Another google hijacker?

Hi there & welcome.

Did you run MGTools? I need you to run that also and if you already have then please attach the C:\Mglogs.zip into your next reply here.

Thanks
Kes13!

 

1. First of all a question: Is your anti-virus F Secure running okay? Are you having any issues with it at all?

2. Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
• O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
• O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

After clicking Fix exit HJT.


3. Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and logs posted for each one)

• Copy the file path in the below Code box:
  
  Code:

  C:\WINDOWS\System32\drivers\9805456.sys

• At the upload site, click once inside the window next to Browse.
• Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.
• Next click Submit file
• Your file will possibly be entered into a queue which normally takes less than a minute to clear.
• This will perform a scan across multiple different virus scanning engines.
• Important: Wait for all of the scanning engines to complete.
• Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

Then do the same for the below files and also let me know the results:

Code:

C:\WINDOWS\System32\drivers\98054561.sys
C:\WINDOWS\System32\drivers\98054562.sys
C:\WINDOWS\System32\drivers\utezmtyx.sys

4. I noticed you ran TDSSKiller, may I see the logs from when you did so? They exist on your C drive with a date of 15th Dec:

• TDSSKiller1.txt
• TDSSKiller.txt

5. Let's try the beta version of ComboFix which is named KittyFix.exe

Download ComboFix from http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe and save it to your Desktop.

Note: This is a beta version of combofix and might be unstable but tests done so far have proved it works well

Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer.

• Now Exit/Close/Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Close any open browsers and any other programs you might have running.
• Double click on kittyfix.exe & follow the prompts.
• If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this!
• When finished, it will produce a report for you. Please attach the "C:\ComboFix.txt" to your next message.

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.


6. So in your next reply here:

• Give the results from the scans at jotti
• Attach the two TDSSKiller logs
• Also attach the log from running Combofix

Thanks
Kes13!