BleepingComputer.com: Google Redirect and Alureon?

Hello, I am new to the forums and a pretty average computer user so I appreciate your patience in advance! So, I have come upon some sort of redirect virus, redirecting most pages I try and access through search engines (mainly Google).

This all began one day when Microsoft Security Essentials Detected a threat. Some sort of Alureon virus, so I jsut did the normal procedure with that and tried to remove it but my computer just started freaking out with error messages nonstop. I rebooted and went into safe mode and this virus had hidden all my documents and programs. I didnt feel like dealing with this virus so I just did a system recovery (Thinkvantage on lenovo system). The problem seemed to go away until I used google, this is where I discovered the google redirect problem. I also have other problems, such as not being able to eject USB devices, and sound clips through my speakers. These sound clips stop as soon as I end the iexplorer.exe process in task manager.

I tried full scans with Security Essentials but it found nothing. I tried malwarebytes but it only found cookies, which I removed. I tried Spybot S&D which found some adware, mostly cookies again. When I scan with each of these again they pretty much come up with the same results. I also tried tdsskiller after reading this could be a rootkit, but my system would not allow it to open. Now I am here...

I have tried to run DDS and GMER but neither of them would work properly. Additional information below.

DDS

When DDS runs, pound keys run across the command window until a certain point where it stops. After about 3 minutes of run time my computer freezes and I cannot access anything until I reboot. I have left it frozen just to check if it would start up again but it did not. I was not able to obtain logs for this program.

GMER

When double clicking to run GMER I get this error message before it opens...

"LoadDriver("C:\DOCUME~1\DAN~1.DAN\LOCALS~1\Temp\pgeyqkob.sys") error 0xC000010E: Cannot create a stable subkey under a volatile parent key."

After opening, it does some initializing and then has all of the settings' boxes grayed out exept for Services, Registry, Files, C:\, and ADS.

Runs and only ends up with two lines of results. I have attached those results as instructed.


Thank you in advance for your help, and I appreciate the time and effort from you guys!

This post has been edited by dclarke2191: 30 November 2011 - 12:30 PM

Hello dclarke2191 and welcome to Bleeping Computer!

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
  
• If an infected file is detected, the default action will be Cure, click on Continue
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  
  
• If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

• TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

• TDSSKiller report
  
• C:\ComboFix.txt
  
• checkup.txt

How is your computer running now?