internet problem - Http:/// always

Forums: Computers
Email this Topic • Print this Page

Hey guys, thanks for all your help in the past. Welp, today I have a new problem. Whenever I bring up internet explorer, the website pops up but then the unable to bla bla screen comes up and at the top instead of the address, it always has http:///. It cycles like a stuck key to that every time. If i click on a favorite it comes up for a second then - gone. The only thing that I can think of is I updated windows the other day(xp) but all else is fine. I have a jijack file just in case i guess....

Logfile of HijackThis v1.99.0
Scan saved at 9:51:54 AM, on 12/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\icfgnt5.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\winpack.exe
A:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [icfgnt5] C:\WINDOWS\System32\icfgnt5.exe
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe
O4 - Global Startup: VTAgentReboot.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\office\OSA9.EXE
O23 - Service: .NET Framework Service - Unknown - C:\WINDOWS\svchost.exe (file missing)

Dont know if that helps at all but....
Now I find out that my wifes computer is pop up crazy-sheesh

Thanks, Don

Topic Stats
Top Replies
Link to this Topic

Type: Discussion • Score: 1 • Views: 1,087 • Replies: 3

No top replies

Hi Don,
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O4 - HKCU\..\Run: [icfgnt5] C:\WINDOWS\System32\icfgnt5.exe

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD
C:\WINDOWS\System32\icfgnt5.exe

Restart your computer,

Next
Go Here BitDefender Scan Online
Run a scan with BitDefender , Be sure and Check Auto Clean. Make a note of anything it can't remove

Next
Go here Trend Micro - Free online virus Scan
Be sure and check Auto Clean before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

Post back a fresh log please

0 Replies

Hey Don
Here is a new run on hjt....

Logfile of HijackThis v1.98.2
Scan saved at 8:51:27 AM, on 12/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\winpack.exe
C:\WINDOWS\system32\icfgnt5.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe
O4 - HKCU\..\Run: [icfgnt5] C:\WINDOWS\system32\icfgnt5.exe
O4 - Global Startup: VTAgentReboot.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
************************************************************
ran bitdefender and trend micro- found this....
BitDefender could not remove.
C:\WINDOWS\system32\Ist0X68h.exe: disinfection failed
C:\WINDOWS\system32\remove_me.dll: suspect BehavesLike:Trojan.StartPage
C:\WINDOWS\system32\remove_me.dll: disinfection failed
C:\WINDOWS\system32\icfgnt5.exe: disinfection failed
C:\WINDOWS\remove_me.dll: suspect BehavesLike:Trojan.StartPage
C:\WINDOWS\remove_me.dll: disinfection failed

Trend Micro could not remove.
C: windows\system32\1s t 0X68h.exe
*************************************************************
The strange thing is, most times the internet would not come up at all-just click back to that damn http:///. Last night when I was just trying to clean everything up it would work for a little bit then start again. This morning all worked fine. Oh well-thanks so far!!!
Don

0 Replies

Hi again Don,
Is the latest log done from under Admin ?

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O4 - HKCU\..\Run: [icfgnt5] C:\WINDOWS\system32\icfgnt5.exe

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD
C:\WINDOWS\system32\Ist0X68h.exe
C:\WINDOWS\system32\remove_me.dll
C:\WINDOWS\system32\icfgnt5.exe

Restart your computer,
Download Ad-Aware SE
Use the: "Check for Updates Now" option and download the latest reference files
Use the Start button, and on the next window, select: Perform Full System Scan
Press Next, and let Ad-aware scan the hard drive
When finished, right-click the window with the entries, choose: Select All from the menu, and click Next
Once AdAware has removed the entries, close the program
Restart the computer

Run another scan with bitfender, let us know what it comes back with
Restart HJT
Post back a fresh log please

0 Replies

internet problem - Http:/// always

Related Topics

Quick Links

My Account

able2know