Another person with a the Google redirect malware.

[essexboy]

OK time to check the MBR

Download aswMBR.exe ( 1.8mb ) to your desktop.
 
Double click the aswMBR.exe to run it
 
Click the "Scan" button to start scan
 
 
On completion of the scan click save log, save it to your desktop and post in your next reply

[CGriswald309B]

Should I close all programs and disable my anti-virus before running it?

[Asyn]

Should I close all programs and disable my anti-virus before running it?

Not needed.

[CGriswald309B]

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-07-30 18:52:42
-----------------------------
18:52:42.157    OS Version: Windows 6.0.6002 Service Pack 2
18:52:42.157    Number of processors: 2 586 0xF0A
18:52:42.157    ComputerName: BRENTPC  UserName: Barbara
18:52:48.693    Initialize success
18:52:49.785    AVAST engine defs: 11073001
18:52:52.500    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
18:52:52.500    Disk 0 Vendor: TOSHIBA_ DL02 Size: 152627MB BusType: 3
18:52:52.500    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000005d
18:52:52.500    Disk 1 Vendor: (  Size: 152627MB BusType: 0
18:52:52.500    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000005e
18:52:52.515    Disk 2 Vendor: (  Size: 152627MB BusType: 0
18:52:52.531    Disk 0 MBR read successfully
18:52:52.531    Disk 0 MBR scan
18:52:52.546    Disk 0 Windows VISTA default MBR code
18:52:52.546    Disk 0 scanning sectors +312579760
18:52:52.624    Disk 0 scanning C:\Windows\system32\drivers
18:53:12.031    Service scanning
18:53:17.271    Modules scanning
18:53:48.424    Disk 0 trace - called modules:
18:53:48.455    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
18:53:48.455    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8651dac8]
18:53:48.471    3 CLASSPNP.SYS[88da08b3] -> nt!IofCallDriver -> [0x85a0b768]
18:53:48.471    5 acpi.sys[8069f6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85a15030]
18:53:49.719    AVAST engine scan C:\Windows
18:53:55.663    AVAST engine scan C:\Windows\system32
18:56:20.696    AVAST engine scan C:\Windows\system32\drivers
18:56:31.397    AVAST engine scan C:\Users\Barbara
19:04:21.638    Disk 0 MBR has been saved successfully to "C:\Users\Barbara\Desktop\MBR.dat"
19:04:21.716    The log file has been saved successfully to "C:\Users\Barbara\Desktop\aswMBR.txt"
19:04:48.137    AVAST engine scan C:\ProgramData
19:07:48.723    Scan finished successfully
19:09:05.428    Disk 0 MBR has been saved successfully to "C:\Users\Barbara\Desktop\MBR.dat"
19:09:05.444    The log file has been saved successfully to "C:\Users\Barbara\Desktop\aswMBR.txt"

[essexboy]

Is this redirect continuous, or restricted to just one site ?

[CGriswald309B]

It happened that one time. It hasn't happened since (and I've been online and using the search function a lot) but it was continuous.

[essexboy]

So it was just one site ?

Run for a day or so and if it doesn't recur I will remove my tools

[CGriswald309B]

Will do. Thanks again!

[CGriswald309B]

It happened twice in the past 10 minutes. Once I was checking my email on hotmail and the other time I was checking my yahoo account. Both times it redirected me to some odd yahoo search engine site.

The weird thing is I've been online all day and used the search function numerous time. 

[CGriswald309B]

So it seems it is redirecting me but not when I use the search function. It just happens when I click on a link. Strange.

[essexboy]

Could you post a link where this happens but use HXXP instead of HTTP so it is not clickable

[CGriswald309B]

If/when it happens I sure will. Thanks.

[CGriswald309B]

Nothing so far. Thank you, thank you, thank you for all of your help   

[essexboy]

Let me know tomorrow if all is well and I will remove my tools

[CGriswald309B]

Everything seems to be fine. Thank you, thank you, thank you!!!