Cant visit links (RESOLVED)

**suproducts** · 10-11-2005

I cant visit certain links on my computer. Just certain ones dont work... here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 11:01:11 AM, on 11/10/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\NavNT\defwatch.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\NavNT\rtvscan.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\sistray.EXE
E:\Program Files\NavNT\vptray.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Microsoft Office\Office\1033\msoffice.exe
E:\WINNT\system32\wuauclt.exe
E:\unzipped\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - E:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - E:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - E:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - E:\Program Files\QuickSearch\QuickSearchBar3_28.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] E:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [hpfsched] E:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [vptray] E:\Program Files\NavNT\vptray.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - e:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - E:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spifloors.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B30128FA-BDF4-4DCB-8F71-9C284FFC472B}: NameServer = 201.1.6.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spifloors.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spifloors.com
O20 - Winlogon Notify: NavLogon - E:\WINNT\system32\NavLogon.dll
O23 - Service: Backup Exec Remote Agent for Windows NT/2000 (BackupExecAgentAccelerator) - VERITAS Software Corporation - E:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: DefWatch - Symantec Corporation - E:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\Program Files\NavNT\rtvscan.exe

**Neal** · 10-11-2005

Well you got lots of computers, what's this 3rd or 4th. Glad you are here.

Show hidden files/folders
1. Open My Computer.
2. Select the Tools menu and click Folder Options.
3. Select the View Tab.
4. Under the Hidden files and folders heading select Show hidden files and folders.
5. Uncheck the Hide protected operating system files (recommended) option.
6. Click Yes to confirm.
7. Click OK.

Scan with HJT again and put a check next to these items, making sure all browser windows are closed includeing this one so print this or create a new text document on desktop by right clicking an open area select new text document and save it to what ever you like. Now put a check next to these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

O2 - BHO: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - E:\Program Files\QuickSearch\QuickSearchBar3_28.dll

O3 - Toolbar: QuickSearch SearchBar - {82315A18-6CFB-44a7-BDFD-90E36537C252} - E:\Program Files\QuickSearch\QuickSearchBar3_28.dll

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.6.cab

Again make sure all browser windows are closed and click FIX

Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.

Hunt for and delete this folder:

E:\Program Files\QuickSearch < folder

Reboot normal mode:

If you don't have these please get them run the scans rebooting between scans and after last scan and post a new HJT log please.

Even if you do have adaweare SE please set it up per instructions for effective scanning.

Please get these two spyware programs if you don't already have them.

SpyBotS&D

AdawareSE

Reboot between scans and after last scan

There is a new and improved version of AdAware that you need to have installed on your computer. The new version is AdAware SE
If you have AdAware already installed on your system and it's NOT SE go to your Control Panel and click on Add/Remove Programs. Click on AdAware and then REMOVE and then just complete the removal process.

Once it's un-installed go to http://www.lavasoft.de/ and download the FREE version of AdAware SE. Once it's downloaded double click on the new file to start the install process.
Click Next>I accept>Next>Next> then be sure and put a dot in the bullet for Anyone Who uses this computer and then click Next>Next>

In the next dialog box remove the dot in the bullets "Start Scan" and also "Launch Help Files" and click Finish

Now if the program doesn't launch double click on the icon that should now be on your desktop to start AdAware SE

Now click on the button for Check for Updates
If updates are found click on the OK button and after it downloads to 100% click on the Finish button.

Click the Start Button
Click on the link for Customize
in the Main Window under Scan Settings
click on the red X in front of Scan within archives to change it to a green check

Then click on the button on the left labeled Advanced
click on the red X in front of Move deleted files to Recycle Bin to change it to a green check
click on the red X in front of Include Environment Information to change it to a green check

Then click on the button on the left labeled Defaults
click on the Read current settings from system

Then click on the button on the left labeled Tweak
Click on the (+) in front of Scanning Engine to expand the group
click on the red X in front of Obtain Command line of scanned processes to change it to a green check
click on the red X in front of Run scan as background process to change it to a green check
click on the red X in front of Use permanent archive caching to change it to a green check

Click on the (+) in front of Cleaning Engine to expand the group
click on the red X in front of Disable manual quarantine if auto-quarantine is selected to change it to a green check

Click on the (+) in front of Safety Settings to expand the group
click on the red X in front of Reanalyze results after scanning . . . to change it to a green check
click on the red X in front of Write protect system files after repair to change it to a green check

Click on the (+) in front of Log File to expand the group
click on the red X Create Log File for removal operations to change it to a green check

Click on the (+) in front of User Interface to expand the group
click on the red X Remember window positions to change it to a green check
click on the red X Snap windows to desktop borders to change it to a green check
click on the red X Use gridlines in results list to change it to a green check

Click on the (+) in front of Web Update Settings to expand the group
click on the red X Create and save WebUpdate log file to change it to a green check

Click on the (+) in front of Misc settings to expand the group
click on the red X Dump details about unhandled exceptions to disk to change it to a green check

Then click on the button at the bottom right labeled Proceed then click the Next button to start scanning.

