It doesn't matter if I use internet explorer or firefox, google, yahoo, msn, ask.com.... something is trying to redirect my search. After a redirect or two, it goes ahead and lets me surf in Internet Explorer. In firefox, ocasionally I get a message like the one in the screenshot attachment. I have tried malwarebytes, superantispyware, lavasoft, and of course, mcafee. I sure hope someone can help me.
Solved! Go to Solution.
Cause: A Rootkit (TDSS family) that modified a storage system file (iaStor.sys).
Detection: GMER showed random device name associated with this driver. A binary file comparison of a clean file versus the file installed showed differences.
Solution: The Windows Recovery Console (Windows Install CD) was installed. The user replaced the bad file with a backup clean copy provided by the computer manufacturer.Message was edited by: Mark (secured2k) on 11/15/09 7:00 PM
It looks like you might have a rootkit or a modified HOSTS file. Let's first check your HOSTS file. Please attach the following file:
%SYSTEMROOT% is the location to your Windows installation. Usually it is "C:\Windows".
After posting your HOSTS file, it is a good idea to try a RootRepeal scan and report back what it finds. Be sure to follow these directions carefully.
Your RootRepeal log only shows that you have LavaSoft Ad-Aware and PrevX installed and no other hidden software. Your problem may be caused by some other system modification. Please try the following:
Start a Command Prompt
Click Start -> Run
Type in CMD.EXE
In the Command Prompt, type the following commands and report back the response in a post. Press <ENTER> after each line.
NETSH INT IP RESET NUL
NETSH WINSOCK RESET
Restart your computer after posting the results.
To help find out what is starting up with your computer, please download and run the following tool.
Download and Run AutoRuns
This will scan your computer's startup locations and list them. It is done when the lower left status bar says "Ready."
You can us the FILE menu to save a file with a list of your startup items. Please attach it to your post.
After looking through your RootRepeal and Autoruns logs, I cannot see any signs of viruses or rootkits hidden on your system that are actively hijacking your connection. The only other possibilities are an extremely new and advanced root or boot kit that RootRepeal cannot see or there is some left over modification to your system. If you haven't restarted your computer yet, please reboot it. Also, make sure your Internet Explorer Proxy settings are clear (steps below).
Click Start -> Run
Type in INETCPL.CPL
Go to the CONNECTIONS tab.
Click on the LAN SETTINGS button.
Make sure the "Use Proxy Server..." option is UNCHECKED.
Are you able to reproduce any of your issues after all of these steps have been completed (after reboot)?
Use Proxy server is unchecked. I have rebooted several times. I have checked both IE and firefox. Firefox is worse, so I uninstalled it. IE will sometimes take me straight where I want to go. Other times, it will still hijack me on the first click from a search engine. I have rechecked both yahoo and google. Thank you for your patience.