Please review hjt log file.

Thanks to the posted guides, I believe I've gotten rid of a google redirection problem. However, upon further review of the hjt log file, I have some concerns with the logfile 023 items. Hopefully I can get some guidance. My concerns are the windows system files that show up in the log as file missing. I have no idea if these will cause problems and need to be addressed. Suggestions?

Thank you.

 

Aah. I see. Thanks. I believe the malware has been removed.

 

Well ....
I was just informed that the google redirection has returned. How frustrating. 2 days ago ran mbam and spybot and tdskiller. The computer currently has an up-to-date Norton package. I was just following the instructions at the thread "Fixing Google Redirection/hijacking and other redirection problems". TDSKiller found no problem. I don't know if this helps, but I've attached the mbrcheck logfile. I see that it has found some faked mbr code. Drive0 is the system/boot for this Windows7-64 machine.

 

Ok. I've gone through all the steps. I've collected the log files. I'll post regarding the results in a few hours. Bottom line is that the search engine redirection is still in control.

 

Ok...

Problem = search engine redirection from links presented in results.

I started with the READ & RUN ME FIRST which I follwed to Fixing Google Redirection/Hijacking Problems, then to Vista & Windows 7 Malware Removal/Cleaning Procedure

After going through the procedures, the problem seemed to have been eliminated. I left the computer on with the Internet Explorer Running for about 12 hours. When I checked it, the redirection problem was back (Oh no!). There was also a popup box asking permission to install something from mevio.com (uh oh), which I canceled.

This is a Windows 7 64 system.

Fixing Google Redirect - performed steps 1,2,4,5
TDSKiller did not detect any malware.
MBRCheck log attached

back to READ & RUN ME FIRST
Norton Business Suite is only antivirus program installed
No MyWay or Viewpoint installions found
I was unable to find a way to remove quarantined files
Did not find any known malware & unwanted software to remove
Ran defogger, no disk emulation present, but I clicked on Disable anyway

SUPERAntiSpyware hung 1st time. After removing checks from Direct File & Direct Reg Access, it ran completely and removed bing adware.zugo

Thanks for your help.

 

I ran the file BDRemovalTool_TDSS-Clones_64.exe
Unfortunately the scan completed with 0 files cleaned & 0 infected files.
Same issue(s) still exist.

{I like your picture,btw}

 

Ok.
I got through the GP with no problem, thanks to your explicit instructions.

However, I cannot type any windows commands because the console hasn't loaded yet.

The Recovery CD boot displays the following:
title bar = System Recovery Options
buttons = "Repair and restart" and "No"
wording = Windows found problems with your computer's startup options. Do you want to apply repairs and restart your computer?

view details:
Name: Windows 7 Professional (recovered)
path: windows
Windows Device: Partition = C:\ (286065MB)
[similar wording for the Windows Recovery Environment]

I suppose I need to do "Repair and restart", then again boot from the Recovery CD. BUT, I'm not touching a thing until you read & reply. Thanks.

 

After letting windows do the repair, I ran executed the commands you had give to me, then restarted the computer. It's up & running and does not appear to have any redirection issues. I'll monitor it and let you know. If all is well, then it will be a couple days before my next post.
Thanks.

 

@Tim
It's an external drive. see sysinfo.txt

Code:

Description	Disk drive	
Manufacturer	(Standard disk drives)	
Model	[B][COLOR="DarkRed"]WD 1600BEV External USB Device[/COLOR][/B]	
Bytes/Sector	512	
Media Loaded	Yes	
Media Type	External hard disk media	
Partitions	1	
SCSI Bus	Not Available	
SCSI Logical Unit	Not Available	
SCSI Port	Not Available	
SCSI Target ID	Not Available	
Sectors/Track	63	
Size	[B][COLOR="DarkRed"]149.05 GB[/COLOR][/B] (160,039,272,960 bytes)	
Total Cylinders	19,457	
Total Sectors	312,576,705	
Total Tracks	4,961,535	
Tracks/Cylinder	255	
Partition	Disk #2, Partition #0	
Partition Size	149.05 GB (160,039,240,704 bytes)	
Partition Starting Offset	32,256 bytes	

 

The issue has been resolved. Thanks so very much....
(Now I've just need to repair some Windows registry issues that the malware must have created.)

 

What registry issues? I would not tamper with the registry if you are not having any problems.