Something keeps changing my hopepage to http://yoursearch.cc . I have run Spybot Search & Destroy and Adware over and over. I even have Browser Hiijack Blaster but something keeps changing it. Another problem is sometimes when I search for something (google is default) many of the links that come back with the search lead to http://search- biz.cc/se.php?qq="whatever im searching" IE. I searched Hiijackthis in google because I could not find it on my harddrive two links that returned were said the proper address in the description but when I clicked them i went to http://search- biz.cc/se.php?qq=hiijackthis Here is my Hiijack This log Logfile of HijackThis v1.97.7 Scan saved at 3:48:15 AM, on 3/3/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\MAINSERV.EXE C:\PROGRAM FILES\MESSENGER PLUS! 2\MSGPLUS.EXE C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE C:\PROGRAM FILES\LEXMARKX84-X85\ACMONITOR_X84-X85.EXE C:\PROGRAM FILES\LEXMARKX84-X85\ACBTNMGR_X84-X85.EXE C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE C:\PROGRAM FILES\CREATIVE\SBAUDIGY\TASKBAR\CTLTRAY.EXE C:\PROGRAM FILES\REALVNC\WINVNC\WINVNC.EXE C:\PROGRAM FILES\MACRO EXPRESS3\MACEXP.EXE C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE C:\PROGRAM FILES\APC\APC POWERCHUTE PERSONAL EDITION\APCSYSTRAY.EXE C:\PROGRAM FILES\BROWSER HIJACK BLASTER\BHBLASTER.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\PROGRAM FILES\XNEWS\XNEWS.EXE C:\PROGRAM FILES\WINZIP\WINZIP32.EXE C:\WINDOWS\TEMP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie_rsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http:// my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http:// www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http:// www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http:// my.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http:// www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie_rsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Guard-IE - {D2F719F3-106A-402B-9996-3A5B12ACA564} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL O2 - BHO: (no name) - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\ICAPTURE.DLL O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F- 0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL O3 - Toolbar: Guard-IE - {37C8204D-97C3-4127-BB28-1BFF3FA2F7DA} - C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [CTStartup] C:\PROGRAM FILES\CREATIVE\SPLASH SCREEN\CTEaxSpl.EXE /run O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe O4 - HKLM\..\Run: [LexStart] Lexstart.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\RunServices: [APC_SERVICE] C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O4 - HKLM\..\RunServices: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service O4 - HKCU\..\Run: [TaskTray] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTray.exe O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background O4 - Startup: Run VNC Server.lnk = C:\Program Files\RealVNC\WinVNC\winvnc.exe O4 - Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O4 - Startup: Macro Express 3.lnk = C:\PROGRA~1\MACROE~1\macexp.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM) O9 - Extra 'Tools' menuitem: @C:\PROGRAM FILES\FAILSAFE\GUARDIE\PNIE.DLL,-100 (HKLM) O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll O12 - Plugin for .ASP: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dl l
I don't see it but I've placed it on a specialised forum, see what they say. You could do with a bit of performance tuning once this is sorted.
It sounds like CoolWebSearch. CWShredder (CoolWebSearch remover) http://www.merijn.org/cwschronicles.html http://www.merijn.org/files/cwshredder.zip http://doxdesk.com/parasite/CoolWebSearch.html If merijn.org is out of action, you can get new update from one of the links below: http://makeashorterlink.com/?H24932667 http://www.zerosrealm.com/downloads/CWShredder.zip http://www.lurkhere.com/~nicefiles/cwshred15.zip http://www.spywareinfo.com/downloads/tools/CWShredder.exe http://www.spywareinfo.com/~merijn/files/cwshredder.zip <snip>
Jeroen Wijnands cried out yeah i crammed too much on this pc suprised it runs as well as it does for 400mhz
Thank you to everyone for your help on this. It seems that CWShredder has resolved my drama. Would anyone by chance know how or where this may bave gotten into my system. I like to think I am pretty good on catching spyware, adware, popups, etc. I have a router, zonealarm, guard ie, browswer hiijack blaster, spyware blaster,adware, and spybot search & destroy. Browser Jijack blaster seems to be the only thing picking up anything, all it picked up was home and search page changes. Jeroen Wijnands cried out
<snip> Internet Explorer is targeted by these things. May I suggest Mozilla Firebird as an alternative? You will not be bothered with all this junk and it is a much better browser anyway.
If BHB seems to be catching everything, isn't it any wonder that the others don't seem to be? Think about it..... Also, read the links I gave.
