Internet Hijackers

My problem is pretty much like a lot of other ppl on here.  I can't do a thing on my computer (while on the internet) without being redirected to an illegitimate search engine.  I have purchased and used so many different programs.  I have used spysweeper, Ad-Aware, Shredder, Hijack This, and just countless others for apparently no reason!!  I have coolwebsearch, super-spider, and some windowws blah blah blah id=all kinds of numbers.  I have even had so called technical support only for their suggestions not to work.  I have gone into my internet settings numerous times to delete and change things around.  This problem just will not go away.  It's ridiculous!  

I am curious if this has anything to do with my problem....

Months ago I had a different internet service provider from what I currently have.   I believe I received my spyware while I was using their service.  Well when I go on the ie now on the top bar where it says MIE provided by, it still has my old internet service provider as the provider even though I have deleted it in the internet connection options.  When I scan with hijack, etc.  I see that the provider is still on my computer even when I can't find it when I do a search on it.

At this point I am truly lost, and completely frustrated!!  Does spyware ever get to a computer so bad that it's just completely worthless to even bother anymore???

Help lol!
Who is Participating?
Lobo042399Connect With a Mentor Commented:
Hi Courtney,

In plain English, HijackThis is a very powerful tool that, if used incorrectly, can cause more damage than good to your machine. I would recommend the use of other tools and leave HijackThis alone for the moment. If you want to use it, however, before hitting the Fix button, make sure that every item in the list is something you did not install and/or you can recognize as part of the problem. If you're not sure about an item, do not check it.

Most hijackers these days are of the CWS (CoolWebSearch) type, or variations of it. A safer way to deal with most of those is by using CoolWebShredder. If that's what you meant by "Shredder" in your Question, then I would make sure that: You disabled System Restore before running it, and you ran it in Safe Mode. That can make a big difference in the result. If you did not mean CoolWebShredder, then you can download it from:

Make sure you update it before running it.

Manual removal instructions for Super Spider can be found at:

Make sure you follow them to the letter. It is a good idea to make a printout of these instructions to keep handy.

Good Vibes!


Well, it certainly sounds like you have some problems.
Since you say you've run HijackThis, could you run it and post a log file here and we'll take a look at it.
Make sure before you run it that you have the option to "show all files and folders, including hidden and system, enabled.
Also, make sure all browser windows are closed.

Good luck!
Are u using WinME\XP ??
if YES then did u ever turned off ur System Restore before cleaning ur System, and did u run all those removal tools in safemode ??
if NO then do it this time,,,,, and then check if any progress ??

Also did u use the Latest version of hijackthis, i.e 1.98.2 ??
if NO then get it from here >>
Download and run it, and save its LOG file,

Then Post that log at this site >>
and it will automatically analyse it for u,,, Fix everything which it labels as Nasty :)
To Fix, check the lines and click on Fix Checked !!

CAUTION: Before fixing the entries in hijackthis, make sure that they are really Nasty and can be deleted, better u first research for it on Google and then when u will confirm that they shud be deleted, Fix them. And whenever u run Hijackthis, run it from a New folder on ur desktop, so that in case of any problem, u can take advantages of its created backups of fixed items. And in case if u still face problems in dealing with it, just analyse ur log at the above site, and then scroll down where u will see a Save Analyse button, hit it and it will save ur Log Analysation, then copy the link of that page and paste it here, and we will check it for u :)
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

acmpConnect With a Mentor Commented:
Just because I didn't see it above...

You don't need to worry about the 'Provided by' on your IE, it's just a string in the registry and won't affect anything at all.

The value is stored at 'HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\' just edit ro delete the 'Window Title' value.

hope this offeres some peace.

Hi acmp,

I remember using that Registry Key to play a prank or two a on a friend while back. ;o)

Good Vibes!


Happy days eh!

courtneylozarAuthor Commented:
Thanks to all of you for your suggestions.  I very much appreciate it. is the log from the Hijack This scan I performed:

Running processes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\XZS0P31VFW.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TIPS] C:\PROGRA~1\MICROS~1\tips\mouse\tips.exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: TextBridge Instant Access OCR.lnk = C:\Program Files\TextBridge Classic\Bin\TBMenu.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -

NOw I followed your suggestions, and ran the programs I have in safe mode.  I also went to the suggested website to make sure the items I was thinking of deleting were "Nasty"  I deleted these nasty ones, and then restarted my computer.  I ran the Hijack this again, and they reappeared.  

Also...what is w32.HLL.Gaotc.:windows\system\system.exe  ---I have a few of these on my computer...they don't come off either.

SheharyaarSaahilConnect With a Mentor Commented:
u still need to fix these lines !!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\XZS0P31VFW.DLL
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -

and abt windows\system\system.exe, well it can be related to some trojan or worm..... so give a try to running Stinger in Safemode ==>

check if it comes up with anything or not ??
courtneylozarAuthor Commented:
Hello.  I ran the stinger, and nothing showed up.  I ran this and the hijack this in in safe mode, then restarted my computer.  Ran Hijack this again...and the ones you told me to remove are still there =/
can u see this process >> O4 - HKCU\..\Run: [romahere] C:\WINDOWS\SYSTEM\MATRIXHERE.EXE
this is the culprit one, its related to Trojan.Win32.Krepper...... did u deleted it manually from ur machine ??

if NO then check here how to get rid of it >>
Hi Courtney,

Contrary to what many believe (or try to make others believe) HijackThis is not a cure-all solution and it can cause a lot of damage if not used properly. Besides that risk, at EE we're trying to keep our databases free of the clutter caused by repeated posting of HJT Logs and are working on a general recommendation. These logs should only be posted after other solutions have been tried and then only when requested by a knowledgeable Expert. If you need it, you can get an online analysis of your HJT log at:

After that, we'll be glad to help with any other unresolved issues that may persist.

If you have identified a Trojan in your machine, you can download a 30-day trial version of Trojan Remover from:

Trojan Remover is a tool designed specifically to hunt down trojans and it's safe to use.

Good Vibes!

A nice tool that I really llike is bazooka ;) 

It's only a diagnostic tool, but that suits me perfectly. It's small and free, and they do provide info on how to remove the "pets".
I'm with Lobo

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.