• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 657
  • Last Modified:

Search Engine Redirecting

I need help in diagnosing a problem on a friend's computer.  The computer is in an office, so I can only get at it intermittently.  I went there after office hours on Wednesday and Thursday and did some diagnostics and ran various tools.

Problem:    Browser hijacker that redirects Google and Yahoo searches.  www.searchresultsdirect.com takes me to cars4all.biz whenever I do a Google or Yahoo search.  Curiously, Hotbot, which uses Yahoo, does not redirect.  Neither does Dogpile, which uses Google.

What I've done:
*   I checked the hosts file and it's absolutely stock condition (just the loopback)

*   Ran cwshredder.  Machine is clean.

*   Ran MBAM and Spybot S&D.  Removed some cookies.

*   Checked to make sure the DNS entries were not affected.  They are still as I originally set them (hardwired to the Telus DNS numbers)

*   Ran Firefox in safemode (FF safemode, not Windows safe mode).  No redirection.  In normal mode it redirects.

*   Uninstalled all Java.  Rebooted. Installed Java 6 U20.  Rebooted.  Same problem

*   Ran ATF Cleaner. Same problem

*   Tried manually disabling plugins in FF but problem persists.

*   Created new FF profile.  Same problem

*   Uninstalled FF completely.  Reboot.   Install latest FF.  Import only bookmarks.  Same problem

*   Ran Hijackthis, Trend Micro RootkitBuster, and SUPERAntiSpyware.  Logs of each follow:

<<Hijackthis>>
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:02:39, on 4/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ofps.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\TJH\HiJackThis.exe
C:\TJH\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Util/PCS.HTM
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: printer.bat
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165708000828
O17 - HKLM\System\CCS\Services\Tcpip\..\{33DC5391-AB79-431E-A32E-D5C2F35BDA25}: NameServer = 154.11.129.187,154.11.129.59
O17 - HKLM\System\CS1\Services\Tcpip\..\{33DC5391-AB79-431E-A32E-D5C2F35BDA25}: NameServer = 154.11.129.187,154.11.129.59
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\system32\ofps.exe

--
End of file - 7030 bytes



<<Trend Micro RootkitBuster>>

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.80.0.1077
+----------------------------------------------------


--== Dump Hidden MBR, Hidden Files and Alternate Data Streams on C:\ ==--
[FILE_STREAM]:
      FullPath      : C:\Data\Signatures\Thumbs.db:encryptable:$DATA
      FullPathLength: 28
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x26
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP8\Data:extended:$DATA
      FullPathLength: 0
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x30
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable:$DATA
      FullPathLength: 83
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x26
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Documents and Settings\Veronica\Application Data\Microsoft\Internet Explorer\Quick Launch\ShowMyPC2963.exe:Zone.Identifier:$DATA
      FullPathLength: 109
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x20
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Documents and Settings\Veronica\Desktop\Jessica's cover.doc:Zone.Identifier:$DATA
      FullPathLength: 62
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x20
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Documents and Settings\Veronica\Desktop\Resume.doc:Zone.Identifier:$DATA
      FullPathLength: 53
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x20
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Documents and Settings\Veronica\Desktop\ShowMyPC3010.exe:Zone.Identifier:$DATA
      FullPathLength: 59
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x20
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Install Stuff\AdAware SE\aawsepersonal.exe:Zone.Identifier:$DATA
      FullPathLength: 45
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x20
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Install Stuff\Spyboy S&D\spybotsd14.exe:Zone.Identifier:$DATA
      FullPathLength: 42
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x20
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Install Stuff\ZoneAlarm\zlsSetup_65_722_000_en.exe:Zone.Identifier:$DATA
      FullPathLength: 53
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x20
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\Old Master\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable:$DATA
      FullPathLength: 94
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x26
      ShareAccess   : 0x0
      Type          : 0x0
[FILE_STREAM]:
      FullPath      : C:\WINDOWS\Web\Wallpaper\Thumbs.db:encryptable:$DATA
      FullPathLength: 34
      DesiredAccess : 0x0
      Options       : 0x0
      Attributes    : 0x26
      ShareAccess   : 0x0
      Type          : 0x0
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

<<SUPERAntiSpyware>>
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/22/2010 at 07:14 PM

Application Version : 4.35.1002

Core Rules Database Version : 4840
Trace Rules Database Version: 2652

Scan type       : Complete Scan
Total Scan Time : 00:31:47

Memory items scanned      : 383
Memory threats detected   : 0
Registry items scanned    : 5198
Registry threats detected : 0
File items scanned        : 29649
File threats detected     : 183

