whenever I search, using either firefox or IE8, some of the links get redirected. I created a new FF profile, which seemed fine for a few hours, then began seeing redirects. The redirects don't seem to go to the same type of sites all the time. I often see a link name starting like: http://r8484549..... with different numbers in them.
I have been using the following tools:
Avast - occasionally finds something, boot time scans seem to turn up nothing
NOD32 - only reports false detections of Ultimate boot cd, which I downloaded.
ClamAV - finds a few things here an there
AVG - not much here.
INSERT LIVE CD - nothing useful there
Malwarebytes - finds something everytime. Sometimes, it reports TDSS rootkits. others not. I have scanned in safe mode as well, finding things. Right now, it's scanning and has found at least 1 item.
SuperAntiSpyware - finds things occasionally. However, the last 3 scans have only turned up cookies.
Spybot - mostly clean at this point.
various root kit utilities - none of which turned up anything, probably because of Malwarebytes removing them first.
Hijackthis log analysis seems to turn up little to nothing... everything always shows up as safe on hijackthis.de.
So, something is being really sneaky and hiding itself very well. I've not had a virus in a long time and never had this much trouble with them on other machines before *sigh*
My router's firewall is pretty much set to block everything except HTTP and HTTPS at this point. The infected Computer's firewall is on and vista is updated.
I would simply wipe this system, as I was going to soon anyway, but my data backup drive died a week or so ago! so now, I need to make sure I get all my docs/files clean before putting them on a new rig.
so HELP! Please!?
Here are my logs. Thanks for any input/help you all can provide!
I wanted to post this up quickly, but root repeal is taking more than 3 hrs. So I will post when it is complete.
I also have a hijackthis log if desired.
last note. While posting, a malwarebytes scan completed and found 1 threat: trojan.banker, in my registry. Mbam removed it.
Again, thanks for any help you all can provide!
Edited by bp787, 03 December 2009 - 01:36 PM.