You started this thread about 6 weeks ago. I should have closed it when you didn't reply in 5 days. I reread the early posts and it sounds like you don't know the difference between the antivirus program and a search engine. AV programs don't redirect you. You get redirected using a search engine, such as Google. You either get taken to a site not a subject of what you put in the search box, or you search, pick a site to go to but are directed somewhere else.
So you kept changing the antivirus programs because you though they was the cause of the redirects and in doing so, you left the system more vulnerable. We cannot just pick up a month later without new logs.
Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
=====================================
Uninstall ComboFix and all Backups of the files it deleted
- Click START> then RUN
- Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
=====================================
Download Combofix again from one of these locations:and save to your desktop
Link 1
Link 2
- Double click combofix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
- Query- Recovery Console image
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- .Click on Yes, to continue scanning for malware
- .If Combofix asks you to update the program, allow
- .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- .Close any open browsers.
- .Double click combofix.exe & follow the prompts to run.
- When the scan completes it will open a text window. Please paste that log in your next reply.
Notes:
1.
Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of
ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
- Extract it to a directory on your hard drive called c:\HijackThis.
- Then navigate to that directory and double-click on the hijackthis.exe file.
- When started click on the Scan button and then the Save Log button to create a log of your information.
- The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
- Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
- Come back here to this thread and paste (Ctrl+V) the log in your next reply.
NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.