It seems to affect Firefox, IE, Chrome and Safari.
The reason? Because you do the searches from within the browser. And since these are all browsers, it is reasonable to think the redirect affects all of them>> not always, nor all of the time- just 'reasonable.'
It looks like you did 4 Eset scans: For these:
1. # local_time=2009-11-15 08:11:03 (-0600, Central Standard Time)
C:\Documents and Settings\Mitchell\Application Data\Sun\Java\Deployment\cachea variant of Java/TrojanDownloader.OpenStream.NAD Trojan (deleted - quarantined)
Go to the Control Panel> Java> Temporary internet files tab> Settings> Delete files.
# utc_time=2009-11-17 08:09:22>>> 1/1
# local_time=2009-11-17 02:09:22 (-0600, Central Standard Time)
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.PY virus (deleted - quarantined)
Qoobox is the folder that Combofix places the quarantines. To remove:
Uninstall ComboFix.exe And all Backups of the files it deleted
- Click START> then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
I did work for Target HQ and used home computer to access work files.
If this is no longer the case, I recommend that you remove the following:
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = nic.target.com,tgt.com,dist.target.com,stores.target.com,hq.target.com,target.com
Empty the Recycle Bin
Malware is not the reason you're slow in startups or rebooting. That appears to be due to a system problem. You do have some extra startups, but not enough to cause this. To troubleshoot this:
Click on Start> Run> type in
msconfig> enter> Selective Startup> Startup tab> Uncheck everything except the McAfee processes and any that are
necessary for your network activity> Apply> OK.
NOTE: the first time you reboot after making changes using msconfig, you'll get a nag message that you can ignore and close after checking 'don't show this message again.' Stay in Selective Startup.
The loading of Special processes such as:
DisplayKEY eSYNC> Real Estate update
GE Security Supra\ProxyDaemon.exe
SSL\stunnel-4.10.exe
Dell Server Administrator Daemon
can add to the Start time
As can the Services set to start automatically can: There are currently 28 Services showing running.
7 of these are for McAfee
5 Are Roxio 'share' related
2 belong to the Cisco Secure Services Client (SSC)
So figure McAfee and the CheckPoint (Cisco) Services need to have automatic startup. That would mean 19 of those Services could be reset to Manual Startup type to only start when needed.
Please
delete current Eset logs and rescan to make sure those entries are gone. Please post the log.
When we know the system is clean, I'll have you remove the cleaning tools and set a new, clean restore point.