My internet explorer search was taken over and all searches are redirected to this website... http://th.msie.tv/index.php?aid=20038 i have gotten hijacks before thats why i keep CWShredder and Hijack This and Spybot and all of those programs. NONE of them work on this one. On the CWShredder i did get an error message when i opened it and it said something about it had to enter a random string as the title because cws.smartsearch2 or sumthin like that with a 2 at the end was trying to override the CWSshredder i have tried to go into safe mode and delete some suspicious files, i tried to reset the web settings..i dont know what else to do!! somebody please help me

Please post your HiJackThis log file so that someone can look at it. Kevin. Kevin's Resource Center http://www.greyknight17.com

the problem is that i think something hijacked my hijack this and cwshredder because obviously there is something redirecting my searches and stuff but they dont show anything wrong..i am not an expert but my log looks pretty clean i think....if u have any other ideas please help me Logfile of HijackThis v1.97.7 Scan saved at 1:21:50 PM, on 6/1/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common files\updmgr\updmgr.exe C:\Program Files\Common Files\PSD Tools\ChannelUp.exe C:\WINDOWS\ehome\ehSched.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\AIM\aim.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\HijackThis.exe O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [PSD Tools Channel] C:\Program Files\Common Files\PSD Tools\ChannelUp.exe O4 - HKCU\..\Run: [BLMessagingIntegration] C:\Program Files\Common Files\PSD Tools\blengine.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: AIM (HKLM) O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) - O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38051.8861921296 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

i've got this same hijack, as well as an odd .php script hijacker (sounds odd but it ONLY jacks me on .php scripts) that redirects to pornsites, AND a casino popup hijack... none of which are fixed by adaware, or cwshredder my internect is royally jacked up, if some pro would like to help me 1 on 1, i have hijackthis, cwshredder, and ad-aware already installed (and up to date) so that should save a little trouble

I had it and have now succeeded in getting rid of the search toolbar in my Taskbar. To get rid of it: Back up your Registry first !!! Use HJT to delete these entries if you have them: F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe, R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL C:\Program Files\WindowsSA\omniscient.exe O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe Then go into Add/Remove Programs and delete a program called Windows SA (if you have it), then go into Windows Explorer, Program Files and find the Windows SA folder and delete it and empty the Recycle Bin. Immediately upon doing this, you will probably get a web page opening up by itself - it will be BlazeFind.com, just close it. Do a search for any file/folder with 'blaze' as the file name or part of and if you have already used Spybot since you got this infection you may find an entry in Spybot Recovery. If so, delete that entry. Then do a search for any trace of 'Windows SA' and if you find any, delete them. Find and delete a file called UnstSA2.exe and another file called key2.txt and (if you have it) a file called 2_0_1browserhelper2.dll. I only had the first 2 files. Empty the Recycle Bin. Then open up regedit, find and delete these keys (if you have them - I didn't find them in my registry though): HKEY_CLASSES_ROOT\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ Explorer\Browser Helper Objects\{83DE62E0-5805-11D8-9B25-00E04C60FAF2} Also while in regedit, look for any suspicious entry using various search terms such as: My Web, My Way, Search Assistant, Fun Web etc and delete them. Next run Adaware (Active in-depth scan) and delete anything to do with BlazeFind or VX2. (Ensure that you have the latest Adaware updates first.) Adaware found several BlazeFind entries and a few VX2 in mine - just delete them. Run CWShredder. Then reboot and you should have got rid of the search toolbar in Taskbar. Check by right-clicking on the Taskbar, go to Toolbars and the Search Assistant should be gone !!! Hope this helps you all as I have found by doing a few Google searches that there are there are quite a lot of users out there with this same problem. Regards Jeff I.T. student soon to open my own business diagnosing, troubleshooting, optimising and networking home computers to residents of Brisbane, Australia.

i had the hijacker where if i put in the wrong url in the address bar, it would go to that same site, and i tried all of the last guys methods but that wasnt it, so i posted my problems at a couple other places, and i was able to get it solved, heres a link to the convo i had -> http://forum.avast.com/index.php?board=4;action=display;threadid=4974;start=0#lastPost if your problem isnt solved yet, this will help, and dont thank me if it does help, thank raman

None of the various tools will remove this hijack, as far as I can see. I also notice that the Startpage Guard tool is unable to set and protect the search page. I will email the author. Alister