Google address bar search

I have always used Google as my default search engine from IE6 address bar. About a week ago, I typed in a search item and I got a Charter(my ISP) search page powered by Yahoo. It's not a toolbar search program or a IE add-on. I have searched my machine and cant find any reason for it. Spybot S&D, Adaware, and several online scanners including Trend Micro and all find nothing. I've cleaned the registry several times with different programs. I have deleted temp internet files, web content, URL cache, cookies, history, and temp files. I talked to Charter and was assured they "don't do that" when ask about hijackers. Yet, when I search for "Google" for example, using the address bar set for Google internet search, it takes me to: http://www11.charter.net/search?qo=google&rn=zwLw7Vke1oUgw7k.
I don't have and never had any browser software from Charter.
I'm using IE6 on Windows XP Pro with all updates.
I'd like to find out what this is, and get rid of it.
Any help will be greatly appreciated.

Mark

Edit...I thought I would include HJT report before asked.


Logfile of HijackThis v1.97.7
Scan saved at 9:53:29 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\CHARTE~1\backweb\3528733\Program\SERVIC~1.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\program\fsbwsys.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsrw.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\PROGRA~1\CHARTE~1\ANTI-S~1\fsaw.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
C:\Documents and Settings\Blufx\My Documents\Install files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwwa.accuweather.com/index-forecast.asp?partner=accuweather&traveler=0&zipcode=29681&u=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Mark's Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {CF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\Advanced System Optimizer\IEHelper.dll
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe "
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe "
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe "
O4 - Global Startup: Charter High-Speed Security Suite.lnk = C:\Program Files\Charter High-Speed Security Suite\backweb\3528733\Program\fspex.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\Charter High-Speed Security Suite\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell (HKLM)
O9 - Extra 'Tools' menuitem: ieSpell Options (HKLM)
O9 - Extra button: Web Filter (HKLM)
O9 - Extra 'Tools' menuitem: Web Filter (HKLM)
O9 - Extra button: IE Shield (HKLM)
O9 - Extra 'Tools' menuitem: IE Shield... (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167960203687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1170351745328
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Thanks,
Mark

 

I found a fix

Sorry it's been so long. I did eventually find a cure through some host file setup information and cookie blocking. I still don't fully understand how this worked. I later found that the search page I was being taken to had an opt-out button at the bottom. It said said the page was there to make my searches easier, but if I didn't want it, I could opt-out. It then said this would work until I cleared my cookies. How does it replace itself after cleaning cookies? I didn't have to revisit a Charter site to get it. It was always there the next time I used the address bar. While I was trying to fix this problem I downloaded Googles tool bar just so I could use Google without having to start a search page or go to Google.com. Just about the time I fixed my problem, I decided I'd keep the Google bar and replace my IE address bar with it. It has some cool features and protection to prevent this from happening again(I hope). We'll have to wait and see if it works. In the meantime, I emailed Charter and told them I found the hijacker they claim they don't use. I also said it's hard enough trying to keep the bad guys out out of my computer, I really resented them planting this on me.

 

Hi Blufx.

Well on the one hand, I'm glad you sorted this out. but on the other hand, I wish someone had stumbled upon this thread so we could look at thing more closely. And I apologise that we overlooked this thread for a week.

I would point out that you need to update your version of HijackThis!. The one you're running is a couple of years old, at least.

Current version is 1.99.1 and it shows more information about the system.

Let us know how the machine is doing.

 

Thanks TeMerc

TeMerc,You ask how the machine is doing. The hijacking problem is still gone but I did develop a new problem with Windows XP right after this which I posted here:http://www.windowsbbs.com/showthread.php?t=62374
I don't know if any is related but it's got me stumped.

 

I don't have alot of experience with working on quirks of that nature, but we have some others hanging around who will be able to address your problems. I'd wait for them.

Good luck.