Starting tonight when I went to go check my hotmail, the page took about 10 minutes and was slowly loading and then it transferred to hotmail.com.org and a your.com and yeah.com search engine page opened in a new window. The same thing happens when I try to go to neopets.com or msn.com or msn.ca, the .org goes after and then the other window pops up. I need to fix it! Does anyone know how? I uninstalled any programs I don't need, I cleared history/cookies/temp and checked all the files and settings for IE. I found nothing wrong. I even did ad-aware and spybot, and it still happens once in a while. Please help me! Logfile of HijackThis v1.97.6 Scan saved at 11:02:31 AM, on 2/6/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\System32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Support.com\bin\tgcmd.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\SBC\Connection Manager\CManager.exe C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe C:\WINDOWS\System32\DRIVERS\CDANTSRV.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\WINDOWS\system32\cba\pds.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\cba\xfr.exe C:\WINDOWS\System32\MsgSys.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\GREGH~1\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defaults/*http://yahoo.sbc.com/dsl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.vgln.com"); (C:\Documents and Settings\Jolex Del Pilar\Application Data\Mozilla\Profiles\default\8jfb8a20.slt\prefs.js) N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%5CNetscapeSearch.src"); (C:\Documents and Settings\Jolex Del Pilar\Application Data\Mozilla\Profiles\default\8jfb8a20.slt\prefs.js) O1 - Hosts: 65.120.116.174 www.aimster.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_3_0.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - Startup: Connection Manager.lnk = C:\Program Files\SBC\Connection Manager\CManager.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: Yahoo! Login (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: ICQ (HKLM) O9 - Extra 'Tools' menuitem: ICQ (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: MoneySide (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://download.yahoo.com/dl/installs/ymail/ymmapi.dll O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.7.20/ttinst.cab O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.communities.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7896C446-2A5A-4255-BF32-609BCD9ABE05}: NameServer = 206.13.28.12 206.13.29.12

link to check http://www.techsupportforum.com/computer/topic/12074-1.html Check the files you have in the startup section of msconfig and in your registry search for "run once" to see what is running their, it maybe just a file that is running at startup. Also you have two iexplore.exe running you should only have one running no matter how many windows you have open. worth a shot.

did you ever find a solution to your problem? I seem to be having the same problem? Thanks

I tried ad-aware and pestpatrol.com, both of which picked up a couple of other spyware programs but didn't fix this problem. However, pestpatrol.com noted a vulnerability with my activex files. Deleting all activex objects from IE (including ones that seemed familiar such as shockwave) fixed the problem. Tools | Internet Options | Settings | View Objects

I tried most of the suggestions posted on the internet but still have this problem. I then tried the ultimate fix; I reformatted my hard drive and reinstalled Windows XP. Guess what? I still have the same problem. Yeah.com and Your.com still come up **intermittently** which makes me suspect one of two possible causes. 1) my router has been modified or 2) my ISP's server has been hijacked. The tech. support lady at SBC acted like she knew very little about computers (e.g. check my default web page) and then blamed the problem on my computer manufacturer. Well, hopefully my comments will make it past her to the real experts. I don't know much about hijacking, but can DNS servers get hijacked? Is this common? Do ISPs like keeping these events quiet? If you are fed up with Yeah.com and Your.com, you can enable content advisor/parental controls to block their websites. Just remember to set the rating levels to 4 if you want uninhibited surfing. It doesn't work all the time but it does block those web pages most of the time.

I have the same problem. Headache1234, how are you reproducing the problem? I suspect that you don't have a problem at all. Please notice that any web address that ends in "com.org" will take you to yeah.com. Most likely you fixed the problem with your reformat. I'll outline what I understand about the problem. First, it is important to know how to reproduce the problem. 1) If you are getting redirected to yeah.com when you enter a known (and favorite) web address, you definitely have the problem. If that doesn't happen, you have to try the following: 1) Goto "Internet Options", select "Advanced," select "Just go to the most likely site" in the "Search from the Address bar" selection. 2) Reopen your browser and enter an address that doesn't exists. I use the address "www.foobarfoobarfoobar.com" That you take you to your google or msn default search engine. 3) Try this 15 times. Shut down your browswer, try it 15 times again, shut down your browser, try it 15 times again. 4) If you get redirected to yeah.com, you have the problem. This is what I know about the yeah.com redirect. You probably got it because you installed Kazaa. It will still occur even if you run HijackThis, Ad-ware6, SpyBot Search & Destroy, SpyKiller, SpyHunter, CWShredder. I've run them all. Nothing gets rid of the problem. (These will get rid of most of the spyware from Kazaa, but not everything.) If you disable search from the address bar--i.e., you select "Do not search from Address bar" the problem doesn't go away. It appears that the spyware hijacked a DNS lookup. I currently have the problem that every now and then I cannot access www.cnn.com, which is my favorite site. If I enter the actual address for cnn.com (64.236.16.84) my browser takes me there. If I enter the name "www.cnn.com" I get a page stating the site could not be found, but it's not google's or msn's search page. What appears to be happening is that the spyware in interfering with the IP address lookup when you enter an address into the Address bar. Usually it will change whatever you have entered into an address that ends with ".com.org" So, if you enter the address www.foobarfoobarfoobar.com" it will translate into www.www.foobarfoobarfoobar.com.org, which will take you to yeah.com (ends with .com.org). What makes this a massive headache is that it happens randomly. Sometimes you won't see the redirect, but sometimes you will. That's all I can tell you. I'm seriously considering a reformat, but I'll work on this problem a bit longer. I would appreciate hearing whether you were able to reproduce the problem. Thanks, Jonas -x-

This is not a hijack or spyware. I will tell you how to fix this. The problem is that yeah.com and your.com is owned by a company called Digimedia in OK. They also own a domain called "com.org" ... the problem is.. when you type in a url in your browser and if it takes a little too long to respond, your browser will try other extensions. For example if yahoo.com dont work it tries yahoo.com.com or yahoo.com.org.... when it tries "yahoo.com.org" you get directed to "com.org" which then directs you to "yeah.com" Here is how to fix it: From Internet Explorer, go to "tools" then "internet options" then "advanced" tab, then scroll down to where it says "search from address bar" it looks like a magnefying glass... Click on "do not search from address bar". then click OK then reboot. Thats it!