Google results are redirected to random ad sites

If you are still being redirected to radom sites.  Do the following:

go to trendmicro go to feetools and download the Rootkit buster, removed the rootkits.  http://free.antivirus.com/rootkit-buster/  You will love this little app.

After the reboot, use Malwarebytes to remove the other infected files. www.malwarebytes.org/mbam.php

Also, you can check the host file, which is found in C:\windows\system32\drivers\etc, open the file called host and you will most like see a bunch os entries.  All that should be in this file is below, not if you try to save the file and can't just remove the read on attribute and if you can't see if, check the show hidden files under tools.:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

If a renamed Combofix as already suggested still won't run, redownload and rename Combofix to CF.bat prior to saving the file to your desktop.
Make sure the 'Save as Type:' is "All Files"


If the tools still won't run, run win32diag.exe and show us the resulting log. This diagnostic tool can tell us if a patched file is the culprit that blocked the tools from running.

Please download this tool and run it.
http://ad13.geekstogo.com/Win32kDiag.exe

Double-click on Win32Diag.exe to run it. Since you are using Windows Vista, please right-click and select Run As Administrator
A black command prompt window shall appear.
It will now begin to scan. This may take a while, please be paitent until the scan is complete.
Once it's done, in the black screen it will say "Finished! Press any key to exit....
A log file called Win32KDiag.txt will be created on your desktop.
Please copy and paste the contents of that log file here in your next reply please.

pankusareen,
Please take the time to read the suggestions that have already been posted.
It is extremely rude to duplicate the efforts of the other Experts.

Here's some results from earlier suggestions:

ccleaner doesn't run, even after rename
rootkit-buster crashes in mid-scan
hosts file is fine
Win32kDiag.exe starts with error and never fully opens up (ran as admin)
Malwarebytes' scans die after 3 seconds
Hijack this doesn't run

i have attached a SREngLog

U can also try to restore the computer to earlier working point
Go to start->Accessories->system tools->System restore
Choose a good working point and restore ur pc

Post result

And also flush the DNS cache
Go to run->cmd->ipconfig /flushdns

Turn Off System Restore, uninstall combofix and malwarebytes anti-malware if you've tried running them, some viruses will disable them so you can't run them again, so uninstall them for now.

Run Sophos Anti-RootKit
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

install combofix and run it

install malwarebytes anti-malware and run it

then you should be good.

everytime i run into something where malwarebytes, hijack this and combofix won't run ... sophos anti-rootkit resolves it to the point where the other tools will run.  sophos is free, but you have to make an account on their website.

I did not have restore enabled.
Sophos Anti-RootKit stops as soon as it starts to scan
Tried installing Kasperskis, but after a required reboot it is knocked out

Appreciate all the advise so far. I have tried all of them and nothing seems be be able to work. Cureit scans finish but they do not find any viruses. Any of the experts have an opinion on the log I attached?

You could try Kaspersky live bootable cd to scan your system. May help if it detects anything. If it does you may be able to run previous suggestions.
Kaspersky live cd http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

If nothing works go for a fresh clean reinstall.
Did u try the restore feature of windows?

jcutech - please read through the advice that has already been posted. There is no need for you to be posting suggestions that have already been made.

Kaspersky bootable cd scan stuck on 44% after 12 hours of scanning. Really slowed down when scanning the .eml mail files. This is second day in a row it gets slowed down on eml fiels. Still scanning. Don't think it should take 12 hours to complete 44% of the scanning...

Do you have a backup image of your system available for you to restore to? I'm NOT talking about system restore, I'm talking about an actual backup image, example like Acronis True Image or Norton Ghost?

If its still scanning let it it keep going.

You say that its the second day in a row it slows down on .eml files.
Did you try kaspersky cd already and got stuck or scan was aborted?

seduku,

Did the OTL run?
There are many nasties that have the same symptoms e.g. google results redirect, programs are blocked, or .exe blocked. Once we know what we're dealing with or if we can manage one of the scanners to run then it should be easily removed.

To rule out one particular variant, check in the system32 folder if this file is present --> logevent.dll
make sure hidden files and folders are shown, or if using Search make sure it is configured to look for hidden files and folders.

