redirecting to other search engines

[maheshc]

 :'( OTL is getting stuck in scanning firefox settings.. same thing as before


can you guess why this problem is arising ? is it coz of virus or some of my system files are corrupted ?

[essexboy]

Could you try the quick scan with no script entered and if it sticks again - I have a tyotally different one to use

[maheshc]

same thing, even in quick scan it is getting stuck in same place.

for your reference--
   Few days ago at this same situation, you suggested to scan with DDS, later on you asked me to Download and Install Combofix

[essexboy]

Ah right - I am old so I forget things 

Could you run aswMBR and DDS then please

[maheshc]

aswMBR.TXT
DDS.TXT
attach.txt

[essexboy]

cdrom is still showing as suspicious, so I will ask for a system analysis now

Download AVPTool from Here to your desktop
 
Run the programme you have just downloaded to your desktop (it will be randomly named )
 
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan 
Once it has finished select report and post that.
 

 
Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
 
Now an analysis scan
Select the Manual Disinfection tab 
Press the Gather System Information button 
Once done Open the last report saved folder  then attach the zip file to your next post zip 
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
 

[maheshc]

Kaspersky scan report was 54 mb so i have zipped it (it was 2mb so i couldn't attach)

http://www.mediafire.com/?25e8akeko0c4yrk

avptool_sysinfo.zip for some reason Zip files can't be attached so i uploaded to mediafire.

http://www.mediafire.com/?wq03bqb3fq24hid

[essexboy]

CDrom.sys was reported OK there - what are your current problems ?

[maheshc]

i found 2 viruses when the scan finished, but i couldn't quarantine them at all. the kaspersky was popping up the message at the bottom to neutralize the viruses. what about them ? are they ok

[essexboy]

I must have missed them on the log what were the names and yes let Kaspersky neutralise them

[maheshc]

1) APART FROM THE KASPERSKY DETECTED VIRUSES, ADDITION TO THIS VIRUSES Avast ALSO pops up ANOTHER alert saying
 - "Suspicious files have been detected (using a heuristic method).
This may be a sign of malware infection. Please allow the files to be
submitted to our lab for analysis."

file name
system32\DRIVERS\1948418drv.sys


ACTION TO BE TAKEN
Ignore

I choose to ignore, coz i doubt it's a kaspersky file that avast is detecting,
----------------------------------------------------------------------

(2) The redirection to yahoo is still on.

----------------------------------------------------------------------
(3)   PLEASE FIND THE VIRUS FROM PREVIOUSLY ATTACHED KASPERSKY FILES
COZ IT WILL ALMOST TAKE 7 HOURS TO COMPLETE THE SCAN

[maheshc]

I must have missed them on the log what were the names and yes let Kaspersky neutralise them

SOME OF THEM I JUST FOUND

7/17/2011 7:39:52 PM   Detected: HEUR:Trojan.Win32.Generic   D:\System Volume Information\_restore{3B1B6CF5-05D0-4D16-85D5-769DBCF39C8D}\RP10\A0025525.dll   

7/17/2011 5:54:08 PM   Detected: Trojan.Win32.Chifrax.d   F:\BitTorrent\Microsoft Office 2007 Complete Version + CD Key.iso/Launcher.exe   

http://www.mediafire.com/?59t3pctgz1e610l

[essexboy]

\BitTorrent\Microsoft Office 2007 Complete Version + CD Key.iso/Launcher.exe 

That is where the infection came from   
 
 
 
Download MBRCheck.exe to your Desktop. Run the application.
 
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
 
If an infection is found, you will be presented with the following dialog:
 

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 

 
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

[maheshc]

Report posted below

[essexboy]

Are you still having the same problem ? As at the moment I can see no further malware.  What error do you get when you try to upload