IE redirect, no spyware found

redirecting from what site?

is the redirect always to the same site?

what is the site you are being redirected to?

this entry looks a bit shady in the HJT log

O4 - HKCU\..\Run: [pwxrf] rundll32 "C:\Users\rreynolds\AppData\Roaming\sberes4.dll",Kdtbd

googling sberes4.dll brings up zero results - can be a sign of a virus/spyware giving a random filename

if it were me i'd move that file to another location and reboot, if all is well after a week or so the file can be safely deleted. if something is not right after the reboot boot into safe mode and restore the file.

If the redirect is always from the same site, check the hosts file.

the redirects are TO various ad sites and FROM various/random sites (all valid/frequently used sites).

sberes.dll seems to be valid...I can't find anything on sberes4.dll though....

BTW, Did you run HJT as administrator?

optoma,
I hope you have actually taken the time to use "RogueKiller" rather than just copying advice you've seen posted by others.

I always find it better to have used a product before recommending it; in case the asker has some procedural questions.

Younghv. I already have used it starting  since last week and found it ironic that yourself started posting the use of roguekiller roughly the same day !  

I've known younghv helping here at EE for years and he's not one that copy someone else's post/advice without giving credit to the original poster, while you optoma had done it a few times, :)


Haze0830,
I'd disable that startup entry that mrroonie had suggested.
Also have you tried any other scanner stated in this article? It is possible to experience a redirect on a clean PC, are you using a router?

“Google Hijack” — Google Search Gets Redirected
http://www.experts-exchange.com/Virus_and_Spyware/Latest_Threats/A_3299-Google-Hijack-Google-Search-Gets-Redirected.html

Uh huh...
http://www.experts-exchange.com/Q_26884748.html#a35128348 (03/14/11 09:37 AM)
http://www.experts-exchange.com/Q_26885516.html#a35130376 (03/14/11 01:02 PM)

http://www.experts-exchange.com/Q_26887851.html#a35139965 (03/15/11 12:43 PM)

Haze0830,
You will be best served by following the advice of 'rpggamergirl', but if you want to learn more about RogueKiller (and see what the screens look like), check out my Article here:

http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_4922.html

It will look like that here, but I honestly didn't.
I know i got cautioned recently for a repost. I must have overlooked something in the that thread but I cant recall other times.
Have fun searching if bothered :0)

<<Have fun searching if bothered :0)>>

You can ":0)" all you want, but you've been copying other Expert's advice (without attribution) since you started posting here on EE and it needs to be pointed out.

I did run RogueKiller - which reminds me a lot of ComboFix and it did find something in the TMP files. After removing that the problem has not reproduced itself. I'm still waiting for further feedback from the user. Stand by...

SUGGESTION:

IF RogueKiller doesn't resolve the issue and/or the steps to resolve get whatever; I've found Hitman Pro in Normal Mode to resolve these redirect issues very easily without having to perform additional steps.  Like yourself Haze0830; I've not experienced any success with Combofix/MBAM in regards to the redirects.

Haze0830,

Also note that in my Article a 'follow up' scan by MBAM is recommended.
Use the "Save As" function to get a clean version of the mbam...setup.exe file.

From:
http://www.experts-exchange.com/A_1940.html

Download, install, and run
Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)
When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.

please do this go in to your command prompt type netstat -b see what is running when connected to the net than after you verified what in the list isnt post to be in there try this program www.superantispyware.com its known to get out a lot of stuff out of system.

Download and run Hitman Pro: http://www.surfright.nl/en/downloads/

But keep in mind that I haven't found it helpful for much other than this particular redirect virus/rootkit, so stick to something like Avira for regular antivirus protection.

@JohnnyIT,
Please note that using "Hitman Pro" has already been recommended.

http://www.experts-exchange.com/help.jsp#hs=30&hi=416
Are there guidelines for answering questions?
Read previous posts before commenting: It is important to read the entire thread so that you know the current situation. That will keep you from posting a duplicate answer or one that has already been shown not to work. If you basically agree with another comment but have something more to add, remember to give credit for the original suggestion -- mention that Expert by name -- in your post.

Sorry about that.  I now see that BGTSLLC mentioned it.  Just missed it, that's all.

Hello

This:

O4 - HKCU\..\Run: [pwxrf] rundll32 "C:\Users\rreynolds\AppData\Roaming\sberes4.dll",Kdtbd

is malware, and will be found by RogueKiller