Options
I need some serious help with Internet Explorer
I have to write this post using Start>Search> Search the Web. I have a serious problem with my Internet Explorer. Whenever I type in an address it says the page cannot be displayed.
Whenever I use the search option in the Start menu and then search the web I am able to freely type in web sites and go to them. I don't know what is going on, can someone please help? This all started after I removed some Spyware using Spysweeper.
Whenever I use the search option in the Start menu and then search the web I am able to freely type in web sites and go to them. I don't know what is going on, can someone please help? This all started after I removed some Spyware using Spysweeper.
0
Comments
Best thing to do is to go to my signature and click the link to our Security Downloads section. Download and run the program Hijack This v1.99, follow the instructions in this post.
Then post your HJT log here in in this thread. Except, this is not an "emergency" - your PC can boot, if it cannot, that is what we consider an emergency. So your thread will be moved over to our Security Spyware / Virus / Trojan forum. Look for it there in the near future.
Dexter...
You're in good hands here, BlueFire. Do what Dexter said regarding HijackThis and I'm sure the SVT Team can help you get it sorted out.
Scan saved at 4:14:36 PM, on 1/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Network Associates\Common Framework\FrameworkService.exe
F:\Program Files\Network Associates\VirusScan\mcshield.exe
F:\Program Files\Network Associates\VirusScan\vstskmgr.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
F:\WINDOWS\System32\alg.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
F:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Microsoft IntelliPoint\point32.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\AIM\aim.exe
F:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
F:\PROGRA~1\MOZILL~1\FIREFOX.EXE
S:\hijackthis\hijackthis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.116.209.34:8080
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "F:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "F:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [ViewMgr] F:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] F:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "F:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [AIM] F:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "S:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] F:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.microsoft.com/security/protect/wsa/shared/CAB/x86/msSecAdv.cab?1105848934937
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104390574430
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bozek.com
O17 - HKLM\Software\..\Telephony: DomainName = bozek.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bozek.com
Assistance is as always, greatly appreciated.
Boot up in Safe Mode, run HijackThis again, then delete the line that refers to it. Then do a HD search for the file. If you find it, rename it to unregmp2.ex_. That should keep the sucker from coming back.
I can't see anything else wrong with your log.