I keep getting redirected

[namster10]

recently, when i click on a link after i search in google, it redirects me to random pages ive never heard of. I have to copy and paste the url for it to work. any solutions? i have attached my HJT log file

I use AVG antivirus free edition. My laptop had a virus recently and i got a proffesional to clean it. It worked for a few days, but then recently, i ve been geting fake alert stuff coming up asking for free virus scans and stuff. I also looked into a folder and saw a file called online casino. I never downloaded or went on a site like that. i have and HJT file attached. Please help me anyone.

 

[rf6647]

• Following the Guide: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions creates a common beginning for an initial assessment.
  
  
• complaining of fake alerts -
  • Without supporting logs, anything caught by HJT is used to suggest changes.
  • However, the MBAM and/or SAS logs will improve handling of this thrreat.
  
  
• Scan with HJT. Tick & Fix. Restart the computer

  O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\Naveed\LOCALS~1\Temp\a.exe
  O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\Naveed\LOCALS~1\Temp\~tmpa.exe
  
  O17 - HKLM\System\CCS\Services\Tcpip\..\{11D858EB-A02E-4CE6-B9F4-6FA714D996F3}: NameServer = 85.255.113.146,85.255.112.66
  O17 - HKLM\System\CCS\Services\Tcpip\..\{B11297A5-628C-416C-8B2C-840BA0140092}: NameServer = 85.255.113.146,85.255.112.66
  O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146,85.255.112.66
  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146,85.255.112.66

• Delete folders / files - if present - from the list inside code box
  

  C:\Program Files\tintinyproxyy\tinyproxy.exe
  C:\DOCUME~1\Naveed\LOCALS~1\Temp\a.exe
  C:\DOCUME~1\Naveed\LOCALS~1\Temp\~tmpa.exe
  C:\WINDOWS\system32\1C21MQ6Q.exe

• Post new logs if problems are still present.

This section applied to first HJT log -
HJT did not raise any flags. - O23 - tinyproxy was missed. - As a first step, power off all computers connected to your local network. Remove and restore power to router and/or the broadband modem. Re-establish computers' connection to the internet. And yes, this is based on folklore.

If that fails try to work around the malware, as follows.

Your are describing an exploit to frustrate reaching anti-malware sites. Here are methods that have been used recently. The alternative was offered by a new member.

1. Since you are discribing a case of difficulty. attempt this method (follow link for 'How To')
   • Use this method to stop any 'non-plug and play' driver that is named in this guide.
   • Please report its name for changes to the method
   
   
2. For infections that have more severe symptoms, Unable to run or update via TechSpot 8 Steps or manually run MBAM or SAS
   
   
3. Message #3 - link to 'fixit download' has demonstrated its effectiveness in many cases. Go to message # 3 'fixit download'. Part of the method renames the executable to get the application to run. Here is another member that used renaming.
   
   
4. Alternative - Web site has a link to download-dot-com - phonetic spelling used
   • There appears to be a connection with 'sagipsul' popups.
   • Read this post. from member.
   • phonetic spelling for web site
     • w.dot-simplysup.dot-com/tremover/download.html