Adware.Tracking Cookie
      C:\Documents and Settings\Veronica\Cookies\veronica@msnportal.112.2o7[1].txt
      C:\Documents and Settings\Veronica\Cookies\veronica@atdmt[1].txt
      statse.webtrendslive.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .yadro.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .yadro.ru [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .atdmt.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .tribalfusion.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .serving-sys.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .msnportal.112.2o7.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .www.zanox-affiliate.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .adinterax.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .adinterax.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .adtech.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .adtech.de [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .zedo.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .mediaplex.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .revsci.net [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\oan3w05c.default\cookies.txt ]
      .doubleclick.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .advertising.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .tacoda.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .tacoda.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .tacoda.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .tacoda.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .atdmt.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .valueclick.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .bluestreak.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .tribalfusion.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .tribalfusion.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .atwola.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .insightexpressai.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      ad.yieldmanager.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      ad.yieldmanager.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .maxserving.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .maxserving.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      ads.revsci.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .zedo.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .zedo.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .zedo.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      media.adrevolver.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .adrevolver.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .fastclick.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .burstnet.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .adcentriconline.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .usatoday1.112.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .kanoodle.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      statse.webtrendslive.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .questionmarket.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .questionmarket.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .questionmarket.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .ads.pointroll.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .ads.pointroll.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .ads.pointroll.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .ads.pointroll.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .247realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .247realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .realmedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .statcounter.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .overture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .overture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .overture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .mediaplex.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .casalemedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .casalemedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .casalemedia.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .ehg-yellowpages.hitbox.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .hitbox.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .amazonsearsca.122.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .apmebf.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .apmebf.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .as-us.falkag.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .belnk.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .bizrate.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .bizrate.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .bravenet.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .bravenet.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .bravenet.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .bs.serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .cbs.112.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wfkoapd5who.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wfligmcjcdp.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wflioncpodp.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wjk4anazclo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wjkokic5ilo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wjkygiczwaq.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wjkyukczoeo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wjlichd5gbo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wjlywkcjodp.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .e-2dj6wjnyqnajgfo.stats.esomniture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .edge.ru4.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .kontera.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .kontera.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .kontera.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .msnportal.112.2o7.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .nextag.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .nextag.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .perf.overture.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .qksrv.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .qksrv.net [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .serving-sys.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .stats1.clicktracks.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .stats1.clicktracks.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .stats1.clicktracks.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .stats1.clicktracks.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .superstats.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .trafficmp.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .trafficmp.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .tripod.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .z1.adserver.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .z1.adserver.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      banners.nbcupromotes.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      images.crossmediaservices.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      media101.sitebrand.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      media101.sitebrand.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      pt.crossmediaservices.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      web4.realtracker.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      www1.addfreestats.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      www6.addfreestats.com [ C:\Old Master\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\58gch6ji.default\cookies.txt ]
      .2o7.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
      .2o7.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
      .doubleclick.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
      .as-us.falkag.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
      .as-us.falkag.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
      .as-us.falkag.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
      .as-us.falkag.net [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
      .mediaplex.com [ C:\Old Slave\Documents and Settings\veronica\Application Data\Mozilla\Firefox\Profiles\5a0iyn11.default\cookies.txt ]
      C:\Old Slave\Documents and Settings\veronica\Cookies\veronica@2o7[2].txt



0
cmbcne
Asked:
cmbcne
1 Solution
 
Daniel Van Der WerkenIndependent ConsultantCommented:
I found this:
http://support.mozilla.com/no/forum/1/652924

Quote:


After checking out his hosts file, dns, proxy info, etc, and running a  MalwareBytes quick scan, I noticed something strange in his  extensions.ini:  
Extension2=C:\Documents and Settings\usernameremoved\Local  Settings\Application Data\{EA3AA2E9-BCBF-481A-B198-8E7D100D2FC4}   Extensions aren't stored in Local Settings\Application Data! Removing  that line from extensions.ini fixed him right up.

End Quote.

0
 
cmbcneAuthor Commented:
Thanks Dan7el:

I followed the link you posted and read the post there.  I then did a remote connection to the computer in question and, sure enough, that "Extension2=C:..." was in the INI file.  I removed it then started FF again.  Problem still there.  I now have to wonder if that needed to be removed.

Also I installed the NOSCRIPT plugin.  When I do a search in Google, the results page shows the Noscript "Sx" in the bottom corner indicating scripts are being managed.  Right clicking shows there is a script "www.cars4all.biz" being blocked.  So whatever this is seems to intercept the Google results page and insert a Javascript that then does the redirecting.

Bottom line: Still infected but Noscript at least allows the user to use Google.

I would still like to get rid of this (and maybe remove noscript).

Anyone else have any thoughts on what to try next?
0
 
optomaCommented:
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
TrustWiseCommented:
0
 
sb7785Commented:
I had pretty much your exact same problem. optoma beat me to it, so credit to him, but after googling a lot; the problem is the "google redirect virus" can be any number of things. I saw so many different file possibilities that it's too much to check manually. After like the 5th file, that's when someone suggested HitmanPro. I religiously use Spyware Doctor v4, and while it did find many things; the redirect was still happening.
HitmanPro identified one of the files that I saw during my google searching. Well, it's been deleted, and I'm awaiting results back. This was for a family member, and I used logmein as well. It's been only 2 days, so I'll talk to them this weekend to see if it's still happening. This is a really pesky virus, and it doesn't seem to do much else except annoy you.
Again, the problem is though that there are so many possible causes, it's hard to pinpoint. I've seen people say one solution worked perfectly for them; but didn't for me. I'd suggest try HitmanPro and hopefully that will find it, and get rid of it for you. When it finds the results, I googled each one and one of them was linked to the redirect virus, so I can only hope it's gone now. Good luck.
0
 
cmbcneAuthor Commented:
I goofed the first time.  I only removed the line from the INI file.  I failed to remove the folder it pointed to.  When I did that, the problem was solved.

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now