This forum requires Javascript to be enabled for posting content
The title pretty much says it all. Upon clicking on a search result I am directed to some other page.
I have run HiJackThis.
Results:
Scan saved at 12:54:19 PM, on 8/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSandboxieSbieSvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSExplorer.EXE
C:Program FilesLavasoftAd-AwareAAWService.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAviraAntiVir Desktopsched.exe
C:Program FilesAviraAntiVir Desktopavguard.exe
C:WINDOWSSYSTEM32astsrv.exe
C:Program FilesEASEUSTodo BackupbinAgent.exe
C:Program FilesAviraAntiVir Desktopavshadow.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesLinksysWireless-B PCI AdapterNICServ.exe
C:Program FilesMacriumReflectReflectService.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesEASEUSTodo BackupbinEuWatch.exe
C:Program FilesEASEUSTodo BackupbinTrayNotify.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesRocketDockRocketDock.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesIconoidiconoid.exe
C:Program FilesWinstepNexus.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesPhilipsVOIP080VOIP080.exe
C:Program FilesLinksysWireless-B PCI AdapterWMP11Cfg.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesCommon FilesJavaJava Updatejucheck.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesYahoo!WidgetsYahooWidgets.exe
C:Program FilesMozilla Firefoxplugin-container.exe
C:Program FilesBlueVoda Website BuilderBlueVoda.exe
C:Program FilesColorPic 4.1ColorPic.exe
C:Program FilesCoffeeCup SoftwareDHTMLmenuDHTMLMenu.exe
C:WINDOWSsystem32notepad.exe
C:WINDOWSExplorer.EXE
Z:hpzsetup.exe
Z:setuphpzdui01.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://google.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink.....nkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink.....nkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink.....nkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink.....nkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.babylon.com/?bab.....ss&q={searchTerms}&mntrId=58ea1e87000000000000000c41b58535&tlver=1.4.19.19&affID=17158
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [ZoneAlarm Client] "C:Program FilesZone LabsZoneAlarmzlclient.exe"
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] C:Program FilesNVIDIA CorporationnViewnwiz.exe /installquiet
O4 - HKLM..Run: [AdobeAAMUpdater-1.0] "C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe"
O4 - HKLM..Run: [SwitchBoard] C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe
O4 - HKLM..Run: [AdobeCS5ServiceManager] "C:Program FilesCommon FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [EaseUs Watch] "C:Program FilesEASEUSTodo BackupbinEuWatch.exe"
O4 - HKLM..Run: [EaseUs Tray] "C:Program FilesEASEUSTodo BackupbinTrayNotify.exe"
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKCU..Run: [RocketDock] "C:Program FilesRocketDockRocketDock.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKCU..Run: [Iconoid] "C:Program FilesIconoidiconoid.exe"
O4 - HKCU..Run: [Nexus] C:Program FilesWinstepNexus.exe autostart
O4 - HKUSS-1-5-20..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: OpenOffice.org 3.3.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:Program FilesYahoo!WidgetsYahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesOffice10OSA.EXE
O4 - Global Startup: VOIP080.lnk = C:Program FilesPhilipsVOIP080VOIP080.exe
O4 - Global Startup: Wireless-B PCI Adapter Utility.lnk = C:Program FilesLinksysWireless-B PCI AdapterWMP11Cfg.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:Program FilesSuperfishWindow ShopperSuperfishIEAddon.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:Program FilesYahoo!CommonYinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso
--
End of file - 9680 bytes
Hey CT - The following entry in the HijackThis logfile should definitely be fixed by HijackThis:
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = http://search.babylon.com/?bab.....ss&q={searchTerms}&mntrId=58ea1e87000000000000000c41b58535&tlver=1.4.19.19&affID=17158
Other than that, I can't see anything of any real significance.
What other scans have you run??
[quote="carbonterry2":2yzjfbez]As far as I can tell FireFox 3.6.18 only. I tested IE8 & Opera also with no redirect.[/quote:2yzjfbez]
In addition to Jim's note -- what addons /extensions do you have installed in Firefox?
These two are also troubling from your report:
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:Program FilesSuperfishWindow ShopperSuperfishIEAddon.dll
O24 - Desktop Component 0: (no name) - http://www.stripemania.com/ima.....spacer.gif
Window Shopper ([url:2yzjfbez]http://forums.mozillazine.org/viewtopic.php?t=1979591&f=38[/url:2yzjfbez]) looks like it is the culprit -- but I'd check the rest too.
Stripemania looks innocuous, but I don't know anything about it.
1 Guest(s)