I was poking around, and noticed that both Malwarebytes and SUPERAntiSpyware were out of date, and allowed both to update. (Not sure how badly out of date their malware detection information was, I did install Malwarebytes last weekend.)
I ran a quick scan with Malwarebytes, and it found nothing. However, SUPERAntiSpyware's scan found the following:
The scan is still open, I haven't told it to remove anything, because I didn't want to do anything that might interfere with your next recommendation.
Also, one last thing. I tested Internet Explorer, and it is still redirecting. (Firefox is still working fine.) I should have tested it before, but like I mentioned, I rarely use it, and don't really trust it even when I'm not infected.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click GMER.exe.
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one) Click the image to enlarge it
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
To re-enable your Emulation drivers, double click DeFogger to run the tool.
The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Quick question. I'm trying to disable Spybot's TeaTimer per the linked instructions, but I can't find the TeaTimer entry in the System Startup section... Can I disable it via msconfig or something (provided I can find it)?
The only thing I see is the defogger_disable log, and that was only requested if an error occurred running defogger. I did notice that defogger did NOT reboot as described when it finished running... Perhaps a lengthy delay in doing so? Man, and GMER was running just fine too. (I need a banging-head-against-wall emoticon.)
Should I try running GMER again, or do I need to go through the defogger process? Or?