-My explorer keeps adding porn sites to my favorites and hijacking my homepage while keeping my explorer window open or closed.

-I ran these spyware removal programs: X-Cleaner, clean out my IE options, ran CShrewder v1.47, ran Adware 6.0 and then SpybotS&D 1.2.

-CShrewder cleans out CWS:Winshow and restores IE pages. Adware Cleans out many CWS registries or all the malware and so does SpybotsS&D.

-I reboot pc and after a little while the same favorites are added on. I run the x-cleaner:find nothing new, clean out ie options history,pages,cookies,etc.: nothing new. But when i use CShrewder again, the same problems found and i hit fix again, the Winshow Removed and the IE pages restored. The Adware finds the same malware and fixes it again.

-Somewhere in there is something majorly wrong.

-Can you please help Any admin/moderator?

-This is my Hijackthis log after i run the applications above and after reboot. Thanks for the Help in advance.
LOG:

I cant add my log, for some reason it wont let me add it as a post or a postreply . . . sad. Any ideas?

GeneralPatton tried including his log file but got an error message. He then sent the file to me via email for me to post. Unfortunately I got the same message. I even got the message trying to include it as an attachment.

I'm looking into this right now. However, in the meantime, I've included his file as a zip - so that the forum software can handle it (since it's not handling the file contents directly).

Sorry for the inconvenience everyone!

C:\Program Files\KaZaA Lite\Kazaa.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)


These are some of the things that I would get rid of just because you really don't need them and in my opinion kazaa is horrible.

Your Ad-aware and CWShredder are both out-of-date. They are up to 6.18 and 1.50, respectively. I don't think that's the problem, though.

That having been said, there are no nasty processes running, it's all in the Registry. Delete the following keys:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://66.250.170.70/search.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.250.170.70/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,

O1 - Hosts: 66.250.170.70 verisign.com
*** This is likely where your redirection is coming from. ***

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)

These two are optional, but highly recommended:

O4 - HKLM\..\Run: [QuickTime Task] "f:\quicktime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

One last question, though: Why do you have both Intel and SiS utilities installed on your system? They are mutually exclusive. They probably don't conflict, but one or the other is redundant. Post your exact HP model number, we'll figure out what you have and get rid of what you don't need.

-TallCool1, thank you for your help. I will delete those registries now to get rid of this annoyance and check back with you.

-my pc is a hp pavilion 552w desktop pc. About the SiS and Intel Utilities, I have no idea as to why I have both. I thank you in advance for this help too, since i was not aware of, and will come back to check what you have to say about this. Thanks again.

TallCool1,

-I took off all the registries(recomended too) and restarted my pc. The porn sites, 2 of them like before, are there again now. Any Other Suggestions? homepage is good.

-here is now an up to date hijackthis log file. I will add it as a zip file like the admin did before because the normal ways didn't work.
-can u give me specific links for the newest cwshredder, I looked for it and found broken links? thank you.

update your virus scanner and your CWShredder. Run Ad Aware then run SpyBot S&D. Run them Both. Finally run the CWShredder. I think it's Mejin.org for the newest one or just click the update button in the program. You may be getting it from a dropper trojan like Inor which is usually at porn sites check for link.exe or i.exe in your C:/ folder just the main drive folder. But delete the porn in your favorites they should just go. If you do have the virus you may need to boot into safe mode to get ride of it just hit F8 repeatedly at start up to make sure you don't miss it. Good Luck.

-=CodeMasterFlex=-

http://www.spywareinfo.com/~merijn/downloads.html

Thank you I will try that too now.