of the file that
    is used, fortunately.)

    You can check it from the command line too with the following pipepline:

    netsh diag show adapter /v | find /i "DataBasePath"

    Note: For some reason I have never tried to understand most of them
    show up (empty).

    Kurt Says: I had 3 lines of %systemroot%\System32\drivers\etc

    More importantly you need to tell us if your symptoms have changed.

    E.g. are you still getting messages in your Status bar which refer
    to that address?

    Kurt Says: It appears as if my situation has slightly changed. I no longer
    see the 127.0.0.1 like I did. I see the website URL and then I see Done when
    the “Cannot find server or DNS Error†screen appears. It does not seem to
    get into a loop like it did on the second attempt at the same website. I can
    access https: sites like before. It seems like the FTP. Sites work, but now
    I do not have the permissions to enter.

    BTW if you change your HOSTS file without restarting Windows
    you should flush your dnscache:

    ipconfig /flushdns

    Kurt Says: No Change.


    If those addresses aren't coming from your HOSTS file
    or your dnscache, they must be coming either from your DNS
    (unlikely but testable) or some of the latest malware infiltration (pun),
    which unfortunately is just the opposite, likely but untestable.


    To test this I have been asking users to try some other commands:

    <excerpt>
    FYI for XPsp2 there is a new repair command for the latter possibility:

    netsh winsock reset

    Kurt Says: No Change.

    Otherwise there is

    netsh interface ip reset

    Kurt Says: “One or more essential parameters were not entered†was the
    response I got from the above “ netsh interface ip reset†command line.

    You might try checking for abnormalities beforehand by

    netsh winsock show catalog type=LSP

    Kurt Says: Oops. I did the above “netsh interface ip reset†before I
    remembered this suggestion was here to do first.

    ipseccmd show filters

    (ipseccmd is on the XP Pro Support Tools)


    BTW you may get better suggestions in a newsgroup
    which specializes in networking for your OS.
    </excerpt>

    Kurt Says: There does not seem to be one here at the Microsoft community.
    Do you have a suggestion.


    Good luck

    Robert Aldwinckle
    ---
     
    Kurt, Dec 12, 2004
    #14
  15. Kurt

    Kurt Guest

    Opps. In trying to give dak & Noel credit for being "helpful" I mistakenly
    gave dak credit for answering the question, which has not yet happened.
    Sorry everyone.
     
    Kurt, Dec 12, 2004
    #15
  16. ....
    Be more specific about what you are doing please.
    Does this mean you are using the Connections tab
    in the Internet Options dialog *from* an IE Tools menu?

    FWIW in NT4 I used to have so much trouble trying to change
    proxy settings using that technique that I was forced to switch
    to using the ostensibly indentical dialog in the Internet Properties
    tool. (E.g. Run... control inetcpl.cpl) Since then, I have just
    carried the practice over into XP. YMMV.

    Again, you are withholding details. If you are using some canned procedures
    from Earthlink instead of building your own connection to it that could explain
    where unwanted settings keep coming from.


    ....
    Sorry, that was my reading of the syntax given by this help:

    netsh int ip reset ?

    So then, that would suggest that you try:

    netsh int ip reset resetlog.txt

    However, also look at this article which implies that it may be a good idea
    to disable firewalls before doing that:

    <title>KB810606 - Error Message When You Run the "Ipconfig /Renew" Command</title>


    ....
    You appear to be using the web interface to newsgroups.
    Unfortunately it is impossible to tell which portal you are using.

    FWIW this is the link that I use (when I need to)

    http://www.microsoft.com/windowsxp/...=microsoft.public.windowsupdate&lang=en&cr=US

    You can see on the left a link labeled Windows XP Networking and the Web
    which would be a good one.


    Do you have to use that or can you use a real NNTP newsreader
    such as Outlook Express?

    For the latter see if this link works for you:

    news://msnews.microsoft.com/microsoft.public.windowsxp.network_web


    That could set up an "account" for you on the microsoft news
    server. You could read with it immediately but in order to post
    from it you would probably have to do some personalizing
    in the account's Properties dialog.

    I am cross-posting there now in case someone reading there
    has some immediate comments to add or questions to ask.

