Hi all,
when i type in a bad URL there is an approx 6-8 seconds delay while Firefox is searching for a new webpage this FOO-page (or similar) turns up insted:
------------------------------------------------------

This XML-file doesn´t seem to have any assosiated style-info. Document tree shown below

- <html>
<body/>
</html>
------------------------------------------------------

Then, very fast, a new window with a "could not find"-message opens at this site

------------------------------------------------------

hxxp://www.quickbrowsersearch.com/apps/eps/eps.cgi?s=http%3A//lists.gpick.com/
------------------------------------------------------

I have not set any redirection rules of this kind and I don´t like the quickbrowsersearch page. How do I get rid of it?

I have ran ad-aware, spybot s&d and ewido and it's still happening..
I have attached my hjt log I really would appreciate any help
hijackthis.log

Hi Bleach,

Welcome to PCHF. We have a terrific team of techs here, and I feel confident that we will be able to get rid of the RLMs (rotton little monsters) that have invaded your PC.

Did you by any chance save the ewido log? Did any of the aformentioned programs find anything at all? If they did, did you let them fix what they found?

We'll take a look at your HJT log and see what we find.

TTFN

LGW

Hi Bleach,

I took a quick look at your log, and didn't see anything particularly disturbing. I'm sure that our Security Team Leader will be along very soon, I will be interested in hearing what he thinks.

In the mean time. Can you please download Spy Sweeper from my signature, update it, and run a full system scan. You will be able to save a log at the end. Please post it back here.

Look forward to your reply,

TTFN

LGW

ladygreenwitch
Thank you for your POLITE and prompt reply....

Did you by any chance save the ewido log? No i didn't save the logs


Did any of the aformentioned programs find anything at all? If they did, did you let them fix what they found? Yes they all found some "bad Guys" and i had them fixed...

I have DL spysweeper
It did find a few things in my host file (though none of them pertained to quicksearch) but i did elect to remove them since the host file contained IP/URL to a product i no longer use or have (it was ghost surf)..

I have it seeping as we speak I'll be posting the log as soon as it is done..
Thank you once again
Bleach

Ok spysweeper is all done

Here is the log for it
Spy Sweeper Session Log.txt

Since it found 2 items I ran HJT again so here is the latest HJT

hijackthis.log

ALso FYI I checked to see if my browser still does what i posted in my original post and yupp it still does it....

I would like to note that newdotnet and look2me did creep in on my pc and installed itself.... Up untill these two badboys creeped up on me i never had this problem... I read the forums to get rid of these and although they seem gone it seems that the quicksearch problem is still lingering behind...

Bleach

Hya Bleach , Spysweeper has cleaned the Look2me infection remenents that where still present in youre hjt log , and im pretty sure quickbrowsersearch popups are linked with Newdotnet.

First please go to add/remove programs and uninstall NewdotNet. If you don't have that option or if you have difficulties then please follow the instructions on this site

Then have a look in youre Firefox plugins to see if there is anything related to Newdotnet there , if it is then remove it.

And this one can be fixed with hjt:


And also , dont fix these yet , do you recoqnize these entrys?

Yes the mysql and mySQL4 I have installed on my PC (one is version 4 one is version 5)

I also uninstalled newdotnet prior to all my spyware scanning....
I DID find a creepy little extension from newdotnet that was installed on my firefox.... I deleted it...
It now has a page with this url (I am not sure if this is a hijack as well)
chrome://global/content/netError.xhtml?e=dnsNotFound&u=http%3A//www.adfajfhaf.com/&d=www.adfajfhaf.com%20could%20not%20be%20found.%2 0Please%20check%20the%20name%20and%20try%20again.#
I haven't really noticed this chrome:// before but it is much better then quicksearch...