Unwanted Search Advertisement

E

Ed Kerner

Any time I do a wild card search I receive an
adevertisement screen and I can not get to google, yahoo
and any other browser. I have run Norton, removed cookies
and temp files and stil can not remove.
 
F

Frank Saunders, MS-MVP

Ed Kerner said:
Any time I do a wild card search I receive an
adevertisement screen and I can not get to google, yahoo
and any other browser. I have run Norton, removed cookies
and temp files and stil can not remove.
Click to expand...

First eliminate any scumware.
See
Dealing with Unwanted Spyware, Parasites, Toolbars and Search Engines
http://mvps.org/winhelp2002/unwanted.htm

Note that AdAware and SpyBot S & D will each catch some things the other
won't. Also, each needs to be updated before every use, even when just
downloaded. There's also a lot more to do than just those two programs.
CWShredder is also available here:
http://www.kellys-korner-xp.com/regs_edits/cwshredder.zip
**Post your HijackThis log to
http://forums.spywareinfo.com/ or the Spyware forum at
http://forum.aumha.org/ for expert analysis, not here.**
Alternative download pages for Ad-Aware, Spybot, HijackThis and CWShredder
may be found on this page:
http://aumha.org/a/parasite.htm.
If trying everything at that site does not fix the problem please post back
in the same thread.

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/
 
E

Ed Kerner

I downloaded the host file and that corrected the problem,
however when rebooting another host file is being created
and then the problem returns. I can delete the host file
and then the problem goes away, but is there a way in not
having to delete the host file evertime I reboot?
 
F

Frank Saunders, MS-MVP

Ed Kerner said:
I downloaded the host file and that corrected the problem,
however when rebooting another host file is being created
and then the problem returns. I can delete the host file
and then the problem goes away, but is there a way in not
having to delete the host file evertime I reboot?
Click to expand...

Where did you post your HijackThis log?

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/
 
E

Ed Kerner

here is the hijacks reply...any other suggested actions?

Logfile of HijackThis v1.97.7
Scan saved at 8:48:00 PM, on 3/17/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTEMIE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\POWERZIP.TMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start
Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local
Page = c:\windows\system32\blank.htm
O1 - Hosts: 64.124.210.140 alltheweb.com
O1 - Hosts: 64.124.210.140 www.alltheweb.com
O1 - Hosts: 64.124.210.140 content.overture.com
O1 - Hosts: 64.124.210.140 www.content.overture.com
O1 - Hosts: 64.124.210.140 google.com
O1 - Hosts: 64.124.210.140 www.google.com
O1 - Hosts: 64.124.210.140 www2.google.com
O1 - Hosts: 64.124.210.140 www3.google.com
O1 - Hosts: 64.124.210.140 auto.search.msn.com
O1 - Hosts: 64.124.210.140 search.msn.com
O1 - Hosts: 64.124.210.140 search.yahoo.com
O1 - Hosts: 64.124.210.140 search.aol.com
O1 - Hosts: 64.124.210.140 www.altavista.com
O1 - Hosts: 64.124.210.140 altavista.com
O1 - Hosts: 64.124.210.140 www.alexa.com
O1 - Hosts: 64.124.210.140 alexa.com
O1 - Hosts: 64.124.210.141 www.thehun.net
O1 - Hosts: 64.124.210.141 www.worldsex.com
O1 - Hosts: 64.124.210.141 www.sleazydream.com
O1 - Hosts: 64.124.210.141 www.easypic.com
O1 - Hosts: 64.124.210.141 www.video-post.com
O1 - Hosts: 64.124.210.141 www.lumberjack-links.com
O1 - Hosts: 64.124.210.141 www.thumbzilla.com
O1 - Hosts: 64.124.210.141 www.amsterdamsexxx.com
O1 - Hosts: 64.124.210.141 www.call-kelly.com
O1 - Hosts: 64.124.210.141 www.pinkworld.com
O1 - Hosts: 64.124.210.141 www.mature-post.com
O1 - Hosts: 64.124.210.141 www.zadina.com
O1 - Hosts: 64.124.210.141 www.pornno.com
O1 - Hosts: 64.124.210.141 www.vidsvidsvids.com
O1 - Hosts: 64.124.210.141 www.freeones.com
O1 - Hosts: 64.124.210.141 mmm100.com
O1 - Hosts: 64.124.210.141 www.bunnyteens.com
O1 - Hosts: 64.124.210.141 www.cowlist.com
O1 - Hosts: 64.124.210.141 www.teenax.com
O1 - Hosts: 64.124.210.141 www.absolut-series.com
O1 - Hosts: 64.124.210.141 www.youngerbabes.com
O1 - Hosts: 64.124.210.141 www.buldog.com
O1 - Hosts: 64.124.210.141 www.catlist.com
O1 - Hosts: 64.124.210.141 www.persiankitty.com
O1 - Hosts: 64.124.210.141 www.smashingthumbs.com
O1 - Hosts: 64.124.210.141 www.thehun.net
O1 - Hosts: 64.124.210.141 www.****ingfreemovies.com
O1 - Hosts: 64.124.210.141 www.alexmovies.com
O1 - Hosts: 64.124.210.141 www.grannypictures.com
O1 - Hosts: 64.124.210.141 www.jamies-galleries.com
O1 - Hosts: 64.124.210.141 www.auntpolly.com
O1 - Hosts: 64.124.210.141 www.jizzhut.com
O1 - Hosts: 64.124.210.141 www.ultradonkey.com
O1 - Hosts: 64.124.210.141 www.jennysbookmarks.com
O1 - Hosts: 64.124.210.141 www.babes4free.com
O1 - Hosts: 64.124.210.141 www.freebigmovies.com
O1 - Hosts: 64.124.210.141 www.freepicturepage.com
O1 - Hosts: 64.124.210.141 www.freeheaven.com
O1 - Hosts: 64.124.210.141 www.stickyhole.com
O1 - Hosts: 64.124.210.141 www.livesexlist.com
O1 - Hosts: 64.124.210.141 www.smokinmovies.com
O1 - Hosts: 64.124.210.141 www.thumbnailpost.com
O1 - Hosts: 64.124.210.141 interracialporno.nu
O1 - Hosts: 64.124.210.141 www.gallview.com
O1 - Hosts: 64.124.210.141 www.3pic.com
O1 - Hosts: 64.124.210.141 www.purescans.com
O1 - Hosts: 64.124.210.141 www.freepicsandmovies.com
O1 - Hosts: 64.124.210.141 www.lovetgp.com
O1 - Hosts: 64.124.210.141 www.ramis-movies.com
O1 - Hosts: 64.124.210.141 www.lanasbigboobs.com
O1 - Hosts: 64.124.210.141 www.adult-series.com
O1 - Hosts: 64.124.210.141 www.lazymike.com
O1 - Hosts: 64.124.210.141 www.wowtgp.com
O1 - Hosts: 64.124.210.141 renvil.com
O1 - Hosts: 64.124.210.141 www.dirtydaughter.com
O1 - Hosts: 64.124.210.141 www.planet-babe.com
O1 - Hosts: 64.124.210.141 www.persiankitty.com
O1 - Hosts: 64.124.210.141 www.sexgrannies.com
O1 - Hosts: 64.124.210.141 www.sublimepie.com
O1 - Hosts: 64.124.210.141 thehun.net
O1 - Hosts: 64.124.210.141 worldsex.com
O1 - Hosts: 64.124.210.141 sleazydream.com
O1 - Hosts: 64.124.210.141 easypic.com
O1 - Hosts: 64.124.210.141 video-post.com
O1 - Hosts: 64.124.210.141 lumberjack-links.com
O1 - Hosts: 64.124.210.141 thumbzilla.com
O1 - Hosts: 64.124.210.141 amsterdamsexxx.com
O1 - Hosts: 64.124.210.141 call-kelly.com
O1 - Hosts: 64.124.210.141 pinkworld.com
O1 - Hosts: 64.124.210.141 mature-post.com
O1 - Hosts: 64.124.210.141 zadina.com
O1 - Hosts: 64.124.210.141 pornno.com
O1 - Hosts: 64.124.210.141 vidsvidsvids.com
O1 - Hosts: 64.124.210.141 freeones.com
O1 - Hosts: 64.124.210.141 mmm100.com
O1 - Hosts: 64.124.210.141 bunnyteens.com
O1 - Hosts: 64.124.210.141 cowlist.com
O1 - Hosts: 64.124.210.141 teenax.com
O1 - Hosts: 64.124.210.141 absolut-series.com
O1 - Hosts: 64.124.210.141 youngerbabes.com
O1 - Hosts: 64.124.210.141 buldog.com
O1 - Hosts: 64.124.210.141 catlist.com
O1 - Hosts: 64.124.210.141 persiankitty.com
O1 - Hosts: 64.124.210.141 smashingthumbs.com
O1 - Hosts: 64.124.210.141 thehun.net
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-
7695ECA05670} - C:\PROGRAM FILES\YAHOO!
\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-
FADC6B084872} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-
7859DF00B1D6} - C:\Program Files\Norton
AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-
0090271D4F88} - C:\PROGRAM FILES\YAHOO!
\COMPANION\INSTALLS\CPN\YCOMP5_3_16_0.DLL
O4 - HKLM\..\Run: [ScanRegistry]
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MSConfigReminder]
C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM95\aim.exe -
cnetwait.odl
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1
\PLUGINS\nppdf32.dll
O12 - Plugin for .MOV: C:\PROGRA~1\INTERN~1
\PLUGINS\npqtplugin.dll
O16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clients/y/mjst3_x.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?37890.4770023148
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail
Attachments Control) -
http://by9fd.bay9.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {7DD62E58-5FA8-11D2-AFB7-00104B64F126} (Sview
Control) -
https://www.oxhp.com/BenSum/swiftview/svinstall_a_stat.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78D} (DoomCln
Object) -
http://www.microsoft.com/security/controls/DoomCln.CAB
O16 - DPF: {2119776A-F1AD-4FCD-9548-F1E1C615350C} -
http://www.stop-sign.com/pub/download/stop-sign_stp.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7}
(ActiveDataObj Class) - https://www-
secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}
(ActiveDataInfo Class) - https://www-
secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst
0401.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = eddie
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
167.206.3.221,167.206.7.4,167.206.112.138
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

search problems in ie 6 1
Cookies 5
The Witcher 3 upgrade 4
cookies disabled NOT 2
Irritating advertisements 1
How to delete the auto population info in Yahoo & Google Search boxes? 1
IE Search Bar - Unwanted Icons 1
ie6 - cookies blocked no matter what the settings 6

Top