Odd redirect problem possibly unknown. definitely undetected.

Welcome to Major Geeks!

The MGlogs.zip file you attached is not a valid file. Something went wrong. Please run MGtools.exe again and make sure you attach the unmodified C:\MGlogs.zip file.

 

Per the first instructions in the READ & RUN ME, you muyst only have one antivirus installed. You have Avast and AVG 8.5 installed. You must uninstall one of these immediately.

Also you have Ad-Aware with Ad-Watch, CounterSpy, and AVG8.5 which includes antispyware protection. Having more than one realtime antispyware protection is also not recommended. You really should get rid of two of these three.

I see a driver type file that is most likely and infection and it may have some registry keys in the services area associated with it. Since we cannot use tools like ComboFix or Avenger on your 64 bits OS, we need to use other methods to find and remove associated registry keys and files. The file I'm referring to is:

C:\Documents and Settings\Administrator\Local Settings\TEMP\wdaaxlaj.sys

Also the below two new files may be related to this:
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\system32\windrv.sys

Not sure if you can simply delete these files or not. But even if you can, the wdaaxlaj.sys may just come back or may come back with a different name due to the driver.

Now download Registry Search (see the link titled RegSearch Download Link )

• Extract the files from Regsearch.zip into a folder.
• Doubleclick regsearch.exe to start the program.
• See the top 3 boxes under the Enter search strings (case independen) and click Ok... option, and enter the below two strings (use copy and past)
  • wdaaxlaj
  • windrv
• Then click "OK".
• Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
• Attach this RegSearch.txt file.

 

Not according to your logs. You cannot completely get the effects of the antivirus to be disabled. It has to be uninstalled so that services and registry keys are removed. It is also fighting with the other antivirus as to who should be in control of your security center. In general, it is a very very bad idea to ever have more than one installed.

 

Not sure if they are problems or if they are just related to something you are running. Put copies of them into a ZIP file and attach the ZIP file to your next message.

Since you have an x64 system which still has very limited support by specialty tools, we will have to check to see what else we can run. Please see if you can run any of the below and get a log to attach:

Trend Micro RootkitBuster

BitDefender RootkitUncover

Trend Micro Housecall

 

I cannot tell what those file are related to. You could just delete them. You may see similar ones reappear on a reboot. They could just be related to something that is being run.

I'm not seeing anything that needs fixing. But since no special tools really run on x64 systems, it is hard to tell if anything is hiding. You may be better off just taking the easy way out your mentioned and reinstall. However make sure that it is not an external router issue. They do get infected and sometimes need to be reset to factory settings. Also have you flushed your DNS cache and also made sure that your DNS settings are correct? Also reset the hosts file to default just to be sure it is not a problem.

 

Yes this would rule out the router being infected.

Yes this is still the best thing to do. x64 tools have not evolved too much yet and malware is just starting to try sneaky things with regards to x64 systems. Thus it is somewhat uncharted waters and a guessing game. Basically it is impossible to fix what you cannot see.

You're welcome. Surf safely.