tibs3 ?

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

By the way, you said "my homepage is quickmetasearch" Is that what you want it to be. If not what is you full expected home page.

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Which link are you talking about:
HijackThis 1.99
NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Do they display:
READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

 

Can you download anything from any website?

How about this: http://www.merijn.org/files/hijackthis.zip

Do you have any problems going to certain websites?

I'll repeat another previous question:

By the way, you said "my homepage is quickmetasearch" Is that what you want it to be. If not what is your full expected home page.

 

You never gave your OS (that should always be part of your first message). So I will assume WinXP (the below will also apply to Win 2K but not any Win 9x or ME).

I want to see what is in your hosts file.
Click Start, Run, and enter notepad c:\windows\system32\drivers\etc\HOSTS and then click OK!
If what comes up in the notepad window had any lines other than what is shown below in the quote box, delete them and save the file. Then try to download some stuff.

If that does not help, see if you can get HijackThis from the below link:
HijackThis direct download: http://209.133.47.12/~merijn/files/HijackThis.exe

 

Did you try this one:

HijackThis direct download: http://209.133.47.12/~merijn/files/HijackThis.exe

If that does not work, try this one:

http://www.unitethecows.com/software/HijackThis.exe

also try to get the below:
http://www.unitethecows.com/software/StartupList.exe

If you can get these, try to post as an attachment both your HijackThis log and your StartUpList log.

 

You must remember to shutdown all browsers before you use HijackThis. You had this running:
C:\Program Files\Mozilla Firefox\firefox.exe

You need to goto to Add/Remove program and look for an uninstall to NetPumper. It contains malware. See the below link:
http://www.kephyr.com/spywarescanner/library/netpumper/index.phtml

Okay now follow the procedure below. Note I left stuff related to NetPumper in the removal procedures below just incase Add/Remove programs does not work.


Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u STHomePage.dll
then click OK. If a dialog box confirming this action appears, click OK.

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u STLinks.dll
then click OK. If a dialog box confirming this action appears, click OK.

If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\Program Files\NetPumper\NetPumperIEProxy.exe
C:\WINDOWS\system32\gkfhhglr.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0002_ho
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0002_ho
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage.dll
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod.dll
O2 - BHO: STLinksCtrl Class - {B54BFA47-D897-49CA-9657-05EC9F80A32B} - C:\Program Files\STLinks\STLinks.dll
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\system32\tibs3.exe
O4 - HKLM\..\Run: [vjqczcnjvqb] C:\WINDOWS\system32\gkfhhglr.exe
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab

You appear to be missing some files for the below two services so you may as well fix these lines (unless you can find the files elsewhere - or maybe reinstall).
O23 - Service: myDynIPPro - Unknown - C:\Program Files\Rocon Software\myDynIPPro\myDynIPPro.exe (file missing)
O23 - Service: StyleXPService - Unknown - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe (file missing)

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\NetPumper <--- the whole folder
C:\Program Files\STHomePage <--- the whole folder
C:\Program Files\STLinks <--- the whole folder
C:\WINDOWS\system32\gkfhhglr.exe
C:\WINDOWS\ceres.dll
C:\WINDOWS\questmod.dll
C:\WINDOWS\system32\tibs3.exe

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Please finish my instructions. Post the new HJT log!