Please help..I am at a standstill

Re: Or...

Please follow our procedures and in the order written. And note our guideline for posting HJT logs, no logs unless we ask for them and do not post them inline. Also the below should not be running when using HJT:

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE


First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Re: Or...

For all OS types, make sure viewing of hidden files is enabled (per the READ ME tutorial).

You need to boot into safe mode and delete these files:
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\0PMHK3CV\SDSETUP[1].EXE
C:\WINDOWS\TEMP\IS-0P1QJ.TMP\IS-SGK9L.TMP

 

Re: New hijack log

Please do not post your HJT logs as .doc file. That make our job more difficult. Post them as they are saved by HJT. That is, as a .log file. The other choice is as a .txt file (but you have to save it differently using Save As to do that).

What do you mean "the freezing up of HJT" You never mentioned that.

Your last log is not useful. It is incomplete.
The first log you still had IE running. ALWAYS shut it down before using HJT.

 

Re: New hijack log

Yahoo is in control of your Home Page and search stuff now. If you don't want that, you shouldn't be using their stuff.

If you need to go to dogpile, why don't you just add it to your favorites. What is it www.dogpile.com) ?

Look at all the stuff that Yahoo has added to your system. They have even locked your home page and search stuff to them (see the O14 line below).
Who is your ISP? Do they require that you use Yahoo and this red.clientapps? Many people consider it to be spyware due to what they do.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/yie6/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/yie6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_5_7_0.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_5_7_0.DLL
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.yahoo.com

After exiting your browser, have HJT fix the below two lines:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

 

You go to clickit.go2 because that is how dogpile does their searches. Use google.com or excite.com.

 

I have tried dogpile.com searches from several PCs at different locations and when you enter a search string and click Go, if you watch the bottom bar of Internet Explorer you can see it route thru clickit.go2 before the search results come up on dogpile. So as far as I can tell that is how there searches work. Also if you hold your mouse over the icon on the lower right of dogpile.com main page that says SearchSpy, you will see it says clickit.go2net.com. Even the Learn more link in the middle of the page references click..go2net.com. So I still say that is what you get using dogpile.com

 

What in the world should an online search tool need to put into your registry? That does not sound right to me. And I have searched on dogpile checking out your problem. There is nothing in the my registry related to dogpile or to clickit.go2net.com.

Winsock Fix or another program to fix the LSP chain like LSP-fix is usually required when the LSP chain is broken due to improper removal of a DLL in the chain. While a spyware removal program or a user can easily break the LSP chain and don't understand why dogpile would have to install software on you system to do a search. Google, Yahoo, Excite etc do not. And from my small experience with dogpile, they do not either.