Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack problem - changes URL's and prevents anti malware installation


  • This topic is locked This topic is locked
6 replies to this topic

#1 radiohead319

radiohead319

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 08 October 2010 - 01:10 PM

I have a problem which I'd be really grateful for any ideas to help sort without re-building the whole PC. I've tried following the advice in the sticky, but this virus seems to be clever enough to stop me from doing this successfully. If we can sort this I'll definitely respond to say its fixed, and would even be prepared to write a "dummies guide" if it helps.

Symptoms:
1/When doing a Google search, when clicking on a search result it either goes nowhere, or takes you to a porn site. Before you click on the link you can see something is dodgy, because in bottom left corner you can see a lot of junk at the end of the URL when you hovver over the link.
2/ Even directly typed URL's get mis-directed. eg when I type malwarebytes.co.uk it redirects me to either an "oops Google chrome could not find that site" page, or another apparently genuine (but probably bogus) malware site (typical - it's not taking me there at the moment so I cant give you the URL!)
3/ I cannot install Microsoft Malicious Software Removal Tool - when I click on the install program it hangs for a few minutes and then nothing
4/ I cannot run Malwarebytes. From the PC I cannot get to the website and even download it. If I download and transfer from another PC with a memory stick, I can install, but when I try to run, nothing. Even if I try to run the .exe from DOS, still nothing.
5/ I've tried all of the above in normal and safe mode.
6/ Results are same in Chrome, Firefox or IE8 browsers.
7/ I ran AVG free full scan and it found nothing.


Related info:
This might be nothing to do with it, but I operate on a "no smoke without fire" basis:-
1/ A couple of weeks before this problem started, I started getting a Windows error sound during boot, and then a message saying "Windows cannot find 'C:\WINDOWS\system32\ntdevice.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search." , .............although PC seemed to work OK
2/ Around the same time I started getting intermittent "page not found" problems when browsing the web which I suspected to be some kind of DNS issue with my ISP, because other pages displayed fine at the same time.

That's about all i can say for the moment. I'd appreciate some help!

HiJack This scan result when logged-in in Normal mode with nothing disables at startup:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:07:08, on 08/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\J49O31CZ\HijackThis[1].exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: GLOSSFM Toolbar - {d9850e44-3af2-457e-85a1-c7a0b0d91c4a} - C:\Program Files\Gloss_FM\tbGlo0.dll
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\system32\ntdevice.exe
O1 - Hosts: 89.149.225.67 www.google.com
O1 - Hosts: 89.149.225.67 www.google.de
O1 - Hosts: 89.149.225.67 www.google.fr
O1 - Hosts: 89.149.225.67 www.google.co.uk
O1 - Hosts: 89.149.225.67 www.google.com.br
O1 - Hosts: 89.149.225.67 www.google.it
O1 - Hosts: 89.149.225.67 www.google.es
O1 - Hosts: 89.149.225.67 www.google.co.jp
O1 - Hosts: 89.149.225.67 www.google.com.mx
O1 - Hosts: 89.149.225.67 www.google.ca
O1 - Hosts: 89.149.225.67 www.google.com.au
O1 - Hosts: 89.149.225.67 www.google.nl
O1 - Hosts: 89.149.225.67 www.google.co.za
O1 - Hosts: 89.149.225.67 www.google.be
O1 - Hosts: 89.149.225.67 www.google.gr
O1 - Hosts: 89.149.225.67 www.google.at
O1 - Hosts: 89.149.225.67 www.google.se
O1 - Hosts: 89.149.225.67 www.google.ch
O1 - Hosts: 89.149.225.67 www.google.pt
O1 - Hosts: 89.149.225.67 www.google.dk
O1 - Hosts: 89.149.225.67 www.google.fi
O1 - Hosts: 89.149.225.67 www.google.ie
O1 - Hosts: 89.149.225.67 www.google.no
O1 - Hosts: 89.149.225.67 search.yahoo.com
O1 - Hosts: 89.149.225.67 us.search.yahoo.com
O1 - Hosts: 89.149.225.67 uk.search.yahoo.com
O1 - Hosts: 89.149.225.67 www.bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: GLOSSFM Toolbar - {d9850e44-3af2-457e-85a1-c7a0b0d91c4a} - C:\Program Files\Gloss_FM\tbGlo0.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: GLOSSFM Toolbar - {d9850e44-3af2-457e-85a1-c7a0b0d91c4a} - C:\Program Files\Gloss_FM\tbGlo0.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [rundll32] C:\WINDOWS\system32\ntdevice.exe
O4 - HKLM\..\Run: [vigotaf] Rundll32.exe "C:\WINDOWS\system32\kipiheb.dll" s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rundll32] C:\Documents and Settings\Owner\userinit.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Shortcut to map.lnk = C:\Program Files\Robocopy and Batch Files\map.bat
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1254571273282
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{98926D21-2D39-4929-B134-7458F83B254E}: NameServer = 93.188.162.238,93.188.161.238
O17 - HKLM\System\CCS\Services\Tcpip\..\{D86986BB-614A-4F86-B8B5-CF7CBDD889D1}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.238,93.188.161.238
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.238,93.188.161.238
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.238,93.188.161.238
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\kipiheb.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O24 - Desktop Component 0: (no name) - https://secure.logmein.com/images/icons/computer.gif/

