Browser redirecting randomly and computer running slow

I am using Internet Explorer and Chrome and with both browsers I'll click on a link and it will bring me to some random link other than what I clicked on. My computer is also running slower in the past weeks. I have ran through your pre-post procedures and here are the logs that have been generated. I couldn't download the combofix.exe file. It wasn't giving me the download link. I also didn't run the RootRepeal portion because I am on a 64-bit OS. Any help would be greatly appreciated. thank you

 

The final log is attached here from MGTools. Thanks again

 

Hi and welcome to Major Geeks, thebro2!

The only log you attached was MGlogs.zip

Can you retry attaching the following logs from:

• MalwareByte's Anti-Malware
• SUPERAnti-Spyware

I'd also like you to scan with these:

http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run


http://img684.imageshack.us/img684/6489/aswmbr.gif Please download aswMBR to your desktop.

• Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
• Select No when asked "Would you like to download latest Avast! virus definitions?"
• Click the [Scan] button.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

 

I apologize, I thought I included them on my initial post. Here are the scans I did prior to my initial post.

 

Hi,

No problem. Go ahead and run TDSSKiller again using the methods described in the above link with the updated version.

I am reviewing the rest of your logs now.

 

Do either of these work for you?

• http://download.bleepingcomputer.com/sUBs/ComboFix.exe
• www.geekstogo.com/forum/files/download/197-combofix-by-subs/

Try to run ComboFix once more if you can download it. Remember to save it to your desktop. Then run it from the desktop.

 

http://img850.imageshack.us/img850/4746/programsandfeatureswin7.gif From Programs and Features (via Control Panel), please uninstall the below:

• Java(TM) 6 Update 26 (outdated)

So far your logs are clean. Let's see what the other two say.

You can also download and run this: AVG Remover

http://img195.imageshack.us/img195/9049/javaz.gif Now install the current version of Sun Java from: jre-7u3-windows-x64.exe

Are you still getting redirected in your browsers?

 

Here are the new logs you requested. I also removed AVG with the remover and I updated my Sun Java. I am still getting redirected. As a matter of fact when I clicked to open my thread it brought be to some pharmaceutical site. I clicked back and re-clicked on my thread and it opened normally. This happened prior to me removing the AVG and installing the Sun Java.

 

Please uninstall Adaware if it is still installed.

This fix is mostly going to clean up your logs from AVG and Lavasoft Adaware traces. I am not seeing anything malicious just yet so if you still have problems after this ComboFix script, then run the two additional scans afterwards.

http://img194.imageshack.us/img194/4930/combofix.gif Fixing items using ComboFix
Make sure that ComboFix.exe that you downloaded while doing the READ & RUN ME is on your desktop -- but do not run it.
If it is not on your desktop, the below will not work.
Shut down your protection software now (antivirus, antispyware...etc) to avoid possible conflicts.
Open Notepad and copy/paste the text in the below code box into Notepad:

Code:

