Google redirecting and opening new IE

Welcome to Major Geeks!

No you are not running Windows ME. You are running Windows XP. The tools you mentioned would not run on Windows ME.

You need to attach the requested log from MGtools. Then click the link below and run TDSSkiller and then attach the log. If it detects any problems, make sure that you immediately reboot ( even before coming here to attach any log ).

TDSSkiller - How to run

Why did you attach that last log? It is not something we requested not do we need it.

 

We need additional logs from a couple tools including a new MGtools like that have been obtained after TDSSkiller was run so let's do the below.

First you must disable Spybot's Teatimer as requested in the READ & RUN ME. See this: How to disable Spybot's TeaTimer

You also have Symantec leftovers which need to be removed. Please run the below then reboot.

Norton Removal Tool (SymNRT)

Now run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - S-1-5-18 Startup: edyl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: edyl.exe (User 'Default user')
O4 - .DEFAULT User Startup: edyl.exe (User 'Default user')
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

See my previous instructions which said:

That is how you get the new log.

 

Thank you.


You did not disable Teatimer as requested and it may have blocked the fixing of the below:

O4 - S-1-5-18 Startup: edyl.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: edyl.exe (User 'Default user')
O4 - .DEFAULT User Startup: edyl.exe (User 'Default user')

Disable Teatimer and try again and then attach a new log after running GetLogs.bat

 

Those items are still not getting fixed. Please download the current version of combofix.exe to your Desktop and try running it now as per original instructions in the READ & RUN ME. Attach the log if it runs. Make sure you shut down protection software before trying to run it.


Also, please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  Code:

  :regfind
  edyl.exe 

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. You can just close this notepad window since the log is already saved on your Desktop. Be patient! It may look like it is not doing anything, but it takes awhile for this to scan thru your whole system look for matches.
• Please attach the SystemLook.txt log found on your Desktop to next reply.

 

Well since things are running good, it would seem we should quit, but I just want to be sure that the edyl.exe file does not exist. Let's try 2 more things.

First run SystemLook again with the below instructions:

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  Code:

  :filefind
  edyl.exe

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. You can just close this notepad window since the log is already saved on your Desktop. Be patient! It may look like it is not doing anything, but it takes awhile for this to scan thru your whole system look for matches.
• Please attach the SystemLook.txt log found on your Desktop to next reply.

Now reboot your PC into safe mode and see if you can complete a ComboFix scan in safe mode. Make sure protection software is shutdown before running ComboFix.

The reboot into normal mode and attach the new SystemLook log and the log from ComboFix if it worked.