shovelhead

I have some sort of contamination that won't let me run Malwarebytes. I also cannot load any programs from the start menu. It just beeps. However I was able to load Firefox and IE.

thought i bump up to the top again instead of being on page 7 with no response

I was at a friends tavern/restaurant going over some contract documents and asked him about connecting to the internet. When I viewed the networks available, he told me which one to connect too. It was the wrong one, and immediately after I encountered problems. I could no longer find any networks available and applications close. He thought that maybe I tried to connect to his internet jukebox which connects to a computer via a wireless network. I ran malwarebytes and found 1 virus and a couple other things. I still cannot access anything wirelessly after removal. I tried uninstalling and re installing but no luck. Trouble shooter recomended a system restore, that didn't work either. Please help. Here is the log from my removal. mbam_log_2010_06_28__19_48_36_.txt

Here is a copy of the log. I seem to have no problems, I just want to make sure. mbam_log_2010_06_23__14_57_07_.txt

I just noticed a diferent problem, everytime IE is launched two windows open. When I go to close IE it always freezes and also if I try to change any settings for IE it will freeze/lock up. Could this be something left behind?

AWESOME JOB screen317!!!! No more redirects, I tried several random searches and didn't have any redirects; and after I restarted, my entire machine ran quicker than it has in a long time. I can't thank you enough!! What would you recommend doing as far as my security goes? Should I get rid of anything I have and get something new for protection? Thank you so much!! Here is the log ComboFix 10-01-04.01 - Owner 01/04/2010 22:19:36.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1430 [GMT -5:00] Running from: c:\documents and settings\Owner.ZEUS\Desktop\ComboFix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 ))))))))))))))))))))))))))))))) . 2009-12-30 03:33 . 2009-12-30 03:33 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2009-12-27 21:29 . 2009-12-27 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom 2009-12-27 21:29 . 2009-12-27 21:29 -------- d-----w- c:\documents and settings\Owner.ZEUS\Local Settings\Application Data\TomTom 2009-12-27 21:29 . 2009-12-27 21:29 -------- d-----w- c:\documents and settings\Owner.ZEUS\Application Data\TomTom 2009-12-27 21:29 . 2009-12-27 21:29 -------- d-----w- c:\program files\TomTom International B.V 2009-12-27 21:28 . 2009-12-27 21:29 -------- d-----w- c:\program files\TomTom HOME 2 2009-12-24 08:59 . 2009-12-24 08:59 -------- d-----w- c:\documents and settings\Owner.ZEUS\Application Data\McAfee 2009-12-24 06:31 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-24 06:31 . 2009-12-24 06:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-24 06:31 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-24 04:02 . 2009-12-24 05:17 15 ----a-w- c:\documents and settings\Owner.ZEUS\settings.dat 2009-12-19 14:34 . 2009-12-19 02:05 293376 ----a-w- c:\documents and settings\Owner.ZEUS\Application Data\yahoo!\Mail\attach\n8mgkzf2.exe 2009-12-12 11:36 . 2009-12-12 11:36 306984 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-12-08 13:16 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll 2009-12-08 13:16 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll 2009-12-08 04:47 . 2009-12-08 04:47 -------- d-----w- c:\program files\Microsoft Silverlight . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-05 03:02 . 2009-03-18 01:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-04 21:00 . 2009-03-18 01:41 -------- d-----w- c:\program files\Spyware Doctor 2010-01-02 15:23 . 2007-06-19 02:51 2228 ----a-w- c:\documents and settings\Owner.ZEUS\Application Data\wklnhst.dat 2009-12-26 17:57 . 2009-03-18 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-12-19 14:34 . 2007-06-19 01:23 -------- d--h--r- c:\documents and settings\Owner.ZEUS\Application Data\yahoo! 2009-12-18 20:01 . 2009-03-18 01:41 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-12-12 11:36 . 2006-12-26 20:45 8224 ----a-w- c:\documents and settings\Owner.ZEUS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-12-09 15:45 . 2006-10-06 04:39 -------- d-----w- c:\program files\Microsoft Works 2009-12-06 00:33 . 2009-12-06 00:33 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe 2009-12-02 13:10 . 2009-12-02 13:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2009-12-02 02:52 . 2006-10-06 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-11-28 19:15 . 2009-11-28 19:15 -------- d-----w- c:\program files\USB Media 2009-11-26 07:24 . 2006-10-06 04:38 -------- d-----w- c:\program files\Common Files\Real 2009-11-26 07:24 . 2009-11-26 07:24 -------- d-----w- c:\program files\Common Files\xing shared 2009-11-26 07:23 . 