I got my friend's laptop and it was infected with various pieces of malware. It is a HP laptop running Win7 Home Premium
Based on what I was intially seeing I followed the instructions at: http://www.bleepingcomputer.com/virus-removal/remove-xp-antivirus-2012
and was able to detect and remove various infections.
I then installed Avast and was able to remove a few viruses.
After more Malwarebytes runs I whittled it down to:
c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
c:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
This was sort of strange because BitMiner was detected earlier but not removed. Based on what I have been reading I am not exactly sure this has been fully removed.
I am now at the point where the machine starts up fine and things run OK, get on the network, etc. However it still has some type of redirect issue. For example if I open a new tab in IE9 it goes properly to www.yahoo.com. I can do a search for "windows update" and get proper results. However when I then click on the link for www.windowsupdate.com a new IE window opens up to an ad type of site. Other links will bring me to
www.scanerrors.com (a fairly obvious malware site). As another example I was able to go to www.sysinternals.com and download the suite but when I searched for the string "sysinternals" on Bing and clicked on the returned link I was redirected to http://18.104.22.168/search/web/Sysinternals/a35/itcg-21426/v5
which is an ad type of site.
Any ideas out there for where to go next? I would appreciate any help. Thanks, Fredonians