Yipes! Hijacked!

Friendly Geekpeople,

Hosted a nephew who was on leave from Iraq, and didn't have the heart to tell him he couldn't surf. It appears he visited lots of dating/singles sites (ggrrrr...). Now every Google search is a frustrating plod through unwanted search sites, ads, etc. Even goes to E-bay sometimes.

I believe I've followed the instructions to the letter; did all the scans, saved all the logs. Attaching my HJT log.

My computer: Pentium 4, 2.8 GHZ
1BG Ram
Windows XP, version 2002, SP2

You are like GODS for helping boneheads like me.

rrussell1

 

You have Norton and BitDefender installed. Never have more than 1 Antivirus program installed on your computer. They will conflict with each other. Pick one uninstall teh other.

HijackThis is not installed properly. Move HijackTHis to C:\Program Files\HJT.

Scan wit HijackThis and fix the following lines:

REBOOT

Post a fresh HijackThis log, and I need the logs from the Bitdefender and Panda ACtiveScan Online scans.

 

Thanks

My bad. Installed Bitdefender instead of using its onine scanner. I've uninstalled it, will use the scanner (found it), move HJT as directed, post new logs. Please advise "fix" the following lines"... by "fix," you mean delete, right?

Thanks again. Bitdefender scan takes forever. Will get back when it's done.

rrussell1

 

Okay, think I've got things like you suggested.

Fixed problems as directed. Posting HJT log, Bitdefender and Panda logs.

Thanks again for the help.

rrussell1

 

Those lines are gone now. By fix I mean put a check mark in the box next to the line and click-on the 'Fix Checked' button.

Delete this file C:\Documents and Settings\All Users\Favorites\Download Free Spyware Remover.url.

What if anyrhing did the BitDefender online scan find?

 

Thanks! Figured out the fix thing once I got into the program. Sorry for my ignorance.

I attached the BitDefender log, will re-attach, and include a .txt version. Seems like it found a bunch. I'm so frustrated at my nephew... in finding the file you told me to delete, I found all this dating and sex and pharmacy stuff. Grrrr. Deleted that stuff too.

How close do you think I am to being out of the woods here?

Sure appreciate the help.
rrussell1

 

Just checked out Google, and I'm still getting railroaded onto Netster, Lycos, etc. Dang.

Posting the most recent HJT log.

Thanks for looking.

rrussell1

 

Delete these 2 files:
D:\MiniNT\system32\b4ndrcvy.bat
D:\I386\SYSTEM32\b4ndrcvy.bat

There is nothing in you HijackThis log to account for that behavior.

Do the following:
Running WinPfind by OldTimer
Using GetRunKey

Post both WinPFind.txt and runkey.txt when finished.

 

SPD,

Attached the requested logs.

Unable to access the two files on D drive. Assuming I'll have to turn off system recovery to get to them; wanted to check with you before doing that.

BTW, I'm noticing better overall speed at this point.

Thanks!
rrussell1

 

OK, there is nothing in your logs, that would account for the redirections.

Follow the directions for
Running Ewido Anti-Malware.


Right-click on b4ndrcvy.bat, select Edit.

Copy & Paste the contents of that file in your next post. Also post the Ewido log.

 

Thanks

I've got some pretty intense work going on today, can't unplug the internet connection 'cause I'm working remotely with several others. Please bear with me, and I'll do this last suggested step late tonight.

Thanks,

rrussell1

 

I'll be here

 

Thanks, man.