--
End of file - 12398 bytes

BC AdBot (Login to Remove)

 


#2 radiohead319

radiohead319
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 08 October 2010 - 02:03 PM

Apologise is this is counter-protocol of this forum....but I see loads of people have read my post, but no responses. Is that because the problem is too difficult, or is it something wrong with my post? Thanks.

Edited by radiohead319, 08 October 2010 - 02:03 PM.


#3 MidwestTech

MidwestTech

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:Rockford, Illinois
  • Local time:11:34 PM

Posted 08 October 2010 - 02:26 PM

Hi,

I would try the following.

1) From a clean PC, download the Malwarebytes (MWB) installer. Install MWB on that PC. Start MWB and run the update. Close MWB. Find the 'Rules.ref' file that has now been updated. The Rules.ref file on XP is in 'C:\documents and settings\all users\application data\malwarebytes\malwarebytes' anti-malware' ; on Vista or Win7 in 'C:\program data\malwarebytes\malwarebytes' anti-malware'. Copy the downloaded installer file and the 'Rules.ref' file from the installation to the memory stick.

2) From the first pinned topic in this forum, read the post on RKill, then download and copy to the memory stick.

3) On the infected PC, boot to safe mode. Copy the RKill.com to the PC, open a Command Prompt window (this way you can see the program responses) and run RKill.com. Hopefully this will have killed a process(es) that was keeping MWB from running.

4) Copy the MWB install file to the PC and install the app. When finished installing, make sure MWB isn't running, then use the 'Rules.ref' file we created in step one to overwrite the existing one on this PC. Start MWB and run a complete scan.

Thanks,
Todd

#4 radiohead319

radiohead319
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 08 October 2010 - 02:53 PM

Thanks Todd / MidwestTech - maybe I'm a bit sentimental, but I never cease to be amazed by the power of the internet that you can find someone to help you who is probably thousands of miles away - it restores your faith in humanity!

Unfortunately no success - results as follows:

1/ Not possible - can install MWB, but cannot run it from start menu or CMD prompt
2/ & 3/ Done OK - but it did not find any processes to kill
4/ Not possible - see 1/

Any ideas anyone?

#5 MidwestTech

MidwestTech

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Location:Rockford, Illinois
  • Local time:11:34 PM

Posted 08 October 2010 - 03:03 PM

Well, it looks like things are a bit worse than we had hoped for.

You may get some more advise in this forum, but I think you are probably going to want to open a new post in Virus, Trojan, Spyware, and Malware Removal Logs forum. You should be able to just copy your initial message over to there. Just remember though, they are all volunteers and it may take several days to get to your issue. If time is a concern, reformatting and reinstalling may be a quicker solution. But if you would like to fix the issue and learn a little something along the way then I would suggest seeing what they can do for you.

Good luck.

#6 radiohead319

radiohead319
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 08 October 2010 - 04:51 PM

Well, it looks like things are a bit worse than we had hoped for.

You may get some more advise in this forum, but I think you are probably going to want to open a new post in Virus, Trojan, Spyware, and Malware Removal Logs forum. You should be able to just copy your initial message over to there. Just remember though, they are all volunteers and it may take several days to get to your issue. If time is a concern, reformatting and reinstalling may be a quicker solution. But if you would like to fix the issue and learn a little something along the way then I would suggest seeing what they can do for you.

Good luck.

Thanks - I'll give them a try!

#7 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:34 AM

Posted 14 October 2010 - 06:31 PM

Hello,

Please note, we do not analyze HiJack This logs in this forum. I see that you have since posted a topic here: http://www.bleepingcomputer.com/forums/topic352535.html

Now that you have posted a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take a few more days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users