This is the pits. I got this pc for xmass and something has gone wrong. My IE should be set on Google.com but for the past few weeks when u start the pc it goes to http://fastsearch.cc/ydtfs/ which is not what I want. Other times it will be a variation of the same mysearch/fastsearch/ etc. and when I try to change it to google it takes over in some other way and this page comes up http://in.webcounter.cc/%2d/?%79%64%74%66%73%20%20about:blank or http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=affiliates@avenue.com&btnG=Google+Searchas well as other. and when I try to change is back to google and go in to do a seach it says this page cannot be found, no matter what page/word I put in the engine. On top of all this when I go to IE properties to change the homepage it says my:blank or http://%69%6e%2e%77%65%62%63%6f%75%6e%74%65%72%2e%63%63/%2d/?%79%64%74%66%73 either that or it has google misspelled as http:/google.com without the www. Ugh. I'm dyin here. I have tried, spyware, spybot search and destroy, adware,even pcillin which came with the pc isn't working. it's so annoying. I have tried at least two others and ended up deleting them out of frustration. Its so bad when u think you have a new pc, dsl and your finally caught up. and Bam someone violates your pc. I used to be able to watch movies on my pc now I can't even do that. Someone please help!!!

Hi Casey, Your problems sound pretty familiar, download Hijack-This, put HijackThis.exe in a seperate folder (i.e C:\Program Files\HJT). Next scan with HijackThis, save the log than post this log on here, so we can have a look and tell you what to fix. Download Hijack-This HERE ER4S3R. Hope That Helps. ____________________________________________ ### Nobody believes the official spokesman, but everybody trusts an unidentified source ###

