redirected ie browser overclick.cn

This is the 1st time I've ever posted on a forum

I had the same problem as many here. Redirected from google using IE. Firefox was ok. Malwarebytes anti-malware found nothing, Adaware found 2 trojans WIN32TROJAN AGENT. Spybot found nothing.
Superantispyware found Rootkit.Cloaked/Service-GEN.

After the rootkit was deleted I seem to have IE back under my control.
How can I be sure this is REALLY gone?

On a Dell HP Pavilion505n, XP service pack 3.

Please try Rootrepeal

Install RootRepeal

Click here - Official Rootrepeal Site, and download RootRepeal.zip. I recommend downloading to your desktop.
Fatdcuk at Malwarebytes posted a comprehensive tutorial - Self Help guide can be found here if needed.: Malwarebytes Removal and Self Help Guides.
Click RootRepeal.exe to open the scanner.
Click the Report tab, now click on Scan. A Window will open asking what to include in the scan.
Check the following items:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Click OK
Scan your C Drive (Or your current system drive) and click OK. The scan will begin. This my take a moment, so please be patient. When the scan completes, click Save Report.
Name the log RootRepeal.txt and save it to your Documents folder - (Default folder).
Paste the log into your next reply.

I can't open RootRepeal. Locks up. Message says low virtual memory. I tried to free up some memory, but it still locks up.

Malwarebytes' Anti-Malware 1.38
Database version: 2357
Windows 5.1.2600 Service Pack 3

6/30/2009 9:21:18 PM
mbam-log-2009-06-30 (21-21-09).txt

Scan type: Quick Scan
Objects scanned: 98044
Time elapsed: 13 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\hjgruixptayoxk.dll (Trojan.TDSS) -> No action taken.
c:\WINDOWS\system32\hjgruiysfrobhd.dll (Trojan.TDSS) -> No action taken.

Edit - HJT log removed ~ those cannot be processed in this forum.

Edited by rigel, 01 July 2009 - 12:48 PM.

try this...

Run RootRepeal
Click Settings - Options
Set the Disk Access Level slider in the general tab to High

Try scanning now with the settings as described above.

RootRepeal locks up initializing.
I tried to get a screen print but I have to do a hard reboot to get out of it.

One last thing to try...

Boot into safe mode and try running RootRepeal. If that does not work, we will need to move to the HJT forum. TDSS is very hard to remove.

Still locks up initializing rootrepeal in safe mode. Same low virtual memory error message.

You'll have to tell me what to do next.

You will need to post in the HJT forum...

Please follow this guide from step (6). Post a HJT log to the HJT forum and a Team member will be along to help you as soon as possible. You may wish to post a link back to this topic to see what was discussed thus far.

If you need any help with the guide, please let me know.