Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Problem with hijacking

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Problem with hijacking

Unread postby debid » February 17th, 2011, 1:59 pm

I'm using an Acer Aspire One netbook running XP pro.

Both our Lenovo thinkpad running XP home and the Acer running XP home kept being hijacked while on the internet. I restored the Lenovo to factory condition through thinkpad software and the Acer went into blue screen of death. The hard drive was re-formatted and found to have no bad sectors and XP pro was installed. Immediately on the net I started being hijacked continually. Malwarebytes and Avast find nothing. The hijack is either a redirect that I can close and get the website I wanted or it's an a additional page that opens that I can close without a problem. I especially get a lot of redirects from a google serach. I use IE 8, before I restored the Lenovo to factory I installed firefox because I've heard it has less problems. I immediately got redirected to a site and the warning chilp porn worm popped up.

I appreciate whatever help you can give!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:11:04 AM, on 2/17/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\DOCUME~1\Deb\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

--
End of file - 3345 bytes

C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\DOCUME~1\Deb\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

--
End of file - 3345 bytes
debid
Active Member
 
Posts: 2
Joined: February 17th, 2011, 1:20 pm
Advertisement
Register to Remove

Re: Problem with hijacking

Unread postby deltalima » February 20th, 2011, 7:48 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Problem with hijacking

Unread postby deltalima » February 20th, 2011, 8:02 am

Hi debid,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

We can only deal with one computer at a time and so we will work with the first log you posted as the second one is incomplete. We may well identify a common problem with your router and if so the problem with the second computer may be resolved, if not you will need to open a new topic for that computer once we are finished.

Download DDS

Please download DDS by sUBs from the link below and save it to your desktop.

Link

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

Please confirm that you are connected to the Internet through a router and let me know if you have all the information required to reset it to the factory default settings and reconfigure it to work with your ISP.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Problem with hijacking

Unread postby debid » February 20th, 2011, 2:25 pm

Thank you for your time!
Yes, I am connected to the Internet wirelessly through a router.

DDS (Ver_10-12-12.02) - NTFSx86
Run by Deb at 10:19:22.03 on Sun 02/20/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1012.437 [GMT -8:00]

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Corel\Graphics8\Programs\MFIndexer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\Deb\LOCALS~1\Temp\RtkBtMnt.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Deb\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\corelm~1.lnk - c:\corel\graphics8\programs\MFIndexer.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-15 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-15 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-15 40384]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]

=============== Created Last 30 ================

2011-02-17 23:22:29 -------- d-----w- c:\docume~1\deb\locals~1\applic~1\Temp
2011-02-17 23:12:41 -------- d-----w- c:\docume~1\deb\locals~1\applic~1\Adobe
2011-02-17 17:10:12 388096 ----a-r- c:\docume~1\deb\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-17 17:10:11 -------- d-----w- c:\program files\Trend Micro
2011-02-17 16:39:02 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-02-17 16:39:02 215920 ----a-w- c:\windows\system32\muweb.dll
2011-02-17 16:39:02 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-02-16 23:48:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-16 23:48:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-16 23:48:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-16 23:48:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-02-16 22:21:34 -------- d-----w- c:\program files\MSXML 4.0
2011-02-16 20:22:57 -------- d-----w- c:\program files\GPLGS
2011-02-16 20:20:56 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2011-02-16 20:20:49 -------- d-----w- c:\program files\Acro Software
2011-02-16 06:07:21 -------- d-----w- C:\TEMP
2011-02-16 06:06:11 211456 ------w- c:\windows\system32\qd3d_ir2.q3x
2011-02-16 06:05:54 229376 ------w- c:\windows\system32\rpza32.qtc
2011-02-16 06:05:23 70656 ------w- c:\windows\system32\3dviewer.dll
2011-02-16 06:05:07 32768 ------w- c:\windows\system32\cmgr32.dll
2011-02-16 06:05:07 165888 ------w- c:\windows\system32\smc32.qtc
2011-02-16 06:04:45 553984 ------w- c:\windows\system32\rave.dll
2011-02-16 06:04:29 83456 ------w- c:\windows\system32\iv32qt32.qtc
2011-02-16 06:04:13 960000 ------w- c:\windows\system32\evysh7.dll
2011-02-16 06:04:10 24064 ------w- c:\windows\system32\dci32.qtc
2011-02-16 06:04:07 108032 ------w- c:\windows\system32\sh33w32.dll
2011-02-16 06:03:52 35840 ------w- c:\windows\system32\navg32.qtc
2011-02-16 06:03:52 20480 ------w- c:\windows\system32\raw32.qtc
2011-02-16 06:03:28 345600 ------w- c:\windows\system32\qtim32.dll
2011-02-16 06:03:08 34816 ------w- c:\windows\system32\jpeg32.qtc
2011-02-16 06:03:08 151040 ------w- c:\windows\system32\cvid32.qtc
2011-02-16 06:02:51 909312 ------w- c:\windows\system32\qd3d.dll
2011-02-16 06:02:35 128000 ------w- c:\windows\system32\mc32.qtc
2011-02-16 06:02:33 218112 ------w- c:\windows\system32\scint80.dll
2011-02-16 06:02:00 38912 ------w- c:\windows\system32\dhio32.qtc
2011-02-16 06:01:36 90112 ------w- c:\windows\system32\evysh7us.dll
2011-02-16 06:01:03 103936 ------w- c:\windows\system32\rle32.qtc
2011-02-16 06:00:32 -------- d-----w- c:\windows\Favorites
2011-02-16 06:00:31 -------- d-----w- c:\windows\Profiles
2011-02-16 06:00:31 -------- d-----w- C:\Corel
2011-02-16 05:58:37 -------- d-----w- c:\windows\Corel
2011-02-16 05:21:05 -------- d-----w- c:\windows\SHELLNEW
2011-02-16 05:20:45 -------- d-----w- c:\docume~1\deb\locals~1\applic~1\Microsoft Help
2011-02-16 04:56:41 -------- d-----w- c:\documents and settings\deb\download
2011-02-16 02:00:18 -------- d-----w- c:\program files\Avery Dennison
2011-02-16 01:01:20 -------- d-----w- c:\documents and settings\deb\Debi's flash
2011-02-15 22:33:27 -------- d-sh--w- c:\documents and settings\deb\IECompatCache
2011-02-15 22:32:18 -------- d-sh--w- c:\documents and settings\deb\PrivacIE
2011-02-15 22:30:04 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-02-15 22:29:35 -------- d-sh--w- c:\documents and settings\deb\IETldCache
2011-02-15 22:15:04 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-02-15 22:14:44 -------- d-----w- c:\windows\ie8updates
2011-02-15 22:14:34 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-02-15 22:14:33 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-02-15 22:14:33 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-02-15 22:14:33 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-02-15 22:14:33 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-02-15 22:14:32 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-02-15 22:14:32 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-02-15 22:12:54 -------- dc-h--w- c:\windows\ie8

