System Info: Microsoft Windows XP Service Pack 2 (yes, I know,) Media Center Edition, 32 bit. Dell factory install. Firefox ver. 8.0.1 (with NoScript installed) is affected. I have the Windows Recovery Console installed on the drive.
Software Used: I have performed full scans with MalwareBytes (Free Edition), SuperAntiSpyware (Free Version,) HitManPro(30-day trial,) McAfee Stinger, GMER, ESET Online Scanner and Kaspersky TDSSkiller. All programs used the latest version and latest database updates. With the exception of TDSSkiller, as noted above, and ESET, which detected only the TDSSkiller quarantined copy of sptd.sys, none of these programs detected any infections or problems.
Actions Taken: Guessing that the rootkit was slain, but its damage remained, I tried to ensure Firefox wasn't being redirected by simpler means. I verified that no proxies are set for use, double-checked that my set DNS server had not been changed (I had specified specific DNS servers for use; these values were unchanged but I set it back to "automatic" to be sure,) flushed the DNS cache, cleared all cookies from the redirect destination pages from Firefox manually, and ran a Hijackthis scan to look for any registry-enabled redirects, but to my untrained eye, nothing jumped out. No uninvited add-ons or extensions have been added to Firefox, that I can tell. I do utilize Daemon Tools Lite CD emulation; I removed all virtual drives and ran the Defogger.exe application prior to all scans.
This is either the result of altered settings beyond my grasp, or a very persistent rootkit/bootkit requiring more aggressive tools. Unfortunately said tools are equivalent to hunting through the MBR with a bazooka, so I turn to those who know what they're doing.
With the exception of the TDSSkiller automated scan and Firefox cookies, I have made no alterations or deletions to my file system.
Edited by Demetrious, 06 March 2012 - 09:48 AM.