Search Engine Redirecting to Red-Flagged Sites

It started last weekend where whenever I used a search engine like Google, when I clicked on a result it would redirect me to a red-flagged site. I tried running a boot time scan afterwards and though it found some infected files, it didn’t find what was causing the redirecting problem. Aside from the redirecting, nothing else seems to be wrong with my laptop.

I use Firefox and have Windows Vista.
I haven’t used my laptop since last weekend since I wasn’t sure if the redirecting was the only problem and only now have time to try and fix it. Any help will be appreciated thanks!

Please follow the instructions here: http://forum.avast.com/index.php?topic=53253.0
and attach generated logs in this post.

in Firefox go to about:config, then look for a string called keyword.url Check the content and delete it. Restart Firefox. Also check your add-ons for any suspicious extension.

edit: oops sorry my mistake, this setting only concerns awesome bar searches. Check your add-ons anyway.

Okay, running the Malwarebytes scan now.

And I checked the Add-Ons but nothing came up. Thanks for the suggestion though.

EDIT: Malwarebytes found nothing, do you want me to still post the log? Also here are the results from OTL.

Could you run aswMBR as well please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 9C F8 0E 5E 88 B4 4D 9A 8D 0D E3 AA 30 AC D4 [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 9C F8 0E 5E 88 B4 4D 9A 8D 0D E3 AA 30 AC D4 [binary data]
IE - HKU\S-1-5-21-3033589424-2580426682-4036217997-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 9C F8 0E 5E 88 B4 4D 9A 8D 0D E3 AA 30 AC D4 [binary data]
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
[2011/06/11 17:25:21 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Cassandra\AppData\Roaming\Mozilla\Firefox\Profiles\11x638l6.default\extensions\{8fb915fb-36b1-4f97-aeb2-ab14cdde1e0d}

:Reg
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-3033589424-2580426682-4036217997-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I tried running aswMBR but I got blue error screen. Is the program supposed to be ran in safemode only?

I ran the fix in OTL and am now scanning again. Will edit post with logs.

Have the redirects gone now ?

Yep, they’re gone. Thanks for the help!

OK if they have still gone tomorrow, let me know and I will remove my tools

The problem seems to be completely gone now. Thanks again.

Run OTL and press the cleanup button to remove it and the associated folders

Alright, done.