Redirected when browsing Google

Why are you attaching multiple logs? You are only supposed to be running scans once.

In multiple locations in the procedures, you were informed about this and that protection software must be disable due to their inability to properly detect ComboFix and also many time MGtools as legit programs. In fact in the instructions for downloading combofix, we even said the below which specifically mentions McAfee which you are using:

You need to disable McAfee and run ComboFix. Also make sure that you truly have disabled your disk emulation software because your MGtools logs shows that it is still running and may be causing it to look like you have a Master Boot Record infection.


Now download TDSSKiller from Kaspersky to your directly onto your Desktop

• Now double click the TDSSkiller.exe file to run it ( if using Vista or Windows 7 do not double click on it but rather, right click and select Run As Administrartor. )
• Allow the application to run if prompted by Windows or any security programs you have installed
• It will start the scan and run rather quickly and will notify you of whether anything is found or not.
• Follow the instructions to delete/quarantine if asks you what to do when if finds something.
• Whether an infection is found or not, a log file should be created on your C: drive ( or whatever drive you boot from) in the root folder named something like TDSSKiller.2.1.1_27.12.2009_14.17.04_log.txt which is based on the program version # and date and time run. Please attach this log to your next reply. (See:
  HOW TO: Attach Items To Your Post )

 

What exactly happens when you try to run it? Can you run ComboFix in safe boot mode?

Did you run TDSSkiller yet as requested?

 

Good! We have a little more to do.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now. If you don's find these lines anymore, just close HijackThis and continue with the next instructions.

O4 - HKUS\S-1-5-18\..\Run: [Gzositozo] rundll32.exe "C:\WINDOWS\HOGimsec.dll",Startup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Gzositozo] rundll32.exe "C:\WINDOWS\HOGimsec.dll",Startup (User 'Default user')

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!