Internet explorer and Firefox being redirected when trying to open from a search page

Small problem that is bugging me. Using IE or Firefox I am unable to open any links from a google search. It shows a small box at the top middle saying "one moment please" then displayes options to open other websites. I can do a google search but am redirected when I try to click on anything. I also can not access either Google.com or google.ca. It simply will not open the web page. It is simply blank. THis is windows XP pro SP3 using IE 7 with all updates. Antivirus is Avast home and spybot installed. I have attached the log file of hijackthis if it helps. Thanks for your help.
hijackthis.log
robsky1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
Could be one of three things (if the machine is not compromised):

1) you have a proxy configured in the browser
2) your http traffic is being diverted
3) the DNS servers are handing you addresses for domains in which they are not authoritative

When you do a dig/host/nslookup of www.google.com (the IPs are the same as www.google.ca), do you see:

www.google.com is an alias for www.l.google.com.
www.l.google.com has address 66.102.1.104
www.l.google.com has address 66.102.1.147
www.l.google.com has address 66.102.1.99
www.l.google.com has address 66.102.1.103
0
robsky1Author Commented:
Hi Jesper
I checked and the proxy is not configured in the browser. for sure my traffic is being diverted. When I do an nslookup for google I come up with a range between 74.125.95.99 to 74.125.95.103-.104 -.105 - .106 - .147. These are true google IP addresses. When I do a "whois" search for the ip addresses in the hijackthis log file (89.149.210.106) it points me to a company in Amsterdam that points to someone in Poland.
0
bobohostCommented:
Yeah sounds like you have some stuff on your system.  Start by running Malwarebytes

http://www.malwarebytes.org/

Very good program to clean our your system.
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

Jan SpringerCommented:
What anti-virus software are you running (other than hijackthis)?

And, have you tried changing your DNS server IP to another completely off net (OpenDNS offers free service ->  208.67.222.222)?  This would help determine if your local machine is the problem or your DNS server.

Are you using Google Chrome?
0
robsky1Author Commented:
Hi Bobohost
I already tried malwarebytes and was suprised that it did not fix/find the problem. It's the first time itfailed me.
Jesper
I'm using Avast home edition. I'll look into openDNS and let you know but as I'm getting a message telling me in the broser that the request is being prossed, I'm pretty sure that's a local issue. Google chrome was installed and has since been removed.
0
bobohostCommented:
Do you have a hijackthis log for this system?  Have you tired running ComboFix?
0
robsky1Author Commented:
Hi Bobohost
If you look at the attachments to this post, you will see the text file from Hijackthis. I have looked into combofix and it seems to have issues with it when installed/run. I'll consider it as a last resort but would REALLY like to know what i'm being hijacked by.
0
bobohostCommented:
Ok let me review the log and see what I find.
0
rpggamergirlCommented:
Fix these entries in Hijackthis:
O2 - BHO: ALOT Toolbar BHO - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)  
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O1 - Hosts: 89.149.210.106 www.google.com
O1 - Hosts: 89.149.210.106 www.google.de
O1 - Hosts: 89.149.210.106 www.google.fr
O1 - Hosts: 89.149.210.106 www.google.co.uk
O1 - Hosts: 89.149.210.106 www.google.com.br
O1 - Hosts: 89.149.210.106 www.google.it
O1 - Hosts: 89.149.210.106 www.google.es
O1 - Hosts: 89.149.210.106 www.google.co.jp
O1 - Hosts: 89.149.210.106 www.google.com.mx
O1 - Hosts: 89.149.210.106 www.google.ca
O1 - Hosts: 89.149.210.106 www.google.com.au
O1 - Hosts: 89.149.210.106 www.google.nl
O1 - Hosts: 89.149.210.106 www.google.co.za
O1 - Hosts: 89.149.210.106 www.google.be
O1 - Hosts: 89.149.210.106 www.google.gr
O1 - Hosts: 89.149.210.106 www.google.at
O1 - Hosts: 89.149.210.106 www.google.se
O1 - Hosts: 89.149.210.106 www.google.ch
O1 - Hosts: 89.149.210.106 www.google.pt
O1 - Hosts: 89.149.210.106 www.google.dk
O1 - Hosts: 89.149.210.106 www.google.fi
O1 - Hosts: 89.149.210.106 www.google.ie
O1 - Hosts: 89.149.210.106 www.google.no
O1 - Hosts: 89.149.210.106 search.yahoo.com
O1 - Hosts: 89.149.210.106 us.search.yahoo.com
O1 - Hosts: 89.149.210.106 uk.search.yahoo.com



And here's the Combofix canned as has been suggested. We need to see the log also.

Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(If it doesn't run re-download but rename before saving to your desktop)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..


Note:Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.



If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bobohostCommented:
Also I would recommend using the latest version of HiJackThis which you can download here

http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html
0
robsky1Author Commented:
hi rpqqamergirl
That did it! by removing the registry entries it resolved the problem. I would have split the points with bobohost except the suggestion to use combofix did not find anything. Sorry bobohost. thank you aginn and also to everyone who tried to help.
0
rpggamergirlCommented:
Glad to know it's now resolved.

Next time you used Hijackthis download the latest version as already suggested.

TrendSecure site Hijackthis download:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Spyware

From novice to tech pro — start learning today.