Using Win XP Pro 64-bit, every once in a while in Firefox, when I attempt to go to a link or search in Google (maybe once a day), I get redirected to some spammy sites. One of the pages I got redirected to a lot is "yellowpages" and one, funnily, is "Buy Norton Antivirus!"
I believe this is affecting other things on my PC (one program gives me BSOD).
But I don't want to ask about that now, right now I'd like to fix the redirect/rootkit.
I had ran:
- Avast Antivirus (reports nothing)
- Spybot S&D (found 1 thing and fixed, but didn't fix the symptom)
- MalwareBytes' AntiMalware (reports nothing)
- Chkdsk, ran from Windows CD Recovery Console (sometimes reports clean, once it said something like "There is no volume to check" but then displayed volume information anyway, sometimes it reports there WERE errors and fixes them... a bit scary)
- Memtest (ran through 16 passes with 0 errors)
From reading the "Do these things before you post" thread, I downloaded and ran:
- MalwareBytes' AntiRootkit
Firstly, right when I run mbar.exe it said, "Could not load protection driver".
MBAR finds two things that worry me: "Rootkit.Pihar.c.MBR" and three "Forged physical sector". Using the tool to remove the errors, and restarting, and scanning again, and the problems are all back!
Another note, while AntiRootkit was actually scanning, it had TONS of entries of "Forged physical sector", but in the results it only showed three. I've attached my "system-log" along with the "mbar-log". In the "system-log" you can see how it lists TONS of "Forged physical sector", in the middle.
I have a good feeling that this is the source of my problems. Any advice is greatly appreciated.
Edited by hamluis, 20 November 2012 - 03:42 PM.
Moved from XP to Am I Infected - Hamluis.