NuclearJim

Yes both hard drives have an operable win 7. and yes the redirect shoiws up on that system also...(just found out today)

I ran Zemana and reran FRST neither found anything.....Sorry about not loading reports...but I am tired of chasing this ghost. As an aside I am running a second harddrive that contains win 7 as a operating system (as a backup for when win 7 hangs on main drive). It appears that when I run the anti-malware it is not running on the second hard drive....is that correct?

I have rerun RogueKiller (several times) and killed everything that it even suspected of malware.,......I still have redirects....I told you all it was SUPER HARDCORE

Once again thanks for the help....I know ad blockers will stop the redirects but actually killing the malware is a better solution here is text log... RogueKiller V12.11.19.0 (x64) [Oct 9 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dad [Administrator] Started from : C:\Users\Dad\Downloads\RogueKiller_portable64.exe Mode : Scan -- Date : 10/13/2017 11:38:33 (Duration : 00:23:45) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 10 ¤¤¤ [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_F02F\ControlSet001\Services\ALSysIO (\??\C:\Users\Dad\AppData\Local\Temp\ALSysIO64.sys) -> Found [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_F02F\ControlSet002\Services\ALSysIO (\??\C:\Users\Dad\AppData\Local\Temp\ALSysIO64.sys) -> Found [PUM.SearchPage] (X64) HKEY_USERS\RK_Dad_ON_D_886C\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\RK_Dad_ON_D_886C\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1832070874-2055757779-283554834-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1832070874-2055757779-283554834-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found [VT.W32.HfsAdware.1073] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_F02F\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1365B37C-6B1B-440F-B823-3E3D25673E86} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Dad\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In)|Desc=Allow BitTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found [VT.W32.HfsAdware.1073] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_F02F\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2555CD66-2784-48C1-B324-5C68134016BA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Dad\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In)|Desc=Allow BitTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found [VT.W32.HfsAdware.1073] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_F02F\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {1365B37C-6B1B-440F-B823-3E3D25673E86} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Users\Dad\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (TCP-In)|Desc=Allow BitTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found [VT.W32.HfsAdware.1073] (X64) HKEY_LOCAL_MACHINE\RK_System_ON_D_F02F\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {2555CD66-2784-48C1-B324-5C68134016BA} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Users\Dad\AppData\Roaming\BitTorrent\BitTorrent.exe|Name=BitTorrent (UDP-In)|Desc=Allow BitTorrent network traffic with Edge Traversal|Edge=TRUE| [x] -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST750LX0 03-1AC154 SCSI Disk Device +++++ --- User --- [MBR] 6269fef09f4fb84bf0672b6dccec86a1 [BSP] aab2b3909d9b2f04691fdec5d98ba69c : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 715401 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([1] Incorrect function. ) +++++ PhysicalDrive1: KINGSTON SV300S37A24 SCSI Disk Device +++++ --- User --- [MBR] 134763d7ecdb150cc03d99d165a1e007 [BSP] b6979fc48640221623139c50c36cb6e0 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 228934 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([1] Incorrect function. ) +++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. )

I did all of the steps above....but before I added adblock and Dr web I was already redirected to phishing pages.......Thank you for your help but as my post says this is something different and it is still on my system.....Ad blocker keeps it in check but it is still on my computer.....

So here is what you suggested I try...... But after doing all you suggested......Zoek removed "ublock" from chrome and I was redirected to comcast survey within 20 seconds..... Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/10/17 Scan Time: 8:42 AM Log File: Administrator: Yes -Software Information- Version: 3.1.2.1733 Components Version: 1.0.160 Update Package Version: 1.0.2986 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Dad-PC\Dad -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 352859 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 9 min, 34 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Fixlog.txt zoek-results.log

Ok so it would seem that there is still some malware on my computer.....Well NOTHING can find it..What would be next step. Here are results of Farbar scan Addition.txt FRST.txt

Ok so it would seem that there is still some malware on my computer.....Well NOTHING can find it..What would be next step.

Kevin TY for responding......I fixed my problem ...I installed ublock it looks like they were all redirects.....with NO virus on my system.......So my next question is how do they affect only one pc on my home network??

I have been working on removing a browser hijacker for over a month now. This program is super hardcore. I have been able to remove all virus and adware for decades ...since my 5 inch monochrome screen said you are stoned and had been infected from a 5 1/4 floppy disk. But this program has me BEAT and I am here asking for HELP. This hijacker (adware...ransomware?) works on both Internet Explorer and chrome....essentially every time I open a page from from home screen I get one of the comcast survey.....You've been infected ...call microsoft pop-ups/redirected page. I have run every virus/adware/ransomware/hijacker detection program and NOBODY can find it. windows 7 pro updated to today avg free up to date 2 hard drives both with a active copy of win 7 Restore system is normally turned on Programs tried AVG Norton "eraser" malwarebytes free adwcleaner Emsisot Emergency Cleaner BDantiransomware I have unenabled all extensions in browsers uninstalled and reinstalled all browsers I have also tried using system restore but that did not work also..... PLS HELP