Hi, I've lurked for years but I work at a small MSP with a retail storefront. I'm a on-site server/networking guy but I'm covering for the in-store service technician position while we hire a replacement. I've got a couple PCs on the bench that I cannot stop the Internet Explorer from opening an amazonaws compute instance that redirects to http://search.searchbulls.com as the first homepage. So far I've done the following with this systems:
Boot into Safe Mode with Networking
- Run full TRON script from https://www.reddit.com/r/TronScript/comments/3coyyp/tron_v639_20150709_adobe_flash_update_subtool/
- Run Malwarebytes Anti-Malware
- Run ADWCleaner
- Run ESET NOD32 Full Scan
- Run and examine HiJackThis logs (cannot find entry that would be causing the behavior)
- Run and examine AUTORUNS logs (cannot find entry that would be causing the behavior)
- Check HOSTS and LMHOSTS files
- Run Hitman Pro
- Remove extensions from Firefox, Chrome, and Opera
- Perform full reset on Internet Explorer 11
- Search registry for any entries referring to amazonaws or searchbulls (none found)
After this all browsers work wonderfully except for Internet Explorer, which works fine and no longer redirects search results EXCEPT for the fact that the FIRST homepage always opens up an amazonaws which redirects to search.searchbulls.com. Additional homepages open fine upon launching IE. No matter what I set the first homepage to, it will always end up at search.searchbulls.com.
At this point I'm stumped, anyone have any insight into this particular issue? Let me know if you need some FARBAR logs or anything else.
Any help is greatly appreciated!