Search engine hijacked - 8 step logs attached

[reggie20d]

Like many others recently, I seem to have acquired a virus where any search engine that I use sends me to a lousy site that is not where I really want to go.

This one was a real bugger to go through the 8 step process with. It was preventing me from installing the Malwarebytes Anti Malware. I was finally able to get around it by installing a trojan remover (www dot simplysup dot com) in Windows safe mode and then was able to uninstall the faulty Malwarebytes install and re-install it. After this little 3 hour detour the rest of the 8 step process went smoothly!

I now have my log files which I have attached to this message.

I would really appreciate any help with checking out these logs to see if my machine needs more cleansing

Thanks in advance,
Mike

(My name is Mike, I am an antivirus-a-holic and I have stayed up most of the night to do my 8 step program! )

 

[Blind Dragon]

Good work - how is the system running now?

Combofix

• Download Combofix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

 

[reggie20d]

Blind Dragon,

Thanks, my system was working a lot better after going through the 8 step process!
I have downloaded and run combofix. That log and the fresh HJT logs are attached.

Thanks for taking the time to look at this... I really appreciate it!

- Mike

The 8 step process did wonders for my infected machine, so I thought it would be a good idea to go through it on my second computer as well as a preventative measure.
The Malwarebytes and SuperSpyware seemed to find a lot of potential issues to fix.

I have attached the 8 step logs for that machine as well in this posting... can anyone see potential issues in this log set that I should take further action on?

Thanks in advance for any input!

- Mike

 

[kimsland]

Shouldn't the other logs be supplied?
Many users forget to do this, or to fix any found issues
Please provide the other logs

Also it will create too much confusion saying, this is for the first computer and this part is for the second computer.
Only one computer at a time please

Edit: Oh I just worked it out, you have all the logs in one txt file!

 

[Blind Dragon]

On the first computer it appears combofix took care of the driver that we needed it to.

I would also recommend against norton, but I understand if you paid for it you may not want to get rid of it. I would suggest Avira Antivir free for antivirus.

I also noticed you don't appear to have a firewall running
Here are some firewalls which are free for personal use and most commonly used:
Comodo <-Vista Compatible
Zonealarm <-Vista Compatible

===========================================

Now for a second opinion I would like you to run an online scan to make sure you are clean and we didn't miss anything - after this we can clean up and start on the 2nd computer

Run Kaspersky Online AV Scanner

In order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

• Read the Requirements and limitations before you click Accept.
• Allow the ActiveX download if necessary.
• Once the database has downloaded, click Next.
• Click on "My Computer"
• When the scan has completed, click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Attach the report into your next reply

 

[reggie20d]

Just when things were looking good.... BOOM!

... things had been going real well until a bit of a blow-up tonight!

I thought I would take your advice and install Avira antivirus to replace Norton.

I installed it and then decided to run a scan. About 1/2 way through, it died with a Windows 'blue screen of death'... I don't recall what it said that time.

I powered down the computer and tried booting up again. (several attempts including going to safe mode and also tried booting to last known good configuration a few times... but... blue screen every time.

It says:

"UMOUNTABLE BOOT VOLUME"
Safe mode:
"Windows could not start.. file missing or corrupt:
<Windows root>\system32\hal.dll
Please re-install a copy of above file.

Any advice on what to do now would be greatly appreciated.

Thanks,
Mike

 

[kimsland]

You need to run CheckDisk, and remove any added on Hardware (usually USB devices)

Place your Windows CD in the Drive
Restart and boot from the Windows CD
Select the first R prompt for the Recovery Console
Select 1 (by pressing 1)
Press Enter
Usually no Administrator password

On the Recovery Console, type:
chkdsk c: /f
Press Enter, Checkdisk should find and fix any faults
Restart

 

[Blind Dragon]

and if that doesn't work, while you are at the recovery console

When you reach the command prompt - type the following and then press Enter:

expand d:\i386\hal.dl_ c:\windows\system32\hal.dll

d represents the drive letter assigned to the optical drive that your Windows XP CD is currently in.Your system could assign a different letter. Also, c:\windows represents the drive and folder that Windows XP is currently installed on. Again, your system could be different.


If you're prompted to overwrite the file, press Y

 

[reggie20d]

... still struggling

Thanks for all the suggestions so far, but...

Well....things seem to have really gone downhill.

I got the recovery console up, but it went directly to the C:\ prompt right after pressing R for the recovery console. Problem was, I could not do anything (not even a 'dir'). Any kind of operation on the c:\ drive failed.

I took the harddrive out of the computer and installed it as a second drive in my other computer. During boot, it detected the drive and proceeded to do a chkdsk on it. This took several hours... it was unable to read almost everything as I watched it for a while.

Once the chkdsk was done, I could see a lot of system files on the drive and an IQuser MyDocuments folder was there, but basically all my 'Mike' user files were gone. There were some links to some of the latest word documents that I had been working on, but the link was to the 'Mike' mydocuments directory that seems to have been deleted?

When I put the drive back in the original machine, it still won't boot... says some system files are missing or corrupt. When I try using recovery console again, it still complains about the hal.dll file.
... interesting sidebar... something in chkdsk worked a bit since, now when using recovery console, it does prompt me to enter '1' and then login as administrator. Problem is, none of the passwords I have tried work?? Maybe I set it to something strange that I have forgotten??

Tonight I am going to try putting the drive back in the other working computer and see if it makes a difference if I copy a good hal.dll file into the ../system32 folder.

My wife had a few hours of word files that I would really like to recover, but I am starting to think that all is lost.
Unless this last attempt works tonight, or someone has other suggestions, I think it is time to cut my losses, buy a new harddrive and re-install windows... er, maybe I will turn it into a Linux machine.

 

[kimsland]

This sounds like a faulty Harddrive sadly
Best to replace it with a new one
You can then use the old one as a secondary drive and try to back up any user data files