Snowman

Hello Elise, I found the core folder that you spoke of above, but the tree only went this deep c:\qoobox\quarantine\c\windows Thanks for all of your help. I have one question. I see a number of similar posts for this Google redirect issue, and although I could have missed it, I haven't really seen a definitive answer as to the name of this trojan/virus or whatever it's called, where it resides and why so many programs have trouble getting rid of it and detecting it in the first place. Again, thanks for your help. Here is the log.... Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4232 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 6/24/2010 5:53:29 AM mbam-log-2010-06-24 (05-53-29).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 344835 Time elapsed: 57 minute(s), 52 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Was combofix supposed to get rid of the Google redirect issue? I can't say for sure if the problem is gone at this point. The redirect issue does not happen every time, so it's hard to know right now if the problem still exists or not. True, Combofix did not complete the first time. I came back to the computer and the screen was black, but the PC was still running. Nothing I could do would "wake" it up.

As requested, here is the combofix.txt file for your review. Thanks! combofix.txt

Here it is! GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-21 21:09:00 Windows 5.1.2600 Service Pack 3 Running: hn78ys1h.exe; Driver: C:\DOCUME~1\BENAND~1\LOCALS~1\Temp\uwxdqfod.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAD21B620] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\DRIVERS\ati2mtag.sys section is writeable [0xB97E9000, 0x1A05E6, 0xE8000020] init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xAD4B1A00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ---- Extras.Txt OTL.Txt

I've seen several variants of this same topic/problem. Not sure if I should be posting in someone else' thread or start a new one. As I just mentioned, I have the same issue that some other members have very recently mentioned also. Both in FireFox and Internet Explorer, after searching Google then clicking on a link in the results page, I am on occasion (but not always) re-directed to another seemingly legit search site, or elsewhere. I have been unable to detect with AVG, SuperAntiSpyware, CCleaner or MalwareBytes any trojan, virus etc.... Looking for help to identify and rid myself (my computer) of this nagging/annoying and potentially damaging bug. Any help would be greatly appreciated. Just tell me what to do. Background: Running WinXP SP3 AVG (free version) SuperAntiSpyware CCleaner MalwareBytes