GeneralPatton tried including his log file but got an error message. He then sent the file to me via email for me to post. Unfortunately I got the same message. I even got the message trying to include it as an attachment.

I'm looking into this right now. However, in the meantime, I've included his file as a zip - so that the forum software can handle it (since it's not handling the file contents directly).

Sorry for the inconvenience everyone!

C:\Program Files\KaZaA Lite\Kazaa.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)


These are some of the things that I would get rid of just because you really don't need them and in my opinion kazaa is horrible.

-My explorer keeps adding porn sites to my favorites and hijacking my homepage while keeping my explorer window open or closed.

-I ran these spyware removal programs: X-Cleaner, clean out my IE options, ran CWShredder v1.47, ran Adware 6.0 and then SpybotS&D 1.2.

YourAd-aware and CWShredder are both out-of-date. They are up to 6.18 and 1.50, respectively. I don't think that's the problem, though.

That having been said, there are no nasty processes running, it's all in the Registry. Delete the following keys:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://66.250.170.70/search.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://66.250.170.70/search.htm

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = ,

R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = ,

O1 - Hosts: 66.250.170.70 verisign.com
*** This is likely where your redirection is coming from. ***

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

O3 - Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)

These two are optional, but highly recommended:

O4 - HKLM\..\Run: [QuickTime Task] "f:\quicktime\qttask.exe" -atboottime

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

One last question, though: Why do you have both Intel and SiS utilities installed on your system? They are mutually exclusive. They probably don't conflict, but one or the other is redundant. Post your exact HP model number, we'll figure out what you have and get rid of what you don't need.

update your virus scanner and your CWShredder. Run Ad Aware then run SpyBot S&D. Run them Both. Finally run the CWShredder. I think it's Mejin.org for the newest one or just click the update button in the program. You may be getting it from a dropper trojan like Inor which is usually at porn sites check for link.exe or i.exe in your C:/ folder just the main drive folder. But delete the porn in your favorites they should just go. If you do have the virus you may need to boot into safe mode to get ride of it just hit F8 repeatedly at start up to make sure you don't miss it. Good Luck.

-=CodeMasterFlex=-

http://www.spywareinfo.com/~merijn/downloads.html