2009-11-26 07:23 -------- d-----w- c:\program files\Real 2009-11-25 11:55 . 2009-11-24 22:44 -------- d-----w- c:\documents and settings\Owner.ZEUS\Application Data\Move Networks 2009-11-24 22:44 . 2009-11-24 22:44 127325 ----a-w- c:\documents and settings\Owner.ZEUS\Application Data\Move Networks\uninstall.exe 2009-11-24 22:44 . 2009-08-13 19:21 4187512 ----a-w- c:\documents and settings\Owner.ZEUS\Application Data\Move Networks\plugins\npqmp071505000011.dll 2009-11-21 02:07 . 2009-11-21 02:06 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-19 16:48 . 2009-11-27 13:36 872960 ----a-w- c:\documents and settings\Owner.ZEUS\Application Data\Mozilla\Firefox\Profiles\ypqe5xxp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2009-11-19 16:48 . 2009-11-27 13:36 43008 ----a-w- c:\documents and settings\Owner.ZEUS\Application Data\Mozilla\Firefox\Profiles\ypqe5xxp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2009-11-19 16:48 . 2009-11-27 13:36 340480 ----a-w- c:\documents and settings\Owner.ZEUS\Application Data\Mozilla\Firefox\Profiles\ypqe5xxp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2009-11-19 16:48 . 2009-11-27 13:36 346624 ----a-w- c:\documents and settings\Owner.ZEUS\Application Data\Mozilla\Firefox\Profiles\ypqe5xxp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2009-11-19 10:56 . 2008-09-20 18:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore 2009-10-29 05:38 . 2006-06-17 09:23 667136 ------w- c:\windows\system32\wininet.dll 2009-10-21 05:38 . 2006-06-17 09:23 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2006-06-17 09:23 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-13 10:30 . 2006-06-17 09:23 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 13:38 . 2006-06-17 09:23 149504 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:38 . 2006-06-17 09:23 79872 ----a-w- c:\windows\system32\raschap.dll . ((((((((((((((((((((((((((((( SnapShot@2009-12-27_04.35.10 ))))))))))))))))))))))))))))))))))))))))) . + 2006-06-17 09:44 . 2010-01-05 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2006-06-17 09:44 . 2009-12-27 04:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2006-06-17 09:44 . 2010-01-05 00:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2006-06-17 09:44 . 2009-12-27 04:20 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-12-27 08:59 . 2010-01-05 00:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2006-06-17 09:44 . 2009-12-27 04:20 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-12-27 21:29 . 2009-12-27 21:29 146944 c:\windows\Installer\383397.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Power2GoExpress"="NA" [X] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-18 39408] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-06 98304] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-10-5 2168360] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] 2006-05-24 02:22 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\java.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2009 5:29 PM 130936] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/20/2008 10:14 AM 93320] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/17/2009 8:41 PM 348752] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008] --- Other Services/Drivers In Memory --- *Deregistered* - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2006-12-26 c:\windows\Tasks\ISP signup reminder 1.job - c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12] 2009-08-15 c:\windows\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-06-19 16:22] 2010-01-03 c:\windows\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe [2007-06-19 16:22] 2009-12-18 c:\windows\Tasks\Norton Security Scan for Owner.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-24 20:45] . . ------- Supplementary Scan ------- . uStart Page = www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP8708 uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search - ?p=ZUfox000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html FF - ProfilePath - c:\documents and settings\Owner.ZEUS\Application Data\Mozilla\Firefox\Profiles\ypqe5xxp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MP8708 FF - component: c:\documents and settings\Owner.ZEUS\Application Data\Mozilla\Firefox\Profiles\ypqe5xxp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll FF - plugin: c:\documents and settings\Owner.ZEUS\Application Data\Move Networks\plugins\npqmp071505000011.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-04 22:24 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1280) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-01-04 22:27:03 ComboFix-quarantined-files.txt 2010-01-05 03:26 ComboFix2.txt 2009-12-27 04:37 Pre-Run: 82,071,547,904 bytes free Post-Run: 82,045,165,568 bytes free - - End Of File - - A0BA99095D9F02CEE15783FF7DC05B64

