oxide search has hijacked IE.6

Just last night what ever web page I was browsing was being redirected to hxxp://search.oxide.com/fma.main1/search/web/cool
Web page. My home page also changed to some bulldog search.

I have Norton running all the time, always updated. I also run a program called "no adwareâ€

Neither of these have detected what is doing the move.

I am typing this in word because of I type in the forum window… it goes to the above link after about 1 minute "“ less sometimes.

This is very annoying. How can something like this get in. I grudge paying for software that is supposed to stop or remove things when it doesn’t.

This is the 1st time its happened, Norton stops most things, then I use no adware to get rid of what Norton has missed "“ this is sometimes quite allot.

Can anybody advise me how to stop this, its impossible to do anything.

Thanks,
Stuart.

(IE6, win 2k sp4)

 

It's sort of a no-brainer. Stop using IE! Start using a good browser like Firefox or Opera.

 

stuartsjg - Norton is not really designed to notice or stop spyware and that is probably what caused your problem.

I'm not familiar with the adware blocking program you mention but even the best ones don't catch everything.

I suggest you do three things now. From Quicklinks in my signature download Ad-aware SE and Spybot. Update and run both and let them clean what they find. With Spybot, also use the immunize feature to block lots of future issues. Spybot is free and Ad-aware has a free version that does fine.

Also download Hijackthis and unzip it to a folder of it's own so not to the desktop or to a temp folder. I have c:\hjt that I use but you just need to make sure it has a normal folder. Run HJT, scan, create a log file, and post the log here so we can see what is left after the removal apps have finished. There will be pieces they either miss or can't handle that will need manual cleaning and we can talk you through that.

James - if a poster asks about options, feel free to suggest any that you like. But when someone asks about solving a problem with a specific app, suggesting that they change apps isn't usually the best thing to suggest first and the 'no brainer' comment is never appropriate. You never know if they can change (businesses tend to mandate for instance and many ISPs won't support non-IE users) or if they would be comfortable with the change.

I know that lots of folks prefer Firefox, Opera, or any of the other good alternative browsers.

I also know that some will want to stay with IE and it is certainly possible to set things up so that IE is no more open to attack than Firefox (maybe even less) with the added benefit that you can get Microsoft Updates without needing to run two browsers.

 

Thanks for the great info. I ran both programs and found a whole load of stuff…

Unfortunatly none of ot got rid of the problem.

I put the web page that comes up in to Norton to block it and found that it starts at a web page www.cool.com . With that programmed im to Norton it goes to page not displayed.

I shut down the web connection and the window still opened so I know its something in the PC opening it.

“SpyBot" keeps finding one thing that wont go away for long "“ when it is away it doesn’t stop the thing opening though. It was something to do with a security hole in IE6 that let the program Jump to web pages without you having any control.

The link suggested I update everything… I downloaded and installed 34 windows updates, some of which were to stop this happening.

Still no luck.

Is there anything that can let me find whats causing the thing to run… ie something that looks for an Exe or Reg setting etc. that I can deal with manually?

Ive tried watching for the %ages changing in task manager when the page changes but nothing moves.

Any ides L

Thanks.
Stuart.

(ps…. Im writing this in word as about every 1 min I get moved to cool.com… may be fun posting)

 

HJT file

Logfile of HijackThis v1.99.0
Scan saved at 19:55:10, on 17/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\CAP4RSK.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Fmctrl.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\06 - Programs\FreeRAM XP Pro 1.40.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\hhnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\SJG\Desktop\High Def\Anti Spy Ware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.buldog-search.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - Default URLSearchHook is missing
O1 - Hosts: 69.50.188.82 askjeeves.com
O1 - Hosts: 69.50.188.82 www.askjeeves.com
O1 - Hosts: 69.50.188.82 www.directhit.com
O1 - Hosts: 69.50.188.82 directhit.com
O1 - Hosts: 69.50.188.82 www.excite.com
O1 - Hosts: 69.50.188.82 excite.com
O1 - Hosts: 69.50.188.82 www.alltheweb.com
O1 - Hosts: 69.50.188.82 go.com
O1 - Hosts: 69.50.188.82 www.go.com
O1 - Hosts: 69.50.188.82 goto.com
O1 - Hosts: 69.50.188.82 www.goto.com
O1 - Hosts: 69.50.188.82 lycos.com
O1 - Hosts: 69.50.188.82 dmoz.org
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [FreeRAM XP] "D:\06 - Programs\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSAgent] C:\WINNT\hhnt.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Canon LBP3200 Status Window.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
O4 - Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {07DE6F78-521D-1234-D915-2C887DBD5B86} - http://69.50.177.100/1/rdgGB1332.exe
O16 - DPF: {2517F764-6F60-4ADD-8FCF-137E5B220FF6} (VacPro.emsat_ver4) - http://www.globalphon.com/dialer/emsat_ver4.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {3DEA6420-7C91-5308-70F0-09261AA53534} - http://69.50.177.100/1/rdgGB1332.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26bc9559f8fbb9d13820/netzip/RdxIE601.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

 

There's a program called coolweb shreader out there, gets rid of some hard to del spyware. Not sure of the link myself, perhaps someone can post it up. not to good w/ hijack this myself but, i'd take off some of thoes IE searches on there that you arn't familiar w/. good luck,

Charles

EDIT: here, found a link to dl it. http://www.soft32.com/download-CWShredder-19014-5.html

 

thanks for the prog link but news got there 1st.