    For their convenience here is a link to the entire thread:

    http://www.microsoft.com/windowsxp/...a442&mid=682ab056-cb67-4f1c-995c-09bdfba9a442


    HTH

    Robert
    ---
     
    Robert Aldwinckle, Dec 12, 2004
    #16
  17. Kurt

    Kurt Guest

    Robert. Thanks for responding to my situation. Before I made my own
    posting, I spent quite a bit of time looking at the other postings. There I
    have seen your helpful advice already and I have already tried many of your
    suggestions from those postings.


    Robert Aldwinckle Says:

    Be more specific about what you are doing please.
    Does this mean you are using the Connections tab
    in the Internet Options dialog *from* an IE Tools menu?

    FWIW in NT4 I used to have so much trouble trying to change
    proxy settings using that technique that I was forced to switch
    to using the ostensibly indentical dialog in the Internet Properties
    tool. (E.g. Run... control inetcpl.cpl) Since then, I have just
    carried the practice over into XP. YMMV.

    Again, you are withholding details. If you are using some canned procedures
    from Earthlink instead of building your own connection to it that could
    explain
    where unwanted settings keep coming from.

    Kurt Says:
    - I have AOL 9.0 which is what I use the most. I am in the process of
    weaning myself off of Earthlink because my employer has cut a deal with AOL
    and it is quite a bit less money for me to use. I have a dial up connection.
    - Earthlink has an application called TotalAccess which connects me to
    Earthlink, TotalAccess also appears as a task bar with menu selections to
    Earthlink features like accessing web based eMail through Internet Explorer.
    My version is 2004 which I have had loaded from the day I got this PC in
    December of 2003.
    - Before my problem started, I would be able to use Internet Explorer with
    both AOL & Earthlink with no problems. When my problem started, I was able
    to do the usual trial & error troubleshooting and I am able to compare this
    PC with another PC used by my wife&Kids.
    - I do not have Earthlink TotalAccess on my Wife's PC. I do have AOL 9.0 &
    Internet Explorer works on my Wife's PC through AOL.
    * Before my problem started on my hp PC, I was able to use Internet
    Explorer through AOL.
    * Once I launch Earthlink's TotalAccess and make my connection and
    TotalAccess launches Internet Explorer; In order to get Internet Explorer to
    work with Earthlink, I have to open up the Internet Explorer Tools> Options>
    Connections setting for no proxy server.
    * Since late August, I have yet to be able to get IE to work with AOL
    except for a brief moment after I ran Spyware Eliminator. The following is a
    quote from my previous posting; - Internet Explorer worked briefly when I had
    just completed the scan using Spy Eliminator, but before I had actually
    “cleaned†the spyware it had found (called WildTangent). I had clicked on
    its online help and IE launched and worked until I rebooted the next time. I
    could not recreate this."
    * I briefly suspected that maybe Earthlink's TotalAccess changed
    somehow and might be the source of my problems for some unknown reason. I
    have been deleting my Earthlink connection from the control panel's Network
    Connections after I use it. Then I let earthlink totalAccess rebuild it when
    I launch the TotalAccess.
    * I also tried to open up (edit) this Earthlink network connection and
    look it over. I do not see anything which makes me think that it uses a
    proxy server.
    - After using the control inetcpl.cpl command line you show above, I was
    able to return to my trail & Error testing of Earthlink and AOL to see if the
    problem resided there.
    * I discovered that the Tools>Connections>Proxy Setting = on was being
    set after Earthlink TotalAccess launched, but before I launched Internet
    Explorer.
    - Using the control inetcpl.cpl command line you show above; I deleted all
    of my Dial-up Internet connections in the control panel's Network
    Connections.
    * Then I launched AOL.
    < Then I checked the control inetcpl.cpl command line and found no
    dial up connections available.
    * Then I connected to AOL.
    < Then I checked control inetcpl.cpl command line and found no dial
    up connections available.
    * Then I launched Internet Explorer.
    < Then I used the control inetcpl.cpl command line and found no
    dial up connections available.
    * Internet Explorer showed the Server or DNS not found page.
    - Seeing that the proxy server setting was set after Earthlink launched and
    before I launched internet explorer, I decided to look deeper into my
    Earthlink - AOL programs.
    * I uninstalled Earthlink Total Access and all associated programs with
    Earthlink. Then I deleted all of the folders and files which the uninstall
    did not get.
    < No Change. With my PC connected to AOL; Internet Explorer displays
    "Cannot find server or DNS Error" when I try to display http: pages.
    - Then I uninstalled AOL and all associated programs associated with AOL.
    Then I deleted all of the AOL folders and files the uninstall did not get.
    < No Change. With my PC connected to AOL; Internet Explorer displays
    "Cannot find server or DNS Error" when I try to display http: pages.
    - Looking deeper into my Internet Explorer Tools>Options>Connections. I did
    not have any connections showing, which would be correct.
    - Then I used the Internet connection wizard to establish an AOL connection.
    * While doing this and going through trial & error, I have come to the
    following proposition. The internet connection shown in Internet Explorer is
    for connecting to the Internet when an internet connection is not present????
    * Therefore I tried to connect to the internet with Internet Explorer
    using my new Internet Connection. Internet explorer would try to connect
    using its dialer, but would fault out with incorrect username or password.
    < Upon inspection of the password in the dialer box, there are 16
    dots hiding the password characters. My password is only 8 characters.
    ^ I tried retyping my password into the Internet Explorer
    Tools>Options>Connections and it looks like it allows me too, but then shows
    16 dots.
    Update: No Change. With my PC connected to AOL; Internet Explorer displays
    "Cannot find server or DNS Error" when I try to display http: pages.
    - I have just gone to my temporary user account that I had developed for
    testing. I can successfully use Internet Explorer while connected to AOL as
    I describe in a previous posting. Shamefully I say I sorta lost sight of this
    with all of the suggestions I have been getting.
    - I focus on trying to determine why my new, temporary user account is
    allowed to work and not my existing ones. I no longer care if the Windows
    update site works 100% correctly as long as I can get Internet Explorer to
    work while I am connected to AOL.
    * I log into one of my Administrator accounts. Then I call up the
    folder for my "temp" user account which is working and for my user account
    which is not working. I make an empty folder for shuffling files and folders
    around.
    * I am able to isolate the source of the problem in my NTUSER.DAT file.
    When my working user account file's NTUSER.DAT file is in my other user
    account which does not work; the latter account's Internet Explorer starts
    working when I am logged onto AOL.
    * I did a search on "NTUSER.DAT" on the Microsoft Community site and I
    am now researching avenue. One of the first things I came across is advice
    to not permently copy the working NTUSER.DAT in place of the not working
    NTUSER.DAT as that can create problems.
    http://communities2.microsoft.com/c...&p=1&tid=2397bb94-c2f6-4e7f-b343-c195ad4277eb