OK, Here are the virus total results and when I ran gooredfix a bubble popped up that said gooredfix will scan for and remove infections. Click yes to continue or no to cancel, I didn't get to select 1 and press enter. Here are the results attached, I couldn't copy and paste GooredFix.txt virustotal.txt

OK, I've done the following and I wasn't able to reply to the post with the logs from FSecure through Internet Explorer, I keep on getting a page load error. So I'm trying to do so with firefox. FSecure found nothing and made no repairs. I have the other logs. The browser still hijacks, I did notice that this only occurs while using firefox and not with IE. Maybe this could be of some help. Couldn't post virus total results, tried to copy and paste when I tried I got this message on a white screen: Method Not Implemented POST to /forums/index.php not supported. Results of screen317's Security Check version 0.99.1 Windows XP Service Pack 3 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee Uninstall Wizard McAfee SecurityCenter Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: Spyware Doctor 6.0 HijackThis 2.0.2 CCleaner Adobe Flash Player 10 Adobe Reader 9.1 `````````````````````````````` Process Check: objlist.exe by Laurent McAfee VIRUSS~1 mcshield.exe McAfee VIRUSS~1 mcsysmon.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````

Hi, Here is my hijack this log (which I didn't have here before) and combofix log. Waiting for help hijackthis1.txt log.txt

Moving my post to the top, someone please help me finish.

Hi, I was told to run combofix, here is the log. What's next? Thank you log.txt

Hi, Downloaded combofix here is the log Thanks log.txt

Hi, Just tried to download combofix, first time got a messasge stating it could not save to desktop, 2nd time got a page load error that said 1-check spelling and caps, 2-check if page was moved.

Ok screen317 here are the logs Malwarebytes' Anti-Malware 1.42 Database version: 3436 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 12/26/2009 7:07:53 PM mbam-log-2009-12-26 (19-07-53).txt Scan type: Quick Scan Objects scanned: 122821 Time elapsed: 4 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS.txt

I've removed malware with MB but I'm still infected with browser redirecting. Everything I run says I'm clean, but it's not. Please help.

I removed all trojans/viruses. I still here something hidden somewhere. Here are some of my logs, if there is something else I should run to help find it please let me know. My search results get hijacked sending me mainly to xxxx://aicse.com/, xxxx.questbooster.com, xxxx://88.214.193.251/click/woland1970 this one comes up and says "page no longer available Link appears to be broken", and this is a popular one (Links disabled; please don't post live malware links in a public forum -screen317 Please help Malwarebytes' Anti-Malware 1.42 Database version: 3423 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 12/24/2009 2:55:42 AM mbam-log-2009-12-24 (02-55-42).txt Scan type: Full Scan (C:\|D:\|E:\|) Objects scanned: 228765 Time elapsed: 1 hour(s), 7 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Attach.txt DDS.txt RootRepealreport.txt

OK I just wanted to move this back to the top. Someone please help. I've originally ran MB and removed some Trojans and part of something still remains and Hijacks and redirects the search engine. Everything I've tried doesn't remove it. Please assist.

Mb detects nothing, dds and defogger run. Gmer will freeze on save after scanning for 20 hours and rootrepeal won't wipe or force delete anything. Browser continues to hijack on searches. all logs attached. Here is Malwarebytes log: Malwarebytes' Anti-Malware 1.42 Database version: 3422 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 12/24/2009 12:52:49 AM mbam-log-2009-12-24 (00-52-49).txt Scan type: Quick Scan Objects scanned: 122497 Time elapsed: 8 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS.txt RootRepealreport.txt Attach.txt

Also my searches are hijacked on my browser.

When I run GMER my system firsts shuts down, when I hit the power button Gmer is scanning, which takes hours upon hours and longer each time I've tried to run it. When it finishes scanning and I try to save my system freezes indefinately until I force a shutdown by holding in my power button. I've ran DDS and saved the two logs. I've uploaded the DDS logs DDS.txt Attach.txt