[Inactive] Potential Google Redirect Problem

[Lantern7]

I had rkill, and I reinstalled it. Here's what popped up:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/07/2012 at 21:45:23.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

c:\PROGRA~1\mcafee\SITEAD~1\saui.exe


Rkill completed on 03/07/2012 at 21:45:53.

[Hoov]

Did you run TDSSKiller and Malwarebytes' Anti-Malware right after without rebooting your computer?

[Lantern7]

I didn't reboot. The program didn't offer to reboot.

[Hoov]

Did you run the other two programs? If you did please post the logs.

[Lantern7]

Which programs are those? I've lost track.

[Hoov]

TDSSKiller and Malwarebytes' Anti-Malware

[Lantern7]

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.08.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: PRO [administrator]

Protection: Enabled

3/8/2012 9:23:46 PM
mbam-log-2012-03-08 (21-23-46).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226736
Time elapsed: 1 hour(s), 54 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Also, my Symantec AntiVirus Detection software picked up some stuff . . .

QUARANTINED: APQ25.tmp, APQ2A.tmp, APQ2E.tmp, APQ2F.tmp, DWHCD39.tmp, msoobe.exe.vir, oobebaln.exe.vir

CLEANED BY DELETION: APQ2B.tmp, APQ2C.tmp, APQ2D.tmp

[Hoov]

Please go to this post, http://spywarehammer.com/simplemachinesforum/index.php?topic=12590.msg112677#msg112677 and follow the instructions exactly, from the top thru the bottom.

There is a reason why we ask you to follow steps in a particular order. They are designed to be the most effective in removing malware. If the steps are not followed exactly, then malware has a chance to reconstitute itself.

[Lantern7]

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/10/2012 at  0:46:05.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

c:\PROGRA~1\mcafee\SITEAD~1\saui.exe


Rkill completed on 03/10/2012 at  0:46:38.

TDDSKiller: No threats found

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.08.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: PRO [administrator]

Protection: Enabled

3/10/2012 12:52:32 AM
mbam-log-2012-03-10 (00-52-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188053
Time elapsed: 43 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[Hoov]

Are you still being redirected? If you are then please follow the instructions below for getting the ipconfig log.

Open a command prompt (all programs > Accessories > Command Prompt) and type in
Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

[Lantern7]

Windows IP Configuration



        Host Name . . . . . . . . . . . . : PRO

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : si.rr.com



Ethernet adapter Local Area Connection 3:



        Connection-specific DNS Suffix  . : si.rr.com

        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

        Physical Address. . . . . . . . . : 00-0D-56-A8-68-FF

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 24.168.84.74

        Subnet Mask . . . . . . . . . . . : 255.255.248.0

        Default Gateway . . . . . . . . . : 24.168.80.1

        DHCP Server . . . . . . . . . . . : 10.69.64.1

        DNS Servers . . . . . . . . . . . : 209.18.47.61

                                            209.18.47.62

        Lease Obtained. . . . . . . . . . : Saturday, March 10, 2012 7:02:14 PM

        Lease Expires . . . . . . . . . . : Saturday, March 10, 2012 8:02:14 PM

[Hoov]

* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

[Lantern7]

I downloaded ComboFix.exe and ran it twice. Nothing happened the first time. The second time, I leave home to run errands. When I came back a few hours later, the laptop had been frozen for some time.

[Hoov]

I need you to reboot windows cleanly. To do that please go to the run command and type in msconfig . Once that starts, select selective startup, and then uncheck the load startup items. Now click on the services tab, and down near the bottom of the window, check the box that says Hide all Microsoft Services now go up and uncheck all the services still listed, make sure you scroll down the list if need to unselect all the non Microsoft services. Now click apply, then click OK and reboot the computer.

Now try running combofix .

Once it either runs or not, run msconfig and select normal startup then click apply then OK and reboot.

Either post the log, or let me know what happened.

[Lantern7]

Nothing happened. I tried running Combofix. First, it got blocked because Symantec was enabled. I tried to disable it, but I couldn't access it. When Combofix ran anyway, the system froze. What am I doing wrong?