I have a laptop computer using a tower as a gateway to the internet. I cannot access some websites using any browser. I've tried using IE, Firefox and Netscape. All with the same results. Some examples of websites I can't access are:

http://www.oceanfree.net
http://www.hotmail.com
http://www.medoceanproperties.com
http://www.microsoft.com

I've attached a HijackThis log from the offending machine. If you guys can help me, it'd be great. I've tried various things:

- Clearing the TLS 1.0 and PCT 1.0 flags
- sfc /scannow
- Spybot scan
- Lavasoft AdAware scan

Nothing seems to have made a difference.

Al.

Recommended Answers

All 9 Replies

Could somebody have a quick look at my HijackThis trace and point me in the right direction. I'd very much appreciate it. I'm nearing the point where I'm just going to re-install the laptop. A drastic measure, but it'd be an almost guaranteed solution to the problem.

Thanks,
Al.

I dont see anything but try the following.

Please download and install ewido anti-spyware tool

  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This in very important to get updates
  • When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

  • Open Ewido
  • Click on scanner top of Ewido sceen
  • Click on Settings
  • Under How to Act click on Recommended Action choose Quarantine
  • Under How to scan all boxes should be selected
  • Under Possibly unwanted software all boxes should be selected
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file
  • Click On scan Tab
  • Click on Complete system scan
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished At bottom of screen click Apply all Actions
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop
  • Click Save
  • Exit ewido

Reboot back to normal mode

Post the ewido log here and a new HJT log.

Thanks, I´ll try this tomorrow and repost with the logs.

Al.

OK, so I'm attaching the Ewido log file. I didn't get a chance to do new HijackThis log. Prob won't get to that until Monday.

I really appreciate you taking the time to look at these logs for me.

Al.

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.


Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Just do these when you get around to it and dont forget to give me the HJT from AFTER the vundofix.

Sorry about the late reply. Been very busy at work!

Here are the attached logs:

A HijackThis log before CCleaner and vundofix
A CCleaner log
And a HijackThis log afterwards

For some reason both logs are about 7 lines long and go -----> instead of
down. You could just copy and paste the logs into this box where you type replies.

Adding the attachments again. The log files were saved in Unix format (using LF at the end of the line instead of the Windows CR/LF). Anyway should be readable now.

Al

Well ive found a suspicious file that I want you to scan. The file is smss.exe. Usually this file is a normal system file but it is usually located in the system32 folder yours however is running form the system folder. This usually means its not the real thing so lets scan it.

Go to Jotti's and upload and scan the following file.
C:\WINDOWS\system\smss.exe


If the scan finds something malicious then do the folllowing.
Run HJT and check the following.
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
Close all other windows and click fix checked.

Now Reboot to safe mode and delete the following file.
C:\WINDOWS\system\smss.exe

Reboot back to normal and post a new HJT log.

If the scan comes back clean let me know.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.