Your-Searcher home page hijack help

I have a your-searcher homepage hijacker. Please help. The following is my Hijack this log

Logfile of HijackThis v1.97.7
Scan saved at 11:41:23 PM, on 5/22/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\Wintab32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\surfmonkey\smproxy.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\IEengine.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINNT\SYSTEM32\3cshtdwn.exe
C:\WINNT\SYSTEM32\3cmlink.exe
C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
C:\unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ELNKProxy] C:\WINNT\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [EarthLink Installer] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\EarthLinkTotalAccess2004\Windows\access\program files\EarthLink TotalAccess\_Setup.exe" /C
O4 - HKLM\..\Run: [3c1807pd] C:\WINNT\SYSTEM32\3cmlink.exe RunServices \Device\3cpipe-3c1807pd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [IEengine] C:\Program Files\Internet Explorer\IEengine.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: ELSBLaunch.lnk = C:\Program Files\EarthLink\spamBlocker\ELSBLaunch.exe
O4 - Global Startup: Instant Update Reminder.lnk = C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: winlogin.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - URL
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - URL
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EACD75D-6FD9-4828-90FB-B39D035760ED}: NameServer = 207.69.188.187 207.69.188.186

I have spent I don't know how many countless hours reading message boards and have heard so many different ideas for the removal of this little bastard that I am practically sick, but the good news is that I have found a solution that works and maybe this can save some one a great deal of time.
This your-searcher is an IE homepage hijacker that even when removed from the registry comes right back over and over again. Especially on restarting your computer. Here is the solution that I found that worked. I am not much of a computer whizz so please forgive me if I lack the proper terminology.
First of all, SPYBOT and Adaware were no match for this POS. It just kept coming back. You may run these after to eliminate other things, but for the your-searcher hijack it really did nothing. You can also forget Symantec finding it or Pandasoftware Anti-virus either. This is not just a IE hijacker, it is being reborn over and over again by a Trojan Virus. You must eliminate the Trojan and then wipe away the IE registry keys after.
I know you must be wanting to know how, so here is what worked for me. I first of all turned off my System Restore. This is located in the My Computer icon on the desktop and then click on the Local Disk C: , then click on the View System Information to the left of it and System Restore and then turn it off.
Now you must first go and get a program called "HijackThis 1.97.7" you can find it at URL You must get this file and intstall it. Create a file folder for the install on your desktop for it and then run it.
After you have run hijackthis, you will have a list of registry keys and .exe programs that are possible problems. Here you may delete all of the ones that have "your-searcher " listed. This will temporarily clean your IE browser and allow you to reset your homepage. Within about 30 seconds the Trojan will take it back over so you must act quickly and go open up a browser and go to URL Here you will download the Trojan Remover software. This is what found the Trojan that even Norton (symantec) and all others couldn't find and eliminate. Download it and install it. You can use the trial version to remove the Trojan. I ran it and my file infected with a Trojan was C:\WINDOWS\system32\winlogin.exe This is the Global startup winlogin.exe file that you have in your list. Trojan Remover changed the name of the file and then asked me to reboot. After rebooting I ran Hijackthis again to clear my IE one more time and this time there was no Trojan to reset it!! Thank God! Who ever created this virus should be shot!
Finally, I turned my system restore back on. You can now look for other ads with Spybot or Adaware. Good Luck!

Thanks, so much. I have spent countless hours trying to fix this problem. I did everyting you said, it worked like perfect. This thing is finally gone. Thanks!!!!!

Glad I could help!

And if you want to beat a dead horse, you can find what is left of the dead trojan in your C:/WINDOWS/System32/Winlogin.Ex$ You can now highlight this file and send it to your recycle bin and give it a proper burial. Eventhough the file is harmless, it still felt good kicking its a$$ a second time by deleting it from the recycle bin.

Thanks. You saved my machine from a size 13 shoe. Appreciate it.

I tried the steps you listed and It won't go away!!!
I run the hijacker and it finds the searcher hijack, but when I run the trojan it doesnt find any thing. PLeas help this is driving me crazy!!!!!!

If you want help I suggest you create a HijackThis log for your own computer then create a new thread in this forum, rather than replying to someone else's thread.