Another person with a the Google redirect malware.

[CGriswald309B]

Ok, I ran the Avast Boot-time Scan and it found about 7 files. Then, I did a Malaware scan. It found nothing. I logged onto the internet, searched for something and was re-directed.

I have attached the Malaware report and the OTL report.

Many, many, many thanks in advance,
Brent

[CGriswald309B]

Oops. I forgot to include the:

 %SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

I ran the OTL scan again (including the stuff above) and here are the logs.

[essexboy]

Here we go this should clear it

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B9 7E 9B 04 F1 54 5B 42 8D E1 45 58 DF 49 9C F9 [binary data]
  IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B9 7E 9B 04 F1 54 5B 42 8D E1 45 58 DF 49 9C F9 [binary data]
  IE - HKU\S-1-5-21-2682475495-1044099580-1074880462-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = B9 7E 9B 04 F1 54 5B 42 8D E1 45 58 DF 49 9C F9 [binary data]
  [2011/07/25 20:37:50 | 000,000,092 | ---- | M] () -- C:\Windows\System32\1520631473
  
  
  :Files
  ipconfig /flushdns /c
  :Reg
  [HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
  "XMLHTTP_UUID_Default"=-
  [HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
  "XMLHTTP_UUID_Default"=-
  [HKU\S-1-5-21\SOFTWARE\Microsoft\Internet Explorer\Main]
  "XMLHTTP_UUID_Default"=-
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [CREATERESTOREPOINT]
  [Reboot]

  
  
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

[CGriswald309B]

First and foremost, thanks for your help! OK, I did what you said and all was going well until I ran the Quick Scan. I got a blue screen and then I had to restart the computer (I chose the normal option). I did the quick scan the second time. I have attached the log as it exceeded the maximum allowed length. I went ahead and did a search and was once again redirected. 

[CGriswald309B]

Also, now it is redirecting me even when I am not using the Google search engine. For example, I was checking out my yahoo email account. I clicked on a link and it sent me to some strange site.

[essexboy]

OK lets now investigate the drivers

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[CGriswald309B]

The computer froze up and I couldn't acess the internet. Also, a little box that read PEV.exe has stopped working popped up. The computer restarted itself and it is now Preparing Log Report. I have to leave but I will post the ComboFix log when I return.

[essexboy]

OK when it runs ensure that Avast does not sandbox anything

[CGriswald309B]

Now I can't open any programs at all. It keeps saying:Illegal operation attempted on a registry key that has been marked for deletion. It says that for every single program. I'm typing this from my phone...I'll try to get to another computer to paste the log. Sigh.

[CGriswald309B]

So I restarted the computer and everything is fine (as far as opening the programs). Haha. Ok, here is the log report.

[CGriswald309B]

One more post before I go out for the night (I promise to check back later or tomorrow morning). I don't seem to be getting redirected.   

[essexboy]

The infection was within firefox, and I always have problems with that area - too much gobbledegook in there to make a realistic assessment

Let me know if the redirects really have gone and there are no other problems outstanding

[CGriswald309B]

Well, so far the redirects haven't popped up. I'll be sure to post back if they reappear. Once again, many, many thanks!

[essexboy]

Let me know when you are happy and I will remove my tools

[CGriswald309B]

Well, I had been using the internet all morning and performed at least 30 or 40 searches when I clicked on a link and got redirected. I've since made about 10 more and nothing. Not sure what to do...