1
   

Coolwebsearch, yoursearch hijack..please help..thanks

Forums: Internet
Email this Topic Print this Page
 
 
IaoKim
 
Reply Tue 20 Jul, 2004 01:49 pm
I've had this problem for several weeks, just recently found this site and i've gone through the standard suggestions in the yuckware check here first threat twice already and i'm still getting the same inetkw.dll error messages etc. Also interesting to note that when I tried to run CW Shredder I got a message saying "variant of the coolwebsearch trojan (CWS.Smartsearch.2)" etc After that it attempts to run but it keeps crashing halfway through. Heres my hack this log....... thanks for your help, you people are a life saver!

Logfile of HijackThis v1.97.7
Scan saved at 3:47:33 PM, on 7/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\sdkxr.exe
C:\PROGRA~1\INTERN~2\inetmgr.exe
C:\WINDOWS\System32\cvss.exe
C:\WINDOWS\system32\atlzg32.exe
C:\PROGRA~1\INTERN~2\inetsvc.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Uvfc7sZ.exe
C:\WINDOWS\System32\Diu2hOY.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Christina\Desktop\HijackThis.exe
C:\WINDOWS\System32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://your-searcher.com/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allaboutsearching.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vktsk.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vktsk.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vktsk.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vktsk.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://your-searcher.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://your-searcher.com/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = res://vydyw.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - (no file)
O2 - BHO: (no name) - {0DD6CC69-5395-A956-5AE5-C69B4D006EC2} - C:\WINDOWS\system32\crid32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [2P6WFAX43ZHE7C] C:\WINDOWS\System32\Pcwb4iJR.exe
O4 - HKLM\..\Run: [atlzg32.exe] C:\WINDOWS\system32\atlzg32.exe
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe -invisible
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [srsdpiau] C:\WINDOWS\System32\srsdpiau.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QkMwR4L1] C:\documents and settings\christina\local settings\temp\QkMwR4L1.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [kssvcw] C:\WINDOWS\System32\kssvcw.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [IEDriver] C:\WINDOWS\System32\IEDriver\IEDriver.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [GpUPTem] C:\documents and settings\christina\local settings\temp\GpUPTem.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DDCActiveMenu] "C:\Program Files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe" -boot
O4 - HKLM\..\Run: [ctrlhh] C:\WINDOWS\System32\ctrlhh.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Bait film] C:\PROGRA~1\Aim keep move\BITSBAGS.exe
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [AutoLoader7F5e1ZbVadaX] "C:\WINDOWS\System32\jganinst.exe"
O4 - HKLM\..\Run: [apitg32.exe] C:\WINDOWS\system32\apitg32.exe
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [7smU3te] jganinst.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [wmpcd361u.exe] "C:\WINDOWS\System32\wmpcd361u.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [MProcessor] "C:\Program Files\\MProcessor\mprocessor.exe"
O4 - HKCU\..\Run: [MB58RjK5l] jscpmsg.exe
O4 - HKCU\..\Run: [ltimg11n739f.exe] "C:\WINDOWS\System32\ltimg11n739f.exe"
O4 - HKCU\..\Run: [fxsext32150l.exe] "C:\WINDOWS\System32\fxsext32150l.exe"
O4 - HKCU\..\Run: [fontext313u.exe] "C:\WINDOWS\System32\fontext313u.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKLM\..\RunOnce: [appig.exe] C:\WINDOWS\appig.exe
O4 - HKLM\..\RunOnce: [sysng32.exe] C:\WINDOWS\system32\sysng32.exe
O4 - HKLM\..\RunOnce: [d3fx32.exe] C:\WINDOWS\d3fx32.exe
O4 - HKLM\..\RunOnce: [atlrc32.exe] C:\WINDOWS\atlrc32.exe
O4 - HKLM\..\RunOnce: [nettx.exe] C:\WINDOWS\nettx.exe