JeremySBrown: no I only have the lenovo restore CD. I don't have a back up image

rpggamergirl didn't find  logevent.dll in system32.
Yesterday I ran kaspersky boot CD but aborted it myself after 8 hours of scan. However, it did manage to find the following Trojans....
hfik.exe
bojitevi.del
towarume.del

kaspersky deleted all three, but after a reboot problem persisted.

Please try running OTL and see if it runs... have you also tried redownloading and renaming Combofix prior to saving its file?

I redownloaded and renamed combofix a long time ago and it did not work. I have not tried OLT yet and will do that as soon as Ksperski is done scanning. Amazinglu it is still at 44% after 15 hours... running very slow!

<<<"I redownloaded and renamed combofix a long time ago and it did not work">>>

You mean you already have the Combofix file there in that pc before the problem started?
It needs to be renamed before the file is in contact with the infected system...
Renaming the file once it's already in the system will not work if braviax, TDSS and other nasties that monitor the presence of any security programs, hence it has to be renamed before saving the file, before it is in contact with the system.

Yes they were renamed right as the download began so once it saved to my hard drive it was called something different. I will try it again just for good measure.

Renaming combofix prior to download didn't fix it
OLT quits moments after starting it
gmer blue screens
RootRepeal doesn't run
is the SREngLOG.log file I attached in the thread of any help?

I aborted Kaspersky boot CD-after 26 hours it was still stuck on 44%.

At this stage, you might want to backup all of your information you want to save and reload Windows with your restore CD that you have. Let's wait and see if any other experts have a solution for you to try before you do that, of course this would be the last resort.

younghv -- i did read through the other posted advice, and no one suggested sophos anti-rootkit

Still no luck huh?

Did you try fixing the .exe file associations using SREng? not that it will make any difference if the malware is active it will mess it up again.

In SREng, Boot Items > Registry > can you see what's the data under these values "load" and "run", just curious if it's empty or hidden.
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
   <load><>  [N/A]
   <run><>  [N/A]

You can also delete the "Win32Update" service/Driver, the file is already missing.
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]
   <Win32Update><C:\Users\ItsMe\AppData\Local\Temp\216.exe>  [File is missing]

I'm not familiar with SREng.
The log showed so many entries like the one below which I find suspicious.... very similar to a new infection that patched system file which usually shows up in Gmer, RootRepeal and Win32Diag.exe.

[\\?\globalroot\Device\__max++>\80E9F39B.x86.dll]  [N/A, ]



Also try renaming the RootRepeal to svchost.exe(not any other generic name).. or svchost.com
Also changing Combofix extension to a .com instead.

Do the same thing with OTL change it to OTL.com


Since some executables are able run hoepfully we'll find a program it doesn't target and will be able to help.

Download avz4.zip from here http://z-oleg.com/avz4.zip
Unzip it to your desktop to a folder named avz4

1. Double click on AVZ.exe to run it.
2. Run an update by clicking the Auto Update button on the Right of the Log window:  
3. Click Start to begin the update

Note: If you receive an error message, chose a different source, then click Start again

After the update,
4. from the "File" menu, choose "Standard Scripts"
5. Put a check next to item 2: Advanced System Analysis
6. Click "Execute selected scripts"
7. At the next prompt, click the Yes button

8. Let the scan run and click "OK" when the completion prompt pops up
9. Now Close out of the Standard Scripts window, and exit AVZ
10. Navigate to the avz4 folder and locate the folder LOG

Inside the LOG folder you will find virusinfo_syscheck.htm, virusinfo_syscheck.xml and virusinfo_syscheck.zip
Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

optoma: trying your suggestion and it seemes to have made it past 44%. this morning it is at 46% and seems to be scanning files without being stuck. Keeing fingers crosses it will be done by the time I get home today.

rpggamergirl: I will try your suggestions this evening hopefully...

***NEWS***
Kasperski had muddled it's way to 82% (after 18 hours of scanning) and had detected and deleted several nasties that were preventing the detection tools from running. After a reboot, scanners are running for the first time. Running Malwarebytes and a few others, system getting healtier with every scan. sincere thanks for all the suggestions!!!