geddy1001 Posted February 24, 2008 Report Share Posted February 24, 2008 (edited) Initally, this URL would pop up for a split second, http://go.microsoft.com/fwlink/?LinkId=74005 but then it would be replaced by http://slirsredirect.search.aol.com/slirs_...252Ffwlink%252F I had my dad run Ad-ware and after that he would at least get a "working" page but it's this now, http://www.cox.net/fwlink/?LinkId=74005I tried having him change the homepage etc.. but those changes have been overridden by the above mentioned redirect URL. Ive had had him run Hijack this and below is his log. Hopefully you guys can help because Im out of ideas! Thanks!DerekLogfile of Trend Micro HijackThis v2.0.2Scan saved at 4:53:15 PM, on 2/24/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.5730.0013)Boot mode: NormalRunning processes:F:\WINDOWS\System32\smss.exeF:\WINDOWS\system32\csrss.exeF:\WINDOWS\system32\winlogon.exeF:\WINDOWS\system32\services.exeF:\WINDOWS\system32\lsass.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\System32\svchost.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\system32\svchost.exeF:\WINDOWS\system32\spoolsv.exeF:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeF:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeF:\Program Files\Common Files\Symantec Shared\ccProxy.exeF:\Program Files\Common Files\Symantec Shared\ccSetMgr.exef:\Program Files\Microsoft LifeCam\MSCamS32.exeF:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeF:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeF:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeF:\WINDOWS\system32\svchost.exeF:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeF:\WINDOWS\wanmpsvc.exeF:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeF:\Program Files\Canon\CAL\CALMAIN.exeF:\WINDOWS\System32\alg.exeF:\WINDOWS\Explorer.EXEF:\Program Files\Common Files\Symantec Shared\ccApp.exeF:\WINDOWS\vVX6000.exeF:\WINDOWS\system32\ctfmon.exeF:\Program Files\Messenger\msmsgs.exeF:\WINDOWS\System32\svchost.exeF:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEF:\Program Files\Common Files\AOL\1158366639\ee\aolsoftware.exef:\program files\common files\aol\1158366639\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exeF:\Program Files\Common Files\AOL\1158366639\ee\aolsoftware.exeF:\Program Files\QuickTime\qttask.exeF:\Program Files\AOL 9.1\waol.exeF:\Program Files\AOL 9.1\shellmon.exeF:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exeF:\Program Files\Trend Micro\HijackThis\HijackThis.exeF:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tucson.cox.net/cci/homeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.cox.net:80O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - F:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - F:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - F:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO4 - HKLM\..\Run: [WordPerfect Office 1215] F:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=030708 serial=WS12WRX-0016468-QKHO4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [VX6000] F:\WINDOWS\vVX6000.exeO4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [AOL Fast Start] "F:\Program Files\AOL 9.1\AOL.EXE" -bO8 - Extra context menu item: &AOL Toolbar Search - f:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - F:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exeO12 - Plugin for .mpeg: F:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO12 - Plugin for .mpg: F:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dllO12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - F:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeO23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - F:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\ccPwdSvc.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: COM Host (comHost) - Symantec Corporation - F:\Program Files\Norton Internet Security\comHost.exeO23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exeO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe--End of file - 8903 bytes Edited February 26, 2008 by geddy1001 Quote Link to post Share on other sites
geddy1001 Posted February 26, 2008 Author Report Share Posted February 26, 2008 Hi,Please let me know if I need to add anymore info to my below explanation. Thanks guys!Derek Quote Link to post Share on other sites
geddy1001 Posted February 27, 2008 Author Report Share Posted February 27, 2008 Anyone?? Bueller?...Bueller?? Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.