O4 - HKLM\..\RunOnce: [crlx32.exe] C:\WINDOWS\system32\crlx32.exe
O4 - HKLM\..\RunOnce: [netnp.exe] C:\WINDOWS\netnp.exe
O4 - HKLM\..\RunOnce: [sysyu.exe] C:\WINDOWS\sysyu.exe
O4 - HKLM\..\RunOnce: [mspt.exe] C:\WINDOWS\system32\mspt.exe
O4 - HKLM\..\RunOnce: [netfg.exe] C:\WINDOWS\system32\netfg.exe
O4 - HKLM\..\RunOnce: [crnb32.exe] C:\WINDOWS\system32\crnb32.exe
O4 - HKLM\..\RunOnce: [wineo32.exe] C:\WINDOWS\system32\wineo32.exe
O4 - HKLM\..\RunOnce: [atlnl.exe] C:\WINDOWS\atlnl.exe
O4 - HKLM\..\RunOnce: [mskf.exe] C:\WINDOWS\mskf.exe
O4 - HKLM\..\RunOnce: [appej.exe] C:\WINDOWS\system32\appej.exe
O4 - HKLM\..\RunOnce: [addmm32.exe] C:\WINDOWS\addmm32.exe
O4 - HKLM\..\RunOnce: [atlee32.exe] C:\WINDOWS\system32\atlee32.exe
O4 - HKLM\..\RunOnce: [winqq32.exe] C:\WINDOWS\winqq32.exe
O4 - HKLM\..\RunOnce: [ipsw.exe] C:\WINDOWS\system32\ipsw.exe
O4 - HKLM\..\RunOnce: [ipvw32.exe] C:\WINDOWS\system32\ipvw32.exe
O4 - HKLM\..\RunOnce: [crdl.exe] C:\WINDOWS\system32\crdl.exe
O4 - HKLM\..\RunOnce: [apifu32.exe] C:\WINDOWS\apifu32.exe
O4 - HKLM\..\RunOnce: [ieqh32.exe] C:\WINDOWS\system32\ieqh32.exe
O4 - HKLM\..\RunOnce: [netih.exe] C:\WINDOWS\system32\netih.exe
O4 - HKLM\..\RunOnce: [crrc32.exe] C:\WINDOWS\system32\crrc32.exe
O4 - HKLM\..\RunOnce: [winew32.exe] C:\WINDOWS\system32\winew32.exe
O4 - HKLM\..\RunOnce: [atlkw.exe] C:\WINDOWS\system32\atlkw.exe
O4 - HKLM\..\RunOnce: [ntod32.exe] C:\WINDOWS\ntod32.exe
O4 - HKLM\..\RunOnce: [nthg.exe] C:\WINDOWS\system32\nthg.exe
O4 - HKLM\..\RunOnce: [sdkxe32.exe] C:\WINDOWS\sdkxe32.exe
O4 - HKLM\..\RunOnce: [addgn.exe] C:\WINDOWS\addgn.exe
O4 - HKLM\..\RunOnce: [netoa.exe] C:\WINDOWS\netoa.exe
O4 - HKLM\..\RunOnce: [sdkcg32.exe] C:\WINDOWS\sdkcg32.exe
O4 - HKLM\..\RunOnce: [addxp32.exe] C:\WINDOWS\addxp32.exe
O4 - HKLM\..\RunOnce: [msri.exe] C:\WINDOWS\system32\msri.exe
O4 - HKLM\..\RunOnce: [sysew.exe] C:\WINDOWS\sysew.exe
O4 - HKLM\..\RunOnce: [msyr.exe] C:\WINDOWS\msyr.exe
O4 - HKLM\..\RunOnce: [ntam.exe] C:\WINDOWS\ntam.exe
O4 - HKLM\..\RunOnce: [appzm.exe] C:\WINDOWS\appzm.exe
O4 - HKLM\..\RunOnce: [javaee.exe] C:\WINDOWS\javaee.exe
O4 - HKLM\..\RunOnce: [d3so.exe] C:\WINDOWS\system32\d3so.exe
O4 - HKLM\..\RunOnce: [mfcsw32.exe] C:\WINDOWS\mfcsw32.exe
O4 - HKLM\..\RunOnce: [ienw32.exe] C:\WINDOWS\system32\ienw32.exe
O4 - HKLM\..\RunOnce: [atlwq.exe] C:\WINDOWS\atlwq.exe
O4 - HKLM\..\RunOnce: [appet32.exe] C:\WINDOWS\system32\appet32.exe
O4 - HKLM\..\RunOnce: [sysfo.exe] C:\WINDOWS\system32\sysfo.exe
O4 - HKLM\..\RunOnce: [sdkxr.exe] C:\WINDOWS\system32\sdkxr.exe
O4 - HKLM\..\RunOnce: [appto32.exe] C:\WINDOWS\system32\appto32.exe
O4 - HKLM\..\RunOnce: [sdkid32.exe] C:\WINDOWS\system32\sdkid32.exe
O4 - HKLM\..\RunOnce: [ipvd32.exe] C:\WINDOWS\ipvd32.exe
O4 - HKLM\..\RunOnce: [ieaj32.exe] C:\WINDOWS\system32\ieaj32.exe
O4 - HKLM\..\RunOnce: [iewq.exe] C:\WINDOWS\system32\iewq.exe
O4 - HKLM\..\RunOnce: [ipzy32.exe] C:\WINDOWS\system32\ipzy32.exe
O4 - HKLM\..\RunOnce: [sdkck32.exe] C:\WINDOWS\sdkck32.exe
O4 - HKLM\..\RunOnce: [syswk32.exe] C:\WINDOWS\system32\syswk32.exe
O4 - HKLM\..\RunOnce: [ntit.exe] C:\WINDOWS\ntit.exe
O4 - HKLM\..\RunOnce: [javahy32.exe] C:\WINDOWS\system32\javahy32.exe
O4 - HKLM\..\RunOnce: [d3fa32.exe] C:\WINDOWS\d3fa32.exe
O4 - HKLM\..\RunOnce: [adddq32.exe] C:\WINDOWS\adddq32.exe
O4 - HKLM\..\RunOnce: [apizu32.exe] C:\WINDOWS\apizu32.exe
O4 - HKLM\..\RunOnce: [atlwx.exe] C:\WINDOWS\atlwx.exe
O4 - HKLM\..\RunOnce: [appvm.exe] C:\WINDOWS\appvm.exe
O4 - HKLM\..\RunOnce: [adddj.exe] C:\WINDOWS\adddj.exe
O4 - HKLM\..\RunOnce: [d3qd32.exe] C:\WINDOWS\system32\d3qd32.exe
O4 - HKLM\..\RunOnce: [crdm.exe] C:\WINDOWS\crdm.exe
O4 - HKLM\..\RunOnce: [iezh.exe] C:\WINDOWS\system32\iezh.exe
O4 - HKLM\..\RunOnce: [msfa.exe] C:\WINDOWS\msfa.exe
O4 - HKLM\..\RunOnce: [sysuq32.exe] C:\WINDOWS\system32\sysuq32.exe
O4 - HKLM\..\RunOnce: [d3zo.exe] C:\WINDOWS\system32\d3zo.exe
O4 - HKLM\..\RunOnce: [winjb32.exe] C:\WINDOWS\winjb32.exe
O4 - HKLM\..\RunOnce: