I ran several AV tools and one of them -- I think it was SuperAntiSpyware -- detected and removed hiloti. However, the problem did not go away, and we got a new problem, the BSOD with the following message:
*** STOP: 0x0000007E (0xC0000005, 0xBA1DA49D, 0xBA5070670, 0xBA50736C)
*** BusRMUSC.sys: Address BA1DA49D base at BA1D8000, DateStamp 465ce32a
This has occurred twice; once during a run of GMER, once during some other stuff, word processing I think. I killed several processes that I didn't need at the moment and it didn't happen again, so I think the timing during GMER was just a coincidence.
Anyway, I ran ComboFix (I know, I wasn't asked to, but I am an IT Professional and therefore impervious to consequences :-) -- or more precisely, I hadn't read all the instructions yet). It quarantined several files. We have not seen the redirect recur since, but we haven't done enough web browsing to feel any statistical certainty that it is indeed solved, and the crash occurred once after the ComboFix run, so there's still at least one problem.
So I ran a full backup, followed the instructions in your guide, and the relevant files are attached. My questions are:
- Do I still have a virus, can you tell?
- How would I fix the BSOD?
- If answer to previous question is "reinstall the OS from the CD," is there a way to do that without wiping out all my files and other programs? The documentation on the restore function is a little unclear on this point.
Edit: Moved topic from XP to the more appropriate forum. ~ Animal