Hijacking of search results

I am having a problem in IE 8 only when going to a search results page for either Yahoo! or Google. The search results page comes up, but if you attempt to go away from the search page (via a shortcut or the home page button), something is taking control of the browser and jumping to a random (useless) web page. No virus is detected by NOD32 and nothing serious happens other then being annoyed by the useless webpage (such as a bogus search webpage - will provide URLs in a PM). I have not hit the same useless webpage twice.

A second click to the shortcut or home page works fine.

 

create and submit sysinspector log
http://kb.eset.com/esetkb/index?page=content&id=SOLN2219

or
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

Attached as a .txt file (I don't see any other way to send, including a PM to Cudni):

I looked in IE's add on list and noticed the following:
Item: Control Name is Not Available
Name: Network License Config. DLL
Publisher: Control Name is Not Available

I disabled this add-on, restarted IE and the problem has gone away... for now.

 

I meant for you to submit the report to Eset tech support. I would still use more tool to scan that machine

 

Sorry, my bad. I have run Spybot and it found nothing. Should I run
MalwareBytes as well?

 

Yes, just in case

 

RKill, HitmanPro, TDSSKiller, MBAM (edit: run in that order starting with rkill)

usually takes care of everything I've dealt with

 

MBAM found four problems (registry and one rogue file) and cleaned them all up, a reboot was needed to completely clean things. I'll look into the other tools should I continue to have problems.

Edit: I started running MBAM before Hungry Man's post.

Thanks for the help!

 

The problem has returned. There appears to be a rootkit that has done the following:
1. Re-enabled the questionable IE8 add-on described above. I am able to go back into the addons menu and disable it.

2. Placed audiodrv32.exe and audiodrv32.dll in C:\windows\system32. The files cannot be deleted. I can rename the files, but the rootkit puts the files back in a few minutes. The files have been submitted to ESET for analysis.

3. Started a process audiodrv32.exe (attempting to End Process does not work, the process comes back immediately)

I have run ESET scans, Spybot, and the following in order as suggested by
Hungry Man:
RKill, HitmanPro, TDSSKiller, MBAM

Everything reports clean. HitmanPro won't clean anything anyway, the trial period has expired.

Any additional help is greatly appreciated.

 

ask for further help from one of dedicated malware removal sites listed
https://www.wilderssecurity.com/showpost.php?p=1533481&postcount=3

 

I have an account at BleepingComputer and will pursue there. But isn't this something that ESET should be looking into as well?

 

did you contact their tech support?