[COLOR="DarkRed"]KillAll::[/COLOR]
[COLOR="DarkRed"]ClearJavaCache::[/COLOR]
[COLOR="DarkRed"]DDS::[/COLOR]
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=nv59&r=27360710k6b6l0380z135a4951y33p
DPF: {C2F301FE-9C19-49B9-B6BD-1244DD971900} - hxxp://dvr.enview.net/dr/EnWEB20.cab
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
[COLOR="DarkRed"]Domains::[/COLOR]
[COLOR="DarkRed"]Driver::[/COLOR]
AVG Security Toolbar Service
AVGIDSEH
Avgrkx64
Avgldx64
Avgmfx64
Avgtdia
AVGIDSAgent
avgwd
AVGIDSDriver
AVGIDSFilte
[COLOR="DarkRed"]FileLook::[/COLOR]
c:\windows\system32\drivers\afd.sys
[COLOR="DarkRed"]Folder::[/COLOR]
c:\program files (x86)\Toolbar Cleaner
c:\program files (x86)\adawaretb
c:\programdata\Lavasoft
c:\program files (x86)\Lavasoft
c:\users\Julie & Steve\AppData\Roaming\AVG2012
c:\program files (x86)\AVG Secure Search
c:\program files (x86)\AVG
c:\program files (x86)\Common Files\AVG Secure Search
c:\windows\SysWow64\drivers\AVG
c:\programdata\AVG2012
[COLOR="DarkRed"]RegLock::[/COLOR]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0B75C6FCFEF39CB49B3F37FBB86726C0\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0B75C6FCFEF39CB49B3F37FBB86726C0\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\14355655CBD54D944A7518EDDF19EA2D\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\14355655CBD54D944A7518EDDF19EA2D\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\14355655CBD54D944A7518EDDF19EA2D\00002159FA0090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\1486671BCB96297499ED9F47869D2DAD\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2154EBF3EFF04B048A77A9F7181445D6\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2A62AF6226B56404CBA82C9362E6228F\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2A62AF6226B56404CBA82C9362E6228F\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\42F1E9AF3ECCEE443A80AFBF0C9085A1\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\42F1E9AF3ECCEE443A80AFBF0C9085A1\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\480585E172EFA4C45A85E0DDA5C1A470\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\480585E172EFA4C45A85E0DDA5C1A470\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5373B92A42DEB0C489CFF9D577433CF0\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\602293A26C2A2CE4BBBA9A4870DE6B25\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\602293A26C2A2CE4BBBA9A4870DE6B25\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\63EEE4D6CB801664CB08DD7F6FDAAA81\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6F949E36CB3004C50AF18C3B9B1A1EE8\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6F949E36CB3004C50AF18C3B9B1A1EE8\97230E76307FF8044BFB645BCFD807DC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\81360B5BBC01F0C458B7D0AC12FDE0BB\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\818BC40DA5B0E084DAC4217FF842FF22\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\818BC40DA5B0E084DAC4217FF842FF22\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\829A131E5CE21D944A67B52DE1268EA2\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\829A131E5CE21D944A67B52DE1268EA2\9040110900063D11C8EF10054038389C]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\829A131E5CE21D944A67B52DE1268EA2\9040150900063D11C8EF10054038389C]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\829A131E5CE21D944A67B52DE1268EA2\9040B30900063D11C8EF10054038389C]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8420370EE47FE754CA5A8ACFDD374684\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\8420370EE47FE754CA5A8ACFDD374684\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9B271454ED4348B47B365F93ADEAC015\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9B271454ED4348B47B365F93ADEAC015\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9C1D6229422D81045BFB2F8BCE017AA4\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9C1D6229422D81045BFB2F8BCE017AA4\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9D6BD49C8A516ED41BB0C0D31B0F52BC\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\9D6BD49C8A516ED41BB0C0D31B0F52BC\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\A716F840563C41244A31609B6E119F83\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AF39A8A9BA0879C4295BEABE8027C0F9\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AF39A8A9BA0879C4295BEABE8027C0F9\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\AFF9ACFD3F0B2044C8F7FA4F74080AB9\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\BCB908B9C1536D340955FC152ACC77E0\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\BCB908B9C1536D340955FC152ACC77E0\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CCFD0C0DBF1B567419D85EBA368E6341\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\CCFD0C0DBF1B567419D85EBA368E6341\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D3AFE80AA038F8147B1AB826F0BD1F16\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D3AFE80AA038F8147B1AB826F0BD1F16\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D3AFE80AA038F8147B1AB826F0BD1F16\9040110900063D11C8EF10054038389C]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D3AFE80AA038F8147B1AB826F0BD1F16\9040150900063D11C8EF10054038389C]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D3AFE80AA038F8147B1AB826F0BD1F16\9040B30900063D11C8EF10054038389C]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D4B4D10F3E41BD944BC9E10C81F96E38\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\D4B4D10F3E41BD944BC9E10C81F96E38\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\00002159FA0090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\7E577B2224C65CF4E801A9E52375DB49]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\DA42BC89BF25F5BD0AF18C3B9B1A1EE8\97230E76307FF8044BFB645BCFD807DC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\E4D28D44DAD48FB43AA96DE7637B1BB2\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F17DAFC40CE3BDA4DA5BD0E651973510\00002109020090400000000000F01FEC]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\F17DAFC40CE3BDA4DA5BD0E651973510\00002119F20000000000000000F01FEC]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
[COLOR="DarkRed"]Registry::[/COLOR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
[-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"=-
"adaware_XP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=-
"avg@toolbar"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[COLOR="DarkRed"]SecCenter::[/COLOR]
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

Save this file as CFScript.txt to your desktop. So now you should have both CFScript.txt and ComboFix.exe on your desktop.
Now use your mouse to drag CFScript.txt on top of ComboFix.exe and then release.
http://softvisia.com/users/Night_Raven/Security/cfsdnd2.gif
This will launch ComboFix.
Note: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Allow ComboFix to update itself if prompted.
When ComboFix finishes, a log will be produced at C:\ComboFix.txt
Attach this log to your next message. (How to attach)

http://img805.imageshack.us/img805/9659/rktigzy.gif Please download RogueKiller to your desktop.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
When it is finished, there will be a log on your desktop called: RKreport[1].txt
Attach RKreport[1].txt to your next message. (How to attach)

http://img205.imageshack.us/img205/1894/otl.gif Please download OTL by OldTimer.