Once the scan is complete you'll have a flashing Bug and a brief sound to indicate scanning is complete and Adware is found. Click on the Next and then click on each of the empty boxes to the left of the found items under SCAN SUMMARY. Then hit the Next button. Then OK. This should clean your system of all the found nasties. When it's complete simply close the program until your next scan session. Always ALWAYS check for updates before very scan.

Run the scans rebooting between scans and after last scan and post a new Highjackthis log please. Info for Hijackthis at below link. Thanks.

Hijackthis

**suproducts** · 11-11-2005

Thanks... Yeah you guys are great you've really helped me out a few times. I'm going to donate soon. Keep up the good work.

**Neal** · 11-11-2005

Did you finish the instructions I posted above?

Thanks for the donation.

If so post a new HJT log with feed back on how things are going now.

**suproducts** · 11-11-2005

Logfile of HijackThis v1.99.1
Scan saved at 3:16:33 PM, on 11/11/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\Program Files\NavNT\defwatch.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\NavNT\rtvscan.exe
E:\WINNT\system32\regsvc.exe
E:\WINNT\system32\MSTask.exe
E:\WINNT\System32\WBEM\WinMgmt.exe
E:\WINNT\system32\svchost.exe
E:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\sistray.EXE
E:\Program Files\NavNT\vptray.exe
E:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Microsoft Office\Office\1033\msoffice.exe
E:\WINNT\system32\wuauclt.exe
E:\unzipped\hijackthis\HijackThis.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - E:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - E:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - E:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] E:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [hpfsched] E:\WINNT\hpfsched.exe
O4 - HKLM\..\Run: [vptray] E:\Program Files\NavNT\vptray.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - e:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - E:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spifloors.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{B30128FA-BDF4-4DCB-8F71-9C284FFC472B}: NameServer = 201.1.6.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = spifloors.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = spifloors.com
O20 - Winlogon Notify: NavLogon - E:\WINNT\system32\NavLogon.dll
O23 - Service: Backup Exec Remote Agent for Windows NT/2000 (BackupExecAgentAccelerator) - VERITAS Software Corporation - E:\Program Files\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: DefWatch - Symantec Corporation - E:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - E:\WINNT\System32\dmadmin.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - E:\Program Files\NavNT\rtvscan.exe

U GUYS ROCK!!! everything works!!!

**suproducts** · 11-11-2005

Neal deserves a raise

**Neal** · 11-11-2005

I'll take it by golly.

This problem has been resolved and now will be locked

Glad all is well and here are some parting gifts for you.

If you are no longer having any more trouble here is some preventative measures for you.

Here are some preventive measures you can take to keep your computer from getting infected again. also keep all these and Ad-awareSE and SpybotS&D updated.

http://forums.thatcomputerguy.us/ind...showtopic=1190

Flush your restore points in ME and XP, by turning System Restore off and then back on.
This will create a fresh restore point.

Explained here:
Windows XP: service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Microsoft ME:

http://service1.symantec.com/SUPPORT...rc=sec_doc_nam

RegProtect

This small registry protection tool will save you hours of heartache by notifying you when some program good or bad is trying to access your registry.

You have the option of allowing(good) items or blocking(bad)items.

http://www.diamondcs.com.au/index.php?page=regprot

To reduce the re-infection potential for malware and protect yourself against spyware, here are a few helpful suggestions:

1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft. This will patch many of the security holes through which attackers can gain access to your computer. You CANNOT complete this update using an alternate browser.
http://v5.windowsupdate.microsoft.co....aspx?ln=en-us

http://www.microsoft.com/windows/ie/default.asp

2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1

Avast: http://www.avast.com/eng/avast_4_home.html

3. In addtion to using Ad-aware consider using another free malware scanning/removal program:
MS Antispyware beta: http://www.microsoft.com/athome/secu...e/default.mspx

4. Consider using a free firewall if you are not already using one. Some good free ones are:
Sygate: http://smb.sygate.com/products/spf_standard.htm

OutPost Personal Firewall:
Outpost

5. Consider using an alternate free browser for general web surfing but you must use IE for windows update.
Mozilla Firefox: www.mozilla.org/products/firefox/

6. Consider increasing your browser security by using these programs:
SpywareGuard will protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking Thousands of known malware sites by adding them to IE's restricted sites zone. Download it here:

http://www.javacoolsoftware.com/spywareblaster.html

If you use SpywareBlaster, you can also use a customblocklist to add even more entries into IE restricted sites zone. Go to this site for the current list and how to use instructions: http://customblockinglist.cjb.net/

IE-SPYAD is similar in that it adds thousands more known malware sites to IE's restricted zone. Download it here:
https://netfiles.uiuc.edu/ehowes/www/resource.htm

*Remember just like your primary anti-virus software, it is important to keep all of these programs up-to-date and use them on a regular basis. It's Free

Cant visit links (RESOLVED)

Cant visit links (RESOLVED)

Similar Threads

links are being redirected

Links being redirected

Google links redirested(RESOLVED)

Google Links Redirecting(RESOLVED)

First Visit