win7 DNS Hijacked? I'm not exactly sure

[Spencer R]

My fiance's system has gotten some nasty malware installed. essentially every time she follows a link off of Google it redirects her to ad. On any browser. I'm not even sure where to begin after going through the basics. I've checked for suspicious services, her host file, and run ad-aware. She had let her anti-virus that came with the system expire and I never set her up with any free alternatives, slipped my mind.

Now i'm stuck, she's got files she needs on this system and I don't even know where to begin when it comes to tracking this down. Any help would be appreciated. I don't even know what are good tools for free (or reasonably priced-- we're willing to pay if it means her keeping her data) malware removal.

[farmeunit]

Malwarebytes, HijackThis, install AV (Avira is pretty good. I have recommended MSE, but see more and more people with infections with it installed)

Check the proxy setting in Internet Options->Connections->LAN settings

[Reacon]

Delete the Firefox profile to get rid of any addons. Can be found in %appdata%\Roaming\Mozilla\

Start by booting into safemode and accessing the msconfig tool if possible (type msconfig in run). If it gives you "needs admin", then try googling for a .reg file that will fix that. From there you can disable anything rogue that is starting up with the computer. Usually putting it to Diagnostic start, and then checking all Microsoft services does the trick.

Boot into normal and run HijackThis, and run it through a scanner (http://www.hijackthis.de/). Check and fix any entries that pose problems.

Then run MalwareBytes, then MSE, then Spybot Search and Destroy.

Should be clean.

[JaredFrost]

In addition I recommend running TDSSKiller

Generally I run TDSSKiller first, then MalwareBytes, Anti-Virus/etc

[Spencer R]

Malware bytes appared to do it, thanks guys. We're going to keep an eye on her network traffic the next few days and make sure nothing fishy's still going on, though

[c.grz]

I totally missed the last post but another thing to check are the DNS settings. Certain malware will replace them with bad DNS servers so legit sites are redirected.

[Roger H. Veteran]

Moved to Internet, Network & Security

[sc302 Veteran]

it is probably a rootkit. tdsskiller may work, gmer may work, sophos antirootkit, or hitman pro.

good luck. if google is redirecting I am willing to put money it is a rootkit.