pretty sure IE is hijacked or something along those lines

Please follow the steps below:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

Do you really have things running from three different drive letters? I see C:, D:, and G:

I do not see where the below is loading but it is running.
G:\Program Files\W32ALARM.exe

Does this always load somehow at startup or did you have it running and forget to close it before running HijackThis?

Your log shows no visible problems. Just one minor left over from running HSremove (which you should not have run). The minor item which can be fixed with HJT is:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm


Try doing the following:
- Open a command prompt by click Start, Run, and enter cmd and click OK
- at the command prompt enter the below commands each followed by the enter key
ipconfig /flushdns
exit

Also download HOSTER and then follow the below steps.

• Unzip Hoster to a convenient folder such as C:\Hoster

• Run Hoster.exe, click Restore Original Hosts and then click OK.
• Click the X to exit the program

Any improvement?

 

First do the following:

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixIE.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixIE.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Now just try to reset your Web Settings.

Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.



Otherwise ask AOL why the screwed up your IE connection because that address belongs to them.

Code:

 [url="http://samspade.org/t/whois?a=slirsredirect-rtc.search.aol.com;server=auto"][color=#606420]slirsredirect-rtc.search.aol.com[/color][/url] = [ ] 
 
Domain Name: [url="http://samspade.org/t/whois?a=AOL.COM;server=auto"][color=#0000ff]AOL.COM[/color][/url] 
Registrant: 
	America Online Inc. 
		22000 AOL Way 
		Dulles VA 20166 
		US 
	Created on..............: May 17 2004 12: 34PM 
	Expires on..............: Nov 23 2005 7: 02AM 
	Record Last Updated on..: Feb 25 2005 4: 24PM 
	Registrar...............: America Online Inc. 
							 [url="http://whois.registrar.aol.com/whois/"][color=#0000ff]http://whois.registrar.aol.com/whois/[/color][/url] 
	Administrative Contact: 
		AOL Domain Administration (America Online Inc.) 
		22000 AOL Way 
		Dulles VA 20166 
		US 
		Tel. 703 265 4670 
		Email: [email="domains@aol.net"][color=#0000ff]domains@aol.net[/color][/email]
 
	Technical Contact: 
		America Online Inc. 
		22000 AOL Way 
		Dulles VA 20166 
		US 
		Tel. 703 265 4670 
		Email: [email="domains@aol.net"][color=#0000ff]domains@aol.net[/color][/email]

 

Without the ability to run IE properly you will not be able to get any Windows updates and some other websites may require IE too.

 

If you ran ALL the steps in the READ ME FIRST as indicated in message number one, you have no restore points because System Restore was disabled in step 1. Once a system is infected it is very difficult to trust that restore points are clean. Malware can come back if from infected restore points. That is why it is the first step to disable system restore.

Exactly what happens when you run IE? Give details!

Does the exact same thing happen in safe mode?

You could try the info in this link: http://support.microsoft.com/default.aspx?kbid=318378

Or this one: http://www.theeldergeek.com/repair_ie6.htm

 

I don't understand why your IE is still trying to connect to that URL at startup when I had you Reset Web Settings. Did the RESET work? Is majorgeeks listed as your home page? If not, Reset Web Settings again.

Make sure you check out the links in my last thread too.

 

I already stated that you will need IE sometimes. Yes you can and should use FireFox but someday you will need IE.

Do you need AOL to connect to the internet? If not try getting rid of all the crap they put on your PC.
Just look at the below:
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\110718~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110718~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107189655\EE\AOLHostManager.exe
O4 - HKCU\..\Run: [AIM] D:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

While I cannot be positive that this is the problem, it is there URL that you keep getting redirected to.

The only other thing to try would be to boot into safe mode (with no network support - I do not want the ability to connect). Then use Task Manager to kill all the below processes and then reset your websettings as I described before:

Kill the below (if running):
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\110718~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110718~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe

 

You should not have fixed items for AOL using HJT. I did not recommend that. I really meant uninstall if not needed. Just want to get it out of the way to see if it was what was causing your problems. Looks like it was.

Now with AOL uninstall or all process for it ended, repeat the fixIE.reg registry merge from message # 6.

Firefox has fewer security holes than IE and it typical runs faster. You'll like it.

 

I have a feeling AOL messed up some of your IE settings too. Let's try one more thing:

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixURL.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixURL.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

If you are considering reinstalling XP first try removing (uninstalling) all components of AOL and see what happens.

For info on Backups, refer to: http://www.majorgeeks.com/downloads3.html
or ask questions in the Software Forum

 

You're welcome!

 

You're welcome. Make sure you follow the steps in the below thread immediately after reinstalling.

How to Protect yourself from malware!