    .....
    Sorry, that was my reading of the syntax given by this help:

    netsh int ip reset ?

    So then, that would suggest that you try:

    netsh int ip reset resetlog.txt

    However, also look at this article which implies that it may be a good idea
    to disable firewalls before doing that:

    <title>KB810606 - Error Message When You Run the "Ipconfig /Renew"
    Command</title>

    Kurt Says: No change. Internet Explorere does not access http: sites while
    I am connected to AOL.

    .....
    You appear to be using the web interface to newsgroups.
    Unfortunately it is impossible to tell which portal you are using.

    FWIW this is the link that I use (when I need to)

    http://www.microsoft.com/windowsxp/...=microsoft.public.windowsupdate&lang=en&cr=US

    You can see on the left a link labeled Windows XP Networking and the Web
    which would be a good one.

    Kurt Says: I see what you are talking about, thanks.


    Do you have to use that or can you use a real NNTP newsreader
    such as Outlook Express?

    For the latter see if this link works for you:

    news://msnews.microsoft.com/microsoft.public.windowsxp.network_web

    Kurt Says: I am all researched out from this problem I am working on now.
    Thanks for the information, but doing what I am doing is the path of least
    resistance. I will remeber this for my future.


    That could set up an "account" for you on the microsoft news
    server. You could read with it immediately but in order to post
    from it you would probably have to do some personalizing
    in the account's Properties dialog.

    I am cross-posting there now in case someone reading there
    has some immediate comments to add or questions to ask.

    For their convenience here is a link to the entire thread:

    http://www.microsoft.com/windowsxp/...a442&mid=682ab056-cb67-4f1c-995c-09bdfba9a442


    HTH

    Robert
     
    Kurt, Dec 16, 2004
    #17
  18. ....
    < useful background information snipped for brevity />

    BTW I am sorry I did not respond to your earlier posts in ie6.browser.
    That would have been a better place (other than network_web)
    than windowsupdate NG to puzzle this out.

