The problem is in relation to my mothers PC, which she runs payroll off so fixing it as quickly as possible is essential. It is running Windows XP Pro, Internet Explorer 8 and had Avira as its virus protection.
The first occurrence was on 22/3/10 when we noticed google had been hijacked and was redirecting to other sites off its links. I immediately ran a virus check with Avira which found nothing, ran HijackThis and the logfile seemed clean, so I tried to download SUPERAntiSpyware to see if that would find anything. When I went to download it I could not, as soon as the webpage loaded it was closed again with 'Internet Explorer cannot display the webpage', the same thing happened with Malwarebytes. I did manage to get SUPERAntiSpyware and Malwarebytes by downloading them onto my own PC and then transferring them via USB drive to the other, but they would not update with the newest definitions as they were being blocked as well as the download sites, even in Safe Mode.
Running SUPERAntiSpyware picked up Rogue.Agent/Gen-Nullo [DLL] and Malwarebytes found Trojan.FakeAlert but the problem persisted. I tried to use the same USB drive to copy/paste the updated versions of the programs from my PC to the other (before I even thought that this could infect my PC) and as soon as it was plugged in my Avira detected and stopped TR/Crypt.ZPACK.Gen [trojan] and Microsoft Security Essentials found Worm:Win32/Autorun.UI!inf. My PC is still fine after several more scans with all of the aforementioned programs, but the copy/paste did nothing for detecting anything else.
After this I tried a System Restore to a few days before the problem, no change though.
I'm pretty handy with computers so decided to check the registry and found a few odd entries in HKEY_LOCAL_MACHINE/Software and HKEY_CURRENT_USER/Software (I appologise beacause I didnt note down whcih was found where). There was an entry under ROUA3012PW another as S/P/FSIMWN2THI and BVRP Software/Net Medic.
Since removing those entries the problem has changed in that the computer seems faster and also the redirecting of the Google links now does not take me to a malicious website, just to an 'Internet Explorer cannot display the webpage' screen, which is a start I suppose.
I have also checked my HOSTS file and there was nothing untowards in there.
Any assistance with this problem would be greatly appreciated.
Edited by Nick504, 23 March 2010 - 08:33 PM.