Redirect to 220.127.116.11 is a result of wdmaud.sys trojan/rootkit activity. Once infected, google results redirected you to junk/scam sites. You can see the waiting for 18.104.22.168 in the bottom of the browser. It is caused by the file C:\Windows\system32\wdmaud.sys (reported as Rootkit.Win32.Agent.fwt). The legitimate wdmaud.sys actually exists at C:\Windows\system32\drivers\. Use the free instructions below for removing the wdmaud.sys trojan/rootkit from your computer.
Use the following instructions to remove wdmaud.sys trojan/rootkit.
Step 1. Remove wdmaud.sys trojan/rootkit registry entries and files.
- Please download OTM by OldTimer from here.
- Run OTM, copy,then paste the following text in “Paste Instructions for Items to be Moved” window (under the yellow bar):
:reg [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux2"="wdmaud.drv" :files c:\windows\system32\wdmaud.sys
- Click the red Moveit! button.
- When the tool is finished, it will produce a report for you.
Step 2. Remove wdmaud.sys trojan/rootkit associated malware.
- Download Malwarebytes Anti-Malware (MBAM). The program designed to quickly detect, destroy and prevent malware, spyware, trojans.
- Once downloaded, close all programs and Windows on your computer (including this one).
- Double-click on the icon named mbam-setup.exe to install the application.
- When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- MBAM will now start scanning your computer for malware. This process may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- MBAM will now delete all of the files and registry keys and add them to the quarantine.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note: if you need help with the instructions, then post your questions in our Spyware Removal forum.