    <
    http://communities2.microsoft.com/c...&p=1&tid=cec5f7b6-4d2c-42dd-84f8-f218f2d4602e >


    I originally entered this thread to try to help out only with the
    problem you were having with proxy settings on your Earthlink
    connection.

    It sounds as if you now have a clearer understanding of what
    is causing that:
    If you were interested in creating a custom connection to Earthlink
    (e.g using the setup wizard) I suspect that that might be possible.
    I am less certain about what your options are for an AOL connection.
    I thought that AOL users had to connect initially to AOL using
    their AOL browser and subsequently could connect to the Internet
    over that connection. In that case IE should be set up as if you have
    a LAN connection, e.g. no dial-up connections and Never dial...
    checked. Hmm... are there any proxy settings in the LAN setup too?

    It sounds as if you are on track with that idea too but I'm not sure
    why you keep checking for dial-up connections. Are you thinking
    you need one or just concerned that one might pop up out of nowhere
    and then if you weren't looking carefully you would have to go back
    Trying to compare NTUSER.DAT might be possible.
    E.g. what I would probably try is using RegEdit to create
    two separate exported versions (.reg files) which I could
    then use differencing tools such as FC or windiff on.
    However, that could be really tedious and I think you would
    be faster trying to diagnose what's wrong with your setup
    or describe your symptoms in more detail so someone
    can try to help some more.

    Now it looks as if what you really need is some AOL expertise.
    Isn't there a Support desk available for AOL customers?
    Try asking there?


    Good luck

    Robert
    ---
     
    Robert Aldwinckle, Dec 16, 2004
    #18
  19. Kurt

    Kurt Guest

    To Those Who May Follow: This response it to close the loop on my situation
    for those who may be experiencing a similar situation.

    My problem was not being able to use Internet Explorer while connected to
    AOL. See my original postings for more details. I followed lots of advice
    and therefore learned lots of things, but none of them resolved my problem.
    In the course of troubleshooting this I discovered that a new Windows XP User
    account would work. I did a comparison between a working user accound and a
    non-working one and tracked it down to the user account's NTUSER.DAT file.

    In researching the NTUSER.DAT file (local user registry file), there were
    enough yellow flags raised against copying a new one into an existing account
    that I did not try that. I started from scratch by creating new user
    accounts and then migrating my files and settings from the old ones to the
    new ones. Then when I felt like everything was stable, I deleted the older
    user accounts. This has worked so far and it has been about two weeks.

    The one older user account I could not change, or did not try, was the
    original computer administrator account that a person accesses in safe mode
    or by doing the ctlr+alt+del twice from a freshly booted welcome screen. I
    am no longer going to use this special account except in safe mode.

    I speculate that I had a case of mal-ware and was able to get rid of the
    source, but not the changes to my NTUSER.DAT that it must have caused.

    I had gone through all of the suggestions that MchWalte suggested (from AOL
    community help but eMail directly to me), including his link to HOST Comp
    Phred's "a fix to IE". After going through the "A fix for IE"; IE would only
    intermittenly work as well as some of my other applications acting funny. I
    did a system restore and everything went back to its starting point
    successfully. "Internet Explorer Fix.. by HOST Comp Pred"

    My Lessons Learned:
    - Take the Mal-ware situation more serious. The anti-malware software which
    appeared to do the best job was "Ad-Aware SE Personal" and "Spybot" (with the
    1.3.1 DOS Exploit fix). Both can be found at www.majorgeeks.com.

    - I downloaded the free McAfee Firewall Express from AOL. This is hard to
    find through search and help.
    http://memberselfservice.aol.com/firewall/index.adp With a firewall, I have
    to approve first time outgoing request from applications. This allows me to
    see and evaluate some of my applications a little closer on what they are
    really doing.

    - I did use my safe mode computer administrator account for
    installing-uninstalling software, patches, upgrades, etc. Now I only use it
    it safe mode in the interest of protecting it from cooruption since I can not
    delete this account (I am assuming).

    - System restore turned out to be very easy to use, if I would have known
    more about how it worked and had not been afraid of it in the beginning when
    I first saw my problem, I would have been a lot better off than waiting until
    my last system restore point was deleted. (System restore keeps the last 14)

    Good Luck to Those that have the unforunate luck to experience a similar
    situation.

    Thanks to all who gave their time to help.
     
    Kurt, Dec 25, 2004
    #19
  20. Kurt

    Jim Haines Guest

     
    Jim Haines, Mar 27, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.