It looks like you might have a rootkit or a modified HOSTS file. Let's first check your HOSTS file. Please attach the following file:
%SYSTEMROOT% is the location to your Windows installation. Usually it is "C:\Windows".
After posting your HOSTS file, it is a good idea to try a RootRepeal scan and report back what it finds. Be sure to follow these directions carefully.
- Download RootRepeal
- Extract the file to your Desktop and Rename the file to something random like "abcd1234.exe"
- Run the program by double-clicking on it.
- Click on the REPORT TAB at the bottom of the program. [DO NOT SKIP THIS STEP]
- Click on the SCAN Button. Check each option EXCEPT "Files". Click OK.
- After a few moments, the scan should be done and show a Report text file. Please reply with the information in this file.
Your HOSTS file is clean. Please try the next step with RootRepeal.
Your RootRepeal log only shows that you have LavaSoft Ad-Aware and PrevX installed and no other hidden software. Your problem may be caused by some other system modification. Please try the following:
Start a Command Prompt
Click Start -> Run
Type in CMD.EXE
In the Command Prompt, type the following commands and report back the response in a post. Press <ENTER> after each line.
NETSH INT IP RESET NUL
NETSH WINSOCK RESET
Restart your computer after posting the results.
To help find out what is starting up with your computer, please download and run the following tool.
Download and Run AutoRuns
- When it starts, Press <ESC> to cancel the initial scan.
- Go to the OPTIONS menu and make sure "Verify Code Signatures" AND "Hide Microsoft and Windows Entries" are checked.
- Choose the FILE menu - > Refresh.
This will scan your computer's startup locations and list them. It is done when the lower left status bar says "Ready."
You can us the FILE menu to save a file with a list of your startup items. Please attach it to your post.
It looks like you have a hijacked DNS setting. To manually remove the DNS setting follow the steps below.
Be careful not to skip any steps or delete anything by mistake as it will break your computer.
Click Start -> Run
Type in REGEDIT
Navigate to the following location:
In this registry key, there are sub keys that represent your network interface(s). The "GUID" is unique to your system. For example...
Go to each sub-key and locate the NAMESERVER entry. Double Click on it to modify and delete the bad IP address listed (like 18.104.22.168).
The change is immediate but I recommend a reboot afterwards.