Thanks ER4S3R I did exactly what you told me to and heres' the Log detail. Thanks Again Logfile of HijackThis v1.97.7 Scan saved at 12:20:48 PM, on 3/20/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Executive Software\DiskeeperLite\DKService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\pctspk.exe C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe C:\WINDOWS\System32\msvcmm32.exe C:\Program Files\Movielink\MovielinkManager\Movielink Tray.exe C:\WINDOWS\pKdUFSw.exe C:\Program Files\Media\Media\UpdateStats.exe C:\Program Files\AutoUpdate\AutoUpdate.exe C:\Program Files\Common files\updater\wupdater.exe C:\WINDOWS\System32\a.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\ClearSearch\Loader.exe C:\WINDOWS\uptodate.exe C:\WINDOWS\system32\pcs\pcsvc.exe C:\Program Files\Common Files\Dpi\dpi.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\kdx\KHost.exe C:\Program Files\AIM\aim.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\CLOCKS~1\Sync.exe C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\Tpws.exe C:\WINDOWS\System32\Irjtow.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN\MSNCoreFiles\msn6.exe C:\Program Files\Zero-X\TrackCreator\zerox_tc.exe C:\Program Files\Mixman Technologies\Mixman StudioXPro\StudioXPro.exe C:\Documents and Settings\Casey Marte\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://in.webcounter.cc/--/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\System32/left.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://in.webcounter.cc/-/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://in.webcounter.cc/-/?ydtfs about:blank (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.webcounter.cc/--/?ydtfs (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://in.webcounter.cc/--/?ydtfs (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://in.webcounter.cc/--/?ydtfs (obfuscated) R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.webcounter.cc/---/?ydtfs (obfuscated) R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated) R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?ydtfs (obfuscated) O2 - BHO: Clear Search - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {087173EF-9829-4F49-8340-A524177D3F60} - C:\WINDOWS\System32\inetp60.dll O2 - BHO: (no name) - {29F7B7FA-ADC8-48EA-9E1C-EA87A05AE642} - C:\WINDOWS\System32\sbb.dll (file missing) O2 - BHO: (no name) - {2CF0B992-5EEB-4143-99C0-5297EF71F443} - C:\WINDOWS\System32\stlbdist.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL O2 - BHO: (no name) - {98C7317D-A4E8-4F35-A7D5-68E20E9A1476} - C:\WINDOWS\q0LIyfd.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Search - {2CF0B992-5EEB-4143-99C0-5297EF71F444} - C:\WINDOWS\System32\stlbdist.DLL O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1501.0\en-us\msntb.dll O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe" O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LoadMSvcmm] C:\WINDOWS\System32\msvcmm32.exe O4 - HKLM\..\Run: [M3Tray] C:\Program Files\Movielink\MovielinkManager\Movielink Tray.exe /WNDSTART O4 - HKLM\..\Run: [Soundmx] C:\WINDOWS\System32\soundmx.exe O4 - HKLM\..\Run: [ICQ Net] C:\WINDOWS\winlogon.exe -stealth O4 - HKLM\..\Run: [d9pEhW65] C:\WINDOWS\pKdUFSw.exe O4 - HKLM\..\Run: [UpdateStats] C:\Program Files\Media\Media\UpdateStats.exe O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe" O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe C:\WINDOWS\System32\stlbdist.DLL,DllRunMain O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe O4 - HKLM\..\Run: [2XDT3XQ26B@PFY] C:\WINDOWS\System32\Wjdi.exe O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe O4 - HKLM\..\Run: [Rundll32_8] rundll32.exe C:\WINDOWS\System32\inetp60.dll,DllRunServer O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q O4 - HKCU\..\Run: [ProtectYourIdentity] "C:\windows\pchealth\stpfiles\stopop.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM) O9 - Extra button: Control Pad (HKLM) O9 - Extra 'Tools' menuitem: Control Pad (HKLM) O9 - Extra button: TREND MICRO HouseCall (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {65B818E1-F4D8-4F96-A1DF-35F3D1C86194} (limmyloding.limmyform) - http://mmm.roings.com/crack.cab O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downloads/common/housecall/HouseCallButton.CAB O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/2000XP/new/bridge-c14.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38021.8909953704 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/zd/kdx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1891AF9A-90BC-462C-AEFE-58C72A07FC4C}: NameServer = 151.202.0.84 151.203.0.84 O17 - HKLM\System\CS1\Services\Tcpip\..\{1891AF9A-90BC-462C-AEFE-58C72A07FC4C}: NameServer = 151.202.0.84 151.203.0.84 O19 - User stylesheet: C:\WINDOWS\Web\tips.ini O19 - User stylesheet: C:\WINDOWS\hh.htt (HKLM)

Hello you still there?

Helped here, lots of work ahead of you. http://www.computing.net/security/wwwboard/forum/10612.html

Yes, check your other post Casey :-D Casey's other Post ER4S3R. Hope That Helps. ____________________________________________ ### Nobody believes the official spokesman, but everybody trusts an unidentified source ###

Yes, your other post was deleted. I have saved the things for you to do. Download and open cwshredder, close all browser windows then click "fix" and reboot. cwshredder.exe Next: You have the peper trojan, run this uninstaller. http://home.iprimus.com.au/mbuchan/peperuninst.exe Double click on 'uninst.exe', let it run and terminate. You must be online for it to work. Run it 2 times to make sure its gone. And Download Ad-Aware and update it. http://www.lavasoftusa.com/support/download/ From lavasoft faqs. Use the Custom Scan with Memory and Both registry scans ON for your first scan. I keep it at that setting. Also.... make sure that you activate IN-DEPTH scanning before you proceed. Actually you should always use IN-DEPTH scanning whichever mode you choose. This will be made a default setting in Ad-aware 6.2 when released. Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine: "Unload recognized processes during scanning." Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine: "Let Windows remove files in use after reboot." Next... Run Ad-aware 6. Mark the objects you wish to eliminate for removal. All of them. Make a Quarantine only if you do not have the Auto-Quarantine option ON. Then choose to Next to remove the chosen objects. Finally.....Reboot After that Have an online scan, fix and remove what it finds. http://www.ravantivirus.com/scan/ Good luck Take your time and post a new log when your done.