I am using IE 7 on xp with Windows Live OneCare. Every time I type something into Google, Yahoo, Ask...etc the page loads with results but when I click on one it takes me to an online store of some kind related to what I typed in. Any help would be great. Welcome to CH.


Download and rename HijackThis (HJT)

• Double-click on HJTInstall.
• Click on the Install button.
  
• It will AUTOMATICALLY place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.
• Close HijackThis and rename it.
  
• Go to C:\Program Files\Trend Micro\HijackThis.exe
  
• Right click on HijackThis.exe and select Rename.
  
• Type in sniper.exe and press Enter.
  
• Right-click on sniper.exe and select Send To > Desktop (create shortcut)
  
• From the desktop open Hijackthis.
• If using Windows Vista, Right-click and Run As Administrator.
  
• Click on the Do a system scan and save a log file button
  
• Hijackthis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
  
  • Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  Although we have renamed Hijackthis to sniper, we will still refer to it as Hijackthis or HJT.
  
  Post the Hijackthis log in the next reply please.

• Go to the Sun Java Download Page
  
• On the Sun Java page scroll to the 5th download. Java Runtime Environment (JRE) 6 Update 6
  
• Click the button and choose the options.
  • Platform Windows
    
  • Language English
  • Next place a check mark in the box to agree to the License Agreement.
• "I agree to the Java SE Runtime Environment 6 License Agreement"
  
• Click Continue
  
• Click on the link to download Windows Offline Installation and save to your desktop.
  
• Then from your desktop double-click on jre-6u6-windowsi586-p.exe to install the newest version.
  
• Follow the prompts to complete the installation.

• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel > Add/Remove programs and remove all older versions of Java.
  
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Do not remove Java 6 Update 6
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each old Java version.
• Restart your computer once all Java components are removed.

• Double click My Computer on the desktop, Locate this folder: C:\Program Files\Java
  
• Open the Java folder and delete any subfolders except the jre1.6.0_06 folder which was just created by the newest Java installation.

• Link #1
  
• Link #2
  
• Link #3

• Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
• Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
  • Click this link to see a list of security programs that should be disabled and how to disable them.
    
  • If yours is not listed and you don't know how to disable it, please ask.
• Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  
• Double click combofix.exe & follow the prompts.
• Choose Yes to accept the Disclaimers.[

• When finished, it will produce a log for you.
• Post that log in your next reply.

• If Combofix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your computer.
  
• Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
  
• Choose your usual account.
• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard).
  
• Finally add the contents of the Report.txt in your next post.

• Click Accept.
  
• Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
  
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
  • Extended
• Scan Options:
• Scan Archives
  
• Scan Mail Bases

• Click OK & have it scan My Computer

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area, use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

• WinSockFix
  
• Winsock Repair Tutorial
  

• Unzip the HostsXpert file and double click on HostsXpert.exe
  
• Press Restore Original Hosts and press OK
  
• Exit HostsXpert.