Homepage being redirected

An exact message would be more useful. Sounds more like a network connection problem than spyware. How did you connect here? Was it on the same PC?

 

I assume Comcast is your ISP? What is you home page supposed to be?

Have you tried simply to Reset Web Settings and then to reset you home page?

Reset Web Settings by opening Internet Explorer. Then click Tools, Internet Options, Programs, and click the Reset Web Settings button. Then go back to the General tab and set your home page back to what you like (i.e., www.majorgeeks.com).

 

This link "http://www.comcast.net/CheckIsInNetwork " sounds like some kind of diagnostic from ComCast but it looks like it could be incomplete.

Please download HijackThis and unzip it to its own directory. Then run it and save the log file but save it as "All File types" and change the name so that it is a .txt file. Then attach it to your next message as an Attachment using the Manage Attachments button. If you do not see Manage Attachments make sure you are in the Advance mode and then scroll down.

 

Run HijackThis again and put check marks on these lines (but do not select Fix yet):
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll
O9 - Extra button: (no name) - {578FC4E3-151E-456c-AF8E-B63061EFE228}} - (no file)

Now shutdown (that means close not minimize) all Internet Explorer sessions and then click fix in HijackThis.

You need to reboot your computer and then rename this file
C:\WINDOWS\System32\IETie.dll to IETie.bad

To rename it navigate to it with Windows Explorer and then Right click on it and select rename.
Let me know if you have any problems doing this.

Tell me how things are working now.

 

Did all of the steps work okay? No problems doing any of them?

 

Let's do this:
- click Start, Run, and in the Open box enter the following and click OK:
notepad C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

Now in the notepad window hit CTRL-A to select all of the contents.
Now hit CTRL-C to copy the contents

Come back here and in a new message, hit CTRL-V to paste in the contents of your hosts file.

 

Did you get an error message about the file not being found?

 

Okay! Do it again:
- click Start, Run, and in the Open box enter the following and click OK:
notepad C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS

but copy the below into your notepad window and save the file:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost

 

Now post a new HijackThis log attachment for me.

 

Close down ALL windows. Run HijackThis and have it fix this line (make sure you do not have Internet Explorer running, in other words you cannot be still connected here when you do this):
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\System32\IETie.dll (file missing)

Now give me another HjackThis log.

 

Okay! But are you still having re-direction problems?

If so, please download and run CWShredder from here and select Fix (not Scan only).

 

If you want to use a different browser, try Mozilla Firefox.

Try downloading and running CCleaner (formerly called CrapCleaner) on this PC. Get it here
Just run it and on the Windows tab (you'll see when you run it) leave the defaults and click Run Cleaner.


I still wonder about three items:
1) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
Do you have a proxy server? Who is setting this and why does it keep coming back?
2) GhostSurf - I do not know too much about this program and whether it is good or bad. But if I search for 127.0.0.1:7212 string on the web, it seems to occur in many places where GhostSurf is installed. Can you disable this program or uninstall it and see if you problems go away.
3) Did you use SpyBot or anything else to cause these two restrictions:
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
If not, you should have HijackThis fix those two lines.

 

Okay fix those two O6 lines with HijackThis and then reboot your PC (this is necessary) and try to fix the R1 line again. By the way download the new version of HijackThis. It just came out today. Get it here: http://www.majorgeeks.com/download3155.html

 

Check your hosts file and doing the other items indicated in this thread. Even check your clock as indicated by un_commons.