This posting is in reference to:http://www.bleepingcomputer.com/forums/t/206743/unknown-malware-search-engine-redirect-problem/
I am an IT consultant that had a customer bring the exact same problem up to me as described in the previous topic. The system is running Windows XP Pro. Be aware that this issue came up in the same time frame. I also tried several removal tools - ComboFix (would not run due to CMD problem in regular or safe mode), MalwareBytes (no detection), etc. My customer has current Kaspersky Corporate with current virus definitions. I decided to run a full anti-virus scan and found the following files were infected (from the System Restore):
A0039364.sys -> Rookit.Win32.Agent.fwt
A0034455.sys -> Rookit.Win32.Agent.eoj
A0039365.sys -> Rookit.Win32.Agent.hss
After rebooting the machine the problem with CMD, REGEDIT, and browser redirection continued. This was expected since nothing was found outside of the System Volume Information folders.
The redirected website is (not posting direct link) webstabilityscan.com.dontuse. This appears to be another fake virus scanning site. It is important to note that browser redirection appears to be completely random. Several different sites can be visited without problem.
I'm currently running GMER, as suggested in the previous posting, under normal mode with Kaspersky protection disabled. I will post my results of the scan soon.