I removed the 01's and 016's but the window keeps popping up.

Ill keep digging. Would doing a reinatall of windows work? Not a full one - just one to fix anything that shouldnt be there. I suspect this wont work.

This is painfull!!!

Stuart.

 

Hi

Have HijackThis Fix these item's
O4 - HKCU\..\Run: [MSAgent] C:\WINNT\hhnt.exe
and these if they are not already removed
O16 - DPF: {07DE6F78-521D-1234-D915-2C887DBD5B86} - -=http://69.50.177.100/1/rdgGB1332.exe
O16 - DPF: {2517F764-6F60-4ADD-8FCF-137E5B220FF6} (VacPro.emsat_ver4) - -http://www.globalphon.com/dialer/emsat_ver4.CAB
O16 - DPF: {3DEA6420-7C91-5308-70F0-09261AA53534} - =http://69.50.177.100/1/rdgGB1332.exe


Restart your pc find and delete that file,(hhnt.exe)replace your hosts file with this one
Blocking Unwanted Parasites with a Hosts File: http://www.mvps.org/winhelp2002/hosts.htm

Post a new log please

 

Thats worked briliantly!!! No more redirection!

My log file as as follows:
__________________________________________

Logfile of HijackThis v1.99.0
Scan saved at 09:54:48, on 18/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\CAP4RSK.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\Fmctrl.EXE
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\06 - Programs\FreeRAM XP Pro 1.40.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\WINNT\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\SJG\Desktop\High Def\Anti Spy Ware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Desktop Search Capture - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKCU\..\Run: [FreeRAM XP] "D:\06 - Programs\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Canon LBP3200 Status Window.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
O4 - Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: Canon LBP3200 Status Window.LNK = C:\WINNT\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {07DE6F78-521D-1234-D915-2C887DBD5B86} -
O16 - DPF: {2517F764-6F60-4ADD-8FCF-137E5B220FF6} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {3DEA6420-7C91-5308-70F0-09261AA53534} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

____________________________________________________

Havent had anything poping up or moving in several hours so i can only guess thats fixed it.

That "hosts" file... my IP address is diffirent to the one specified in the file - does this make a diffirence. Its 127.0.0.1 whilst on my network im 10.0.0.14 and my Broadband is something else. Will this affect the way hosts works?

Thanks very much for the help - its very much appreciated

Stuart. (Now happy)

 

Hello

For now turn off tea timer.
Open SpyBot, on the toolbar menu select mode and switch to advanced mode,>tools > resident uncheck tea timer, close spybot, if the tea timer icon is still in the tray (clock area) right-click exit resident, dont turn it on untill we suggest it.
While SpyBot and tea timer are closed, go to this loacation >
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes
delete RegKeyWhite.sbe and RegKeyblack ProcWhite.sbe & ProcBlack.sbe

Run HijackThis and have it fix just these items
R3 - Default URLSearchHook is missing
O16 - DPF: {07DE6F78-521D-1234-D915-2C887DBD5B86} -
O16 - DPF: {2517F764-6F60-4ADD-8FCF-137E5B220FF6} -
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} -
O16 - DPF: {3DEA6420-7C91-5308-70F0-09261AA53534} -
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
======================

Now turn Tea timer back on, when the alert pops up about changes click allow, dont place a check in the remember desicion box.

Im not to familur with networking, I believe you need to replace 127.0.0.1 with 10.0.0.14

Let us know how things are ?

 

Stay with 127.0.0.1. That is a special address that always loops back to your network card regardless of any network IP addressing scheme in use.

Using it ensures that a bad item will quickly and silently direct itself back to your card without ever putting any traffic on the network.

 

Oxide Hijacker

Yesterday I had my yahoo account hijacked by the Oxide browser, the funny part about the whole thing. The oxide browser doesn't even seem to be working. It offers options, but everything takes you right back to Oxide main page. It doesn't make sense they would hijack you and then you can't even use it. Not that I wanted to, but I did try it to see if it actually worked, It DIDN'T. someone must have set it up and then abandoned it. But they did manage to make it impossible for the hijacked person to get out of their grip. anyway, I found this thread, and I wanted to say, Coolshreader worked to get me out. I downloaded, ran, and when I went back, Oxide was gone. So thank you CxFusion3mp for your suggestion. for those of you caught in the "Oxide" here is that link again.

hxxp://www.soft32.com/download-CWShredder-19014-5.html

Edited dirrect download link
CWShredder if need can be downloaded from here : http://www.intermute.com/spysubtract/cwshredder_download.html
Lonny