• Save it to your desktop.
• Double click on the OTL icon on your desktop. (Vista/7 right-click and select Run as Administrator)
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  msconfig
  safebootminimal
  activex
  drivers32
  netsvcs
  /md5start
  afd.sys
  netbt.sys
  nsiproxy.sys
  svchost.exe
  tcpip.sys
  tdx.sys
  /md5stop
  %windir%\$ntuninstallkb*. /120
  %windir%\system32\*.dll /30
  %windir%\system32\*.dll /lockedfiles
  %windir%\system32\drivers\*.sys /lockedfiles
  %windir%\*.* /mp
  %windir%\*.* /rp
  %windir%\*.* /sl
  %systemdrive%\mgtools\*.*
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• Two reports will be created:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
• Attach OTL.txt to your next message. (How to attach)

 

Here are the latest scans. I didn't need to uninstall Adaware since it wasn't installed. Thanks

 

Hi, can you upload these files to VirusTotal.com?

• C:\Windows\system32\svchost.exe
• C:\Windows\SysWOW64\XAudio64.dll

Let me know the results of each please.

Thanks.

 

The svchost.exe file returns a detection ratio of 1/43 where eSafe detects it as a Win32.TrojanHorse (the thumbs up thumbs down scale sayd 83 red / 90 green)

The XAudio64.dll file returns a detection ratio of 0/43.

Thanks

 

Can you link me to the website you get redirected to? Is it always the same?

I will delete the URLs from your post once I have them.

 

Have you completed steps 1 through 3 here? Fixing Google Redirection/hijacking and other redirection problems

If not, please do this now and let me know the results.

Let me know if you are getting redirected in all browsers (IE, FireFox, Chrome, Opera, Safari, etc) or just 1 of these.

 

Yes I did the 3 steps in this post. I just re-did them to be on the safe side. Also, I am trying to get a redirect so I can give you a URL and it seems to be harder to get one. I don't want to get ahead of myself and say it has stopped but I will keep trying by browsing my usual sites and post as soon as I see something. Otherwise, I'll let you know that this might actually be resolved which would be absolutely great. Could you shed some light as to where the problem was for my curiosity. I much appreciate your time and patience. What you're doing is great!

 

Ok, good

Ok, no problem.

At this point I really do not know because the logs do not show any signs of infection.

Normally I would expect to see infected drivers or an infected Master Boot Record (MBR).

I have had you scan with some of the best tools out to detect these and they haven't found anything.

Here is something you should do as Adobe Flash Player recently updated and addressed some security vulnerabilities.

Noticed you are running an outdated version of it.

Please download and run the uninstaller from here: uninstall_flash_player_64bit.exe

Then download and install Adobe Flash Player 11.1.102.63 Final from here.

http://img195.imageshack.us/img195/9049/javaz.gif Now install the current version of Sun Java from: jre-7u3-windows-x64.exe

The pleasure is all mine

 

I updated my flash player and had already installed the latest Java based on a previous post you made. I had AVG, do you recommend I re-install it? Or do I use another antivirus? Also, do you recommend any complimentary software to run parallel to AVG for spyware etc.? Thanks

 

I do not recommend reinstalling AVG. It uses too many resources for what it is worth, IMO.

I would give Avast Free a try. Kaspersky 2012 is excellent if you wish you spend some money on an antivirus. Just remember that you only want to run one Antivirus. Using two or more will only create conflicts with your system.

SpywareBlaster is "set it and forget" type software which everyone should use IMO regardless of which Antivirus you use.
More is explained here: How to Protect yourself from malware!

___

Have the redirects stopped? If so, you can proceed below:

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no protection. They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 6 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
7. Go to add/remove programs and uninstall HijackThis if it present
8. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders
   related to MGtools and some other items from our cleaning procedures.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 7 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work through the below link:
    • How to Protect yourself from malware!

Be safe

 

After a few days of testing I haven't seen a popup. I can say that it has indeed stopped and I thank you once again for it!

I am in the process of running your final steps. I was wondering when it comes to the Firewall, has Windows 7 made any strides vs. the Windows XP SP2 that was analyzed as poor? In other words, can I rely on the Windows 7 firewall or should I run another one? If so, which do you recommend from the list? Thanks

 

I tried re-enabling disk emulation with defogger but it gives me an "Unable to open file" error??

 

Do you have disk emulation software? I didn't find any in your logs but I only know of a couple of companies that make this type of software.

I would not worry about this error if it only happened once.