8 Step search result hijack help

redirected

can anyone help, newby in forum. I have read loads on removing malware including ccleaner, ad aware, super anti spyware and this is the log for Hijack this....

help needed

Hi davey3jobs,

Sorry you cannot just post on someone's Topic (especially this one )

You need to create your own >> New Topic, just for you

So its up to him now?

We can only Pray

kritius and Bobbye are the best Malware helpers here
But since kritius and I argue all the time Then I am praying a lot, that he will look through the posts and find something I've missed


I'm out of ideas, I even thought Erunt may be returning the Malware or something (who knows)
Hopefully kritius :rolleyes:
(please?)

Yes,..... please.

help!!!!!!!

Are the redirects in Firefox, IE or both?

Yes they are.

Yes they are in Firefox or yes they are in both.

Delete the copy of ComboFix that you have and then download a fresh one.

Sorry, yes the search results are hijacked in both browsers.

Right. Do the ComboFix step then.

Also,

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Start>run> Combofix /uninstall right?

The icon is still there

Sorry no. Just delete the icon and redownload. Don't use the uninstall switch until I say so.

here is the log

I accidently performed the Combofix /uninstall before you had told me not to. Thats how i was informed how to do it from the last person i spoke to. I wanted to let you know in case it is pertinent

ok.

Redownload ComboFix and post the log that it produces.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  
  Code:

  :filefind
  *brgjjtge.sys

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

combofix log

systemlock log

I'm just going to throw in one option:

Download Winsock Reset http://go.microsoft.com/?linkid=9662461
More info here on Winsock2: http://support.microsoft.com/kb/811259

Run it, then restart, then test again

kritius?