Despite a plethora of updated AV/Adaware/Antimalware (Mcafee, MS Security Essentials, Windows Washer, Hijackthis, Adaware, CCleaner, Advanced Registy Optimiser etc.) defences and cleaning scans/washes, switching off IE From autocomplete etc. on mp XP SP3 PC - something untraceable keeps adding the same 4 url entries into the Registry key MyComputer/HKEY_Current_User/Software/Microsoft/InternetExplorer/TypedURLS and two Chinese shortcuts on the desktop. Deleting them through RegEdit, then purging and rebooting etc. does not stop reoccurence. I cannot identify what process or file is causing this or figure out how on earth this infection occured or how to get rid of it. The urls concerned are www.: 5050.cn; baidu.com/s?tn =openssl_dg; sogou.com/index.htm?pid=sogou-addr3dac09e434797862 and pindao.huoban.taobao.com/channel/onSale.htm?pid=mm_17297392_2279105_8864797 Nothing can be found via Google searches on this and I cannot believe I am the only one with this problem whcih seems to be able to by-pass all know security tools. Can anyone help as this represents a major penetration weakness to me and I have tried everything to get rid of it? Many thanks.1 person needs an answerI do too

1. You didn’t mention MBAM in your post above. I suggest you download, install and run the free Malwarebytes' Anti-Malware fromhttp://www.malwarebytes.org/ 2. Also, did you interpret the HiJackthis log or did you post it at a malware site. The reason I ask is that I suspect it should have been picked up as an 01 redirection entry. You could look through the the Hosts file, which is normally located at C:\Windows\System32\Drivers\etc\ If it is not there, look for its location in registry key HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath.If the file is read only, right-click it > Properties and remove the check mark. Make a backup copy of it, then using Notepad change its contents and save it (not as a .txt file, i.e. it has no extension).A line beginning 127.0.0.1 stops access, so don’t remove entries like 127.0.0.1 MalwareWebSite.com as they help to protect the system from accessing malware sites. However, if you see entries with legitimate names like 127.0.0.1 bbc.co.uk or 127.0.0.1 ibm.com, you should remove them, as malware is trying to block access to them (using 127.0.0.1) or, more normally, redirecting them to another website (using n.n.n.n). The immunisation feature of programs like Spybot add the malicious websites to the Hosts file.

Thanks again. Just tried that. After reboot nothing rewritten to typedurls, but as soon as I loaded my IE homepage (Virgin) with Addons disabled and then refreshed RegEdit by hitting F5, the offending entries reappeared in typedurls! So there you have it - as soon as I launch IE that's when it happens despite all my AV/malware etc. defences!!!!

Please post any/all further follow-up in replies to your original thread: http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/8cd68f02-e191-43c2-9227-6d5dd6fe263a