I've got a user that is having repeated problems with "click jacking" on her computer. I put the name in quotes because that's the best thing I can come up with. Here's what's happening:

1. She opens either IE or Chrome and searches for something.
2. Depending on her search, the link is either correct or not. Incorrect links take her to other completely unrelated websites.
3. A search for "Michael Jordan" does not have this issue. A search for "texas tornados" does. I'm guessing that whatever is causing this is only jacking the most current topics.
4. I've run AVG for virus issues - none found.
5. I've run MalwareBytes for spyware - none found.
6. I've run Kaspersky's TDSS Killer - none found.

Anyone else experienced this? I was able to kill it a couple months ago by deleting the temp files and such from IE but that won't work this time around.

I am by far NOT AN IT GUY. But try using fire fox. Maybe?

So, it takes her to a hockey site then?

I would check the IE internet connection settings and see if a proxy is setup. Also check what the DNS settings are.

Might be worth trying Spybot S&D

It could be as simple as a toolbar. Check add / remove programs and remove any toolbars or browser search help you see. Download Autoruns from filehippo.com. Run it and look for anything that looks out of place. Specifically the logon, boot hijack, image hijack and winlogon tabs. Reset IE to defaults. Disable system restore. Start PC in safe mode and re-run your AV scans. Create a new windows profile or try logging in as a different user.

The steps above will fix 99% of malware issues like this. You can re-enable system restore once the system is clean. Most of the malware that returns, does so by hiding in system restore. When you disable it, that data is deleted.

Thanks all. I uninstalled AVG and installed Avaste and it found a few things. The computer is in Maine, so I'm waiting on the user to do a boot scan and then I'll go from there.

Check the hosts file.

c:/windows/system32/drivers/etc

A lot of viruses dump spam reroutes into there. It should only be showing local host and possibly a VPN if you have one.

Check the hosts file.

c:/windows/system32/drivers/etc

A lot of viruses dump spam reroutes into there. It should only be showing local host and possibly a VPN if you have one.

That's one of the first things I checked and it was clean. Spybot didn't find anything nor did MalwareBytes. Avast found a few things that have been quarantined. The user said it's working better now but I'm going to hop on in a while and do some more checking. I'll probably install FF and have her start using that.