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 22:15:51 81920 ------w- c:\windows\system32\ieencode.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ------w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 10:20:14.00 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/15/2011 1:06:56 PM
System Uptime: 2/20/2011 8:27:05 AM (2 hours ago)

Motherboard: Acer | |
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU | 1596/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 136.191 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8102E Family PCI-E Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_015B1025&REV_02\4&20975680&0&00E1
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8102E Family PCI-E Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_015B1025&REV_02\4&20975680&0&00E1
Service: RTLE8023xp

==== System Restore Points ===================

RP1: 2/15/2011 1:10:27 PM - System Checkpoint
RP2: 2/15/2011 1:43:20 PM - Software Distribution Service 3.0
RP3: 2/15/2011 1:51:25 PM - avast! Free Antivirus Setup
RP4: 2/15/2011 1:57:07 PM - Software Distribution Service 3.0
RP5: 2/15/2011 2:05:45 PM - Software Distribution Service 3.0
RP6: 2/15/2011 2:31:10 PM - Installed Windows XP WgaNotify.
RP7: 2/15/2011 2:47:31 PM - Software Distribution Service 3.0
RP8: 2/15/2011 5:59:12 PM - Installed DesignPro 5
RP9: 2/15/2011 8:53:13 PM - Installed WinZip 15.0
RP10: 2/15/2011 9:19:48 PM - Installed Microsoft Office Professional Plus 2007
RP11: 2/16/2011 12:20:53 PM - Printer Driver CutePDF Writer Installed
RP12: 2/16/2011 2:21:27 PM - Software Distribution Service 3.0
RP13: 2/17/2011 9:10:10 AM - Installed HiJackThis
RP14: 2/17/2011 3:18:15 PM - Installed Adobe Reader X (10.0.1).
RP15: 2/18/2011 11:37:54 AM - Software Distribution Service 3.0
RP16: 2/18/2011 7:21:35 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Thank you again,
Debi
debid
Active Member
 
Posts: 2
Joined: February 17th, 2011, 1:20 pm

Re: Problem with hijacking

Unread postby deltalima » February 20th, 2011, 3:13 pm

Hi debid,

Please let me know if you have all the information required to reset the router to the factory default settings and reconfigure it to work with your ISP.

Uninstall List
  • Open HijackThis.
  • Click on Open the Misc tools section.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Please follow the instructions here to change your DNS settings to use OpenDNS then reboot the computer and let me know if the redirects have stopped.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Problem with hijacking

Unread postby Cypher » February 23rd, 2011, 3:34 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 61 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware