My browser has been hijacked and is redirected to the "Search for.." Homepage. The Hijack is still there after I ran updated versions of: Buster Ad-aware SpyBot CWShredder CCleaner McAfee Stinger AVG Anti-Virus Does anyone have advice on getting rid of this? Below is my HiJackThis log..... ---------------------- Logfile of HijackThis v1.98.2 Scan saved at 10:33:55 AM, on 9/21/04 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.exe C:\WINDOWS\SYSTEM\MPREXE.exe C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.exe C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.exe C:\WINDOWS\SYSTEM\MSGLOOP.exe C:\WINDOWS\SYSTEM\MSG32.exe C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\HIDSERV.exe C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.exe C:\WINDOWS\EXPLORER.exe C:\WINDOWS\TASKMON.exe C:\WINDOWS\SYSTEM\SYSTRAY.exe C:\WINDOWS\SYSTEM\INTERNAT.exe C:\WINDOWS\SYSTEM\HPSYSDRV.exe C:\WINDOWS\SYSTEM\LTDAEMON.exe C:\PROGRAM FILES\WILDWIRE\WWMON.exe C:\WINDOWS\SYSTEM\USBMMKBD.exe C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.exe C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.exe C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.exe C:\WINDOWS\SYSTEM\PRINTRAY.exe C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALONEMESSAGECENTER.exe C:\WINDOWS\RunDLL.exe C:\WINDOWS\SYSTEM\HFUNE1CE698S4.exe C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.exe C:\WINDOWS\SYSTEM\SPOOL32.exe C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.exe C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.exe C:\WINDOWS\SYSTEM\WMIEXE.exe C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.exe C:\WINDOWS\SYSTEM\PSTORES.exe C:\WINDOWS\SYSTEM\DDHELP.exe C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.exe C:\TREVOR\DOWNLOADS\HIJACK THIS- NEW\HIJACKTHIS.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=543 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/hp/search.html O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\YC8YJ1~1.DLL O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\WINDOWS\SYSTEM\YYZSJW.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe O4 - HKLM\..\Run: [AtiKey] Atitask.exe O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [LT DAEMON] C:\WINDOWS\SYSTEM\ltdaemon.exe O4 - HKLM\..\Run: [WildWire Monitor] C:\Program Files\WildWire\wwmon.exe -t O4 - HKLM\..\Run: [USBMMKBD] usbmmkbd.exe O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.exe O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.exe O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.exe /RUNSERVICES O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY O4 - HKCU\..\Run: [romahere2] C:\WINDOWS\SYSTEM\HFUNE1CE698S4.exe O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL O15 - Trusted Zone: *.greg-search.com O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://skill.skilljam.com/ssp/SSP.cab O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vividence.com/download/ConnectorLauncher.cab

hi collin, while on the internet do this, get the latest def's for all your scanners, then, go to tools button, internet options, then do this> delete cookies, delete files including all offline content, then delete history. now go to safe mode and scan using all your programs one by one. delete all files that they come up with. next run hijackthis, make sure you don't have any open windows, and no running programs. put a check next to these and hit the fix check button: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=54 O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\YC8YJ1~1.DLL O2 - BHO: (no name) - {2E9CAFF6-30C7-4208-8807-E79D4EC6F806} - C:\WINDOWS\SYSTEM\YYZSJW.DLL O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter O4 - HKCU\..\Run: [romahere2] C:\WINDOWS\SYSTEM\HFUNE1CE698S4.exe O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dl O15 - Trusted Zone: *.greg-search.com O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Vividence Connector Launcher) - http://task.vivid in safe mode do a search for these files and or folders and delete these files and or folders from your windows and or windows system32 directories: C:\PROGRAM FILES\EASY INTERNET\ENCMONTR.exe C:\WINDOWS\SYSTEM\MSGLOOP.exe C:\WINDOWS\SYSTEM\MSG32.exe C:\WINDOWS\SYSTEM\HIDSERV.exe C:\WINDOWS\SYSTEM\LTDAEMON.exe C:\PROGRAM FILES\WILDWIRE\WWMON.exe C:\WINDOWS\SYSTEM\USBMMKBD.exe C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALONEMESSAGECENTER.exe C:\WINDOWS\SYSTEM\HFUNE1CE698S4.exe next do a control alt delete and end task for any of these processes: YC8YJ1~1.DLL YYZSJW.DLL ENCMONTR.EXE MSGLOOP.EXE MSG32.EXE HIDSERV.EXE LTDAEMON.EXE WWMON.EXE USBMMKBD.EXE REALONEMESSAGECENTER.EXE HFUNE1CE698S4.EXE all the best, murve

I think you should also run CWShredder. groups.yahoo.com/group/simplycomputers2