Here is the Kaspersky scan.

Well, the laptop is clean,

lets clean up the laptop then look at the desktop.

Please do the following:

Follow these steps to uninstall Combofix

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

NEXT

Now to remove the rest of the tools that we have used in fixing your machine:

• Make sure you have an Internet Connection.
• Download OTC to your desktop and run it
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
• Click Yes to begin the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Now please run the DDS and GMER scans on the desktop

Actually for some reason I still do have that problem. I get a "Please wait a few second while browser redirects you..." message when I clicked on a google result, and textdating.ca shows up again... Arghhh... :S.

I first clicked on the first result (which is legit):



It's supposed to show like this:



BUT instead I got redirected:



And I ended up with this:




Seems like a malware has "deep stealth capabilities". Your take is much appreciated!!!

Hi,

does this redirection also happen when you use I.E. or is it just happening in firefox?

If it is happening in both IE as well as FF then please run this program:

If it only happens in FF then report back and don't run the program

we will need to reset your hosts file

Please download HostsXpert

• Unzip HostsXpert to it's own folder in a convenient place such as C:\HostsXpert
• Run: HostsXpert.exe
• Click: Make Writable? in the upper left corner.
• Click: Restore MS Hosts File
• Click: Replace
• Click: OK
• Click: Make ReadOnly
• Close HostsXpert.

It happens in both IE and Firefox. After using HostsXpert what shall I do?

that will reset your hosts file and should stop the redirects....let me know

Everything seems to be working normally now (at this point, that is... I understand I am not fully convinced until my google searches are normal for at least 2 days. ).

OK good,

Use that one as normal and advise after a couple of days how it it - meantime run the DDS and GMER programs on the desktop and lets see whats going on with that one.

For some reason my desktop is not able to connect to the internet and I get really LONG shutting down status when I shut down the computer. This computer is slower than usual, and my flash drive is not recognised when I tried transferring the DDR and GMER files (no USB drive shows up under the My Computer menu). Something is really wrong here

Can you log onto the desktop in safemode with networking?

check if the USB is recognized in safemode.



Do you have HJT already installed on the desktop? If so, scan and post a HJT log.

Check proxy settings for the desktop to see if that will restore internet access. Do you have a router?

• Go to Start > Control Panel, and choose Network Connections.
• Right click on your default connection, usually Local Area Connection for cable and DSL or Dial-up Connection if you are using Dial-up, and choose Properties.
• Click the Networking tab
• Double-click on the Internet Protocol (TCP/IP) item.
• Write down the settings in case you should need to change them back.
• Select the radio button that says "Obtain DNS servers automatically".
• Click OK twice to get out of the properties screen and restart your computer.
• If not prompted to reboot go ahead and reboot manually.

In I.E.

• Check internet options settings.
• Tools > Internet Options > Connections
• LAN settings
• Choose "automatically detect settings"
• uncheck both proxy settings boxes

In FireFox

• Click on Advanced -> Network -> Setttings…
• the No Proxy option should be selected

If that makes no difference try the following:

Refresh the network connection:


Go to Start->Run->Type CMD and click Ok.
The MSDOS Window will be displayed.
At the command prompt, type the following commands and press Enter after each line:

ipconfig /flushdns (The space between g and / is needed)
regsvr32 netshell.dll
regsvr32 netcfgx.dll
regsvr32 netman.dll

Exit

Restart the computer.

What is the keyboard shortcut for logging in to Safe Mode w/Networking?? Since I am using a wireless adapter, there are no lights showing up either when I turn on the computer.

I tried finding HJT on my computer but it doesn't show up. I remember clearly never touching it again (meaning it's supposed to be there) from the last time I got a big headache from another disaster.

And BTW, I still am getting redirects on my laptop, but this time no loading message. Simply when I click on a website, I get redirected to another site. Could I be hijacked??

To Enter Safemode

• Go to Start> Shut off your Computer> Restart
• As the computer starts to boot-up, Tap the F8 KEY repeatedly,
• this will bring up a menu.
• Use the Up and Down Arrow Keys to scroll up to Safemode
• Then press the Enter Key on your Keyboard
• go into your usual account

Hi,

Run this program on the laptop:

Download and scan with SUPERAntiSpyware
Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  
  Close browsers before scanning
  Scan for tracking cookies.
  Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen and exit the program.
• Now reboot into Safe Mode: How to enter safe mode
• Using the F8 Method
• Restart your computer.
• When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with an Advanced Options menu.
• Select the option for Safe Mode using the arrow keys.
• Then press enter on your keyboard to boot into Safe Mode.
• Perform the scan...Launch the program
  
  
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  
  To retrieve the removal information after reboot, launch SUPERAntispyware again.

• Click Preferences, then click the Statistics/Logs tab.
• Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
• If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
• Please copy and paste the Scan Log results in your next reply.

• Click Close to exit the program.