Google Search redirect problem

Hoping someone can help me with this, since yesterday every time I try and do a google search it keeps trying to go to a different site than the one I click on. Not only that but Internet Explorer keeps opening on it’s own (in the background I guess as I can’t see the actual program) and trying to access different IP addresses. I have avast and Malwarebyes- anti malware running on my machine.

I did a scan with malwarebyes which I have attached.

Any help with this would be greatly appreciated.

Follow this guide and attach the OTS log…and save it as ANSI

http://forum.avast.com/index.php?topic=53253.0

Here it is.

Essexboy just logged off so i dont think he will reply today

he is usually in here 08:00pm - 11:59pm UK time

Thanks for the info, hopefully when he logs in tomorrow he will know how to fix this problem as it is really getting on my nerves!!! ;D

This thing seems to be getting worse by the day lol Now at least once an hour this text box pops up saying there is a problem with the windows network connection and it does a little “search” to try and find the problem. I always click on cancel because I can go on the net and everything so there is obviously no problem with my connection at all. I figure it must have something to do with this google redirect virus thing too.

Just had this alert and thought it was strange.

MBAM does that to me so I ignore it

Start OTS. Copy/Paste the information in the quotebox below into the panel where it says “Paste fix here” and then click the Run Fix button.

 
[Unregister Dlls]
[Registry - Safe List]
< FireFox Settings [Prefs.js] > -> C:\Users\student\AppData\Roaming\Mozilla\FireFox\Profiles\pyxl8re2.default\prefs.js
YN -> network.proxy.http -> "81.144.176.136"
YN -> network.proxy.http_port -> 80
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {0974BA1E-64EC-11DE-B2A5-E43756D89593} [HKLM] -> [MediaBar]
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> [AVG Safe Search]
YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} [HKLM] -> [BrowserHelper Class]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{0974BA1E-64EC-11DE-B2A5-E43756D89593}" [HKLM] -> [MediaBar]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "FBSSA" -> [C:\Program Files\SGPSA\ie3sh.exe]
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-179438791-3528224995-922619949-1000\] > -> HKEY_USERS\S-1-5-21-179438791-3528224995-922619949-1000\Software\Microsoft\Internet Explorer\Extensions\
YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"ButtonText" [HKLM] -> [Reg Error: Key error.]
YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}]
YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"Default Visible" [HKLM] -> [Reg Error: Key error.]
YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"Exec" [HKLM] -> [Reg Error: Key error.]
YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"HotIcon" [HKLM] -> [Reg Error: Key error.]
YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"Icon" [HKLM] -> [Reg Error: Key error.]
[Files/Folders - Created Within 30 Days]
NY ->  lE08601EaEaB08601 -> C:\ProgramData\lE08601EaEaB08601
[Files/Folders - Modified Within 30 Days]
NY ->  9A16.83C -> C:\Users\student\AppData\Roaming\9A16.83C
NY ->  ~24698640 -> C:\ProgramData\~24698640
NY ->  ~24698640r -> C:\ProgramData\~24698640r
NY ->  Azuzayoqanejob.dat -> C:\Users\student\AppData\Local\Azuzayoqanejob.dat
NY ->  Vnopafunan.bin -> C:\Users\student\AppData\Local\Vnopafunan.bin
[Files - No Company Name]
NY ->  ~24698640 -> C:\ProgramData\~24698640
NY ->  ~24698640r -> C:\ProgramData\~24698640r
NY ->  24698640 -> C:\ProgramData\24698640
NY ->  Azuzayoqanejob.dat -> C:\Users\student\AppData\Local\Azuzayoqanejob.dat
NY ->  Vnopafunan.bin -> C:\Users\student\AppData\Local\Vnopafunan.bin
NY ->  9A16.83C -> C:\Users\student\AppData\Roaming\9A16.83C
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
 

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.

This is no sign of malfunction, do not panic!

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the “Scan” button to start scan

http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

http://public.avast.com/~gmerek/aswMBR2.png

I tried the OTS fix but then the program froze so I had to restart. I’m going to try it again and hopefully this time it works.

YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"ButtonText" [HKLM] -> [Reg Error: Key error.] YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"Default Visible" [HKLM] -> [Reg Error: Key error.] YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"Exec" [HKLM] -> [Reg Error: Key error.] YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"HotIcon" [HKLM] -> [Reg Error: Key error.] YN -> Ž`__ø÷÷876¸µµÛÚÚhhg˜——@??íë멦¦PPOÊÅÅ,,,€ÿ\\"Icon" [HKLM] -> [Reg Error: Key error.]
It may have been because of this segment let me know if it happens again

So the fix went through but I am still having the problem. Here is the log. I am going to try the second thing you posted now.

OK the fix worked first time round ;D

The aswMBR scanner keeps freezing and never finishes. Is there any way around that or am I basically out of options?

It is now 1:10am in the UK, so essexboy won’t be back on-line until later today.

If the fix worked as essexboy suggests, are you still getting the google redirects ?
If not the aswMBR scan may not be as much of a priority.

If the redirects are still present, you could try running aswMBR.exe from safe mode.

Yes I’m still getting the redirects and all the other problems as before (prompts about windows network not working even though it is and Internet Explorer starting on it’s own in the background).

I’ll try running aswMBR in safe mode like you suggested and see if works that way.

Ok after trying to run aswMBR about a million different times in safe mode etc I have finally given up. It keeps stopping scanning on the same thing every time and no matter how long I leave it running it never finishes. I am at a loss as to what to do now so I’m hoping someone can help me here.

I’ve attached a screen shot of what aswMBR stops on so hopefully it can give someone a clue as to what’s going on.

Your system freezes during scan of C:\Windows. But this scan is ordinary AV step after MBR investigation step. So you can skip this scan by selecting “none” in AV Scan Combobox.
In this case you can finish your scan, save your log etc.

P.S. Can be several different reasons for this freezing: file system errors, hardware fault etc. But is it much better to have a clean PC before inverstigation of these reasons.

Ok so it FINALLY went though.

Yes try safe mode and let me know the result please

This was the result essexboy. It went though without having to do it in safe mode after about a million tries.