Options
Hijacked Search Results/Spyware Blockage
Hello,
Having a heck of a time trying to fix this... Google search results lead to random misdirected websites and I can't run superantispyware nor defender etc... what should i do?
Having a heck of a time trying to fix this... Google search results lead to random misdirected websites and I can't run superantispyware nor defender etc... what should i do?
0
Comments
Please download Malwarebytes' Anti-Malware by clicking the link below:
http://www.besttechie.net/tools/mbam-setup.exe
Double Click mbam-setup.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* You'll be required to post the contents of this log later.
Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:
Go here ======> A guide and tutorial on using ComboFix <====== Go here
Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should get a prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
(2) Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the MBAM log and C:\ComboFix.txt, so that we may continue cleansing the system.
Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
Thank you for the reply. I've been trying to download and run the "Malwarebytes" program all evening. I figured I'd try again following your instructions and soon after I performed the "Quick Scan" I got the blue screen and it said "problem has been detected...windows shut down...problem w/ following file "aujasnkj.sys"
Rebooted computer and now can't start "Malwarebytes" program just like before "Windows cannot access the specified device...". Trying to search for this file right now...
Unfortunately couldn't run the combo fix either. The only virus scan I was able to complete was with Avira AntiVir. Here is the report that just completed a moment ago. Thanks again for your help.
Avira AntiVir Personal
Report file date: Sunday, August 30, 2009 12:04
Scanning for 1668725 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HOME-63E89B9F48
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 21:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 18:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 19:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 18:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 20:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 17:21:42
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 8/21/2009 23:29:35
ANTIVIR3.VDF : 7.1.5.179 236544 Bytes 8/28/2009 23:29:36
Engineversion : 8.2.1.7
AEVDF.DLL : 8.1.1.1 106868 Bytes 7/28/2009 21:31:50
AESCRIPT.DLL : 8.1.2.26 463227 Bytes 8/28/2009 23:29:42
AESCN.DLL : 8.1.2.4 127348 Bytes 7/23/2009 17:59:39
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 17:59:39
AEPACK.DLL : 8.1.3.18 401783 Bytes 7/28/2009 21:31:50
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 17:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 8/28/2009 23:29:41
AEHELP.DLL : 8.1.6.0 233846 Bytes 8/28/2009 23:29:37
AEGEN.DLL : 8.1.1.59 356725 Bytes 8/28/2009 23:29:37
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 22:32:40
AECORE.DLL : 8.1.7.6 184694 Bytes 7/23/2009 17:59:39
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 22:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 16:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 18:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 22:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 18:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 23:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 18:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 23:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 16:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 18:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 23:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 18:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: Sunday, August 30, 2009 12:04
Starting search for hidden objects.
'65258' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpqgalry.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned
Scan process 'SideACT.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ccApp.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleQuickSearchBox.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'itechPrn.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'VPTray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'g2tray.exe' - '1' Module(s) have been scanned
Scan process 'g2pre.exe' - '1' Module(s) have been scanned
Scan process 'Rtvscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'g2comm.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'g2svc.exe' - '1' Module(s) have been scanned
Scan process 'DefWatch.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ccEvtMgr.exe' - '1' Module(s) have been scanned
Scan process 'ccSetMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '66' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\HiJackThis.exe
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\Administrator\Application Data\Simply Super Software\Trojan Remover\tau130.exe
[WARNING] The file could not be opened!
C:\Program Files\Malwarebytes\mbam.exe
[WARNING] The file could not be opened!
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[WARNING] The file could not be opened!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[WARNING] The file could not be opened!
C:\Program Files\Trojan Remover\Trjscan.exe
[WARNING] The file could not be opened!
C:\Program Files\Windows Defender\MsMpEng.exe
[WARNING] The file could not be opened!
C:\Program Files\winlogon.exe\xxx.exe.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{5AADFA88-F876-46E2-9B77-2AEAC8753335}\RP127\A0021178.exe
[DETECTION] Is the TR/Spy.Banker.Gen Trojan
C:\System Volume Information\_restore{5AADFA88-F876-46E2-9B77-2AEAC8753335}\RP127\A0021179.exe
[DETECTION] Contains recognition pattern of the SPR/Destart.A program
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\eventlog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\MRT.exe
[WARNING] The file could not be opened!
Beginning disinfection:
C:\System Volume Information\_restore{5AADFA88-F876-46E2-9B77-2AEAC8753335}\RP127\A0021178.exe
[DETECTION] Is the TR/Spy.Banker.Gen Trojan
[NOTE] The file was moved to '4acaf48b.qua'!
C:\System Volume Information\_restore{5AADFA88-F876-46E2-9B77-2AEAC8753335}\RP127\A0021179.exe
[DETECTION] Contains recognition pattern of the SPR/Destart.A program
[NOTE] The file was moved to '4acaf48c.qua'!
End of the scan: Sunday, August 30, 2009 14:51
Used time: 2:42:04 Hour(s)
The scan has been done completely.
19411 Scanned directories
604049 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
12 Files cannot be scanned
604035 Files not concerned
5654 Archives were scanned
12 Warnings
3 Notes
65258 Objects were scanned with rootkit scan
0 Hidden objects were found
Please download OTS.exe by OldTimer and save it to your desktop:
http://oldtimer.geekstogo.com/OTS.exe
Double click on OTS.exe to run it.
Under Drivers section, select Non-Microsoft.
Click on the Run Scan button at the top left hand corner.
OTS will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.