So sometime in the 5 minutes between reformatting my PC with a 100% clean XP+SP3 install and sticking AVG on, I seem to have contracted a virus that randomly redirects Google search results to malware-heavy websites or "sponsored" sites that have nothing to do with my original search.

I've installed AVG Free, SuperAntiSpyware and Spybot-SD, and none of them have been able to track down and eradicate the source of the problem.

Anyone else come across this? If so, any tips for nuking the fucker? It's not particularly malicious, but it's damned annoying having to back out of (on average) one out of every 3 Google search results and try again.

Start with HijackThis (http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html), run it and post the log here.

Log attached - any idea what I should be looking for?

Essentially you are looking for things that don't belong. I don't use AVG so I'm not sure if thats the normal entries for it or not. But at first glance nothing looks suspicious here.

I would probably try tcpview and see if anything suspicious is happening(lots of connections opening or listening when you don't have any other windows open).

I would also try resetting winsock, here is a handy utility for that and other problematic things.

http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

DP - Daft question time.

Are you running these scans with System Restore turned off on all drives and also in Safe Mode?.

I've run them in Safe Mode, but not with System Restore off. I'll have another go later in the week when I've got a bit more time on my hands - each scan takes up to an hour..!

I had the same thing happen, NOTHING helped but reformatting. I tried every single antivirus known to man. Hell, it wouldnt let me use norton, trendmicro or avg-kinda like conflicker

DP - Daft question time.

Are you running these scans with System Restore turned off on all drives and also in Safe Mode?.

^ This.

My girlfriend's laptop was blighted with bugs which we couldn't shift. Someone suggested turning off system restore before doing it, so we gave it a try and it fixed everything on the next scan. Definately worth trying.

Also, under an hour? Consider yourself lucky mate, mine clocks in around 3-4 hours usually.

Yeah, that's what I was getting at m8.

99.9% of spyware/malware etc will bury itself in the restore volume of the OS. You have to switch off system restore on your drives and then scan in safe mode. Otherwise, a lot of the time the scan in safe mode may well come up trumps and get rid of the offending article but as soon as you reboot it leaps out of the restore volume and you are back to square one again.

FWIW I have system restore turned off and it didnt help me at all.

No joy - SysRestore off, Safe mode; complete system scans with Malwarebytes, Spybot S&D, AVG Free and SUPERAntiSpyware all came up empty. Bahhhhhhh. Really cannot be arsed to format this piece of crap all over again.

Use TCPview (http://live.sysinternals.com/Tcpview.exe). Run it with the rest of your windows closed, and look for remote addresses that aren't "localhost:numbershere". Some legitimate ones will be your antivirus, messenger services, etc. Other stuff, right click and hit 'process properties'. If you can identify where its being executed from, might help to identify it for more research.

DP, are any of the scans actually finding anything and reporting its filename or are the scans just coming up clean after running them?.

Also, ditch AVG Free as its detection rates are nowhere near as good as they should be.

Try avast! Anti Virus, the free home one.

And give A-squared Free Edition a go to :-

http://www.emsisoft.com/en/software/free/

Although I'm surprised Super Anti Spyware hasn't picked anything up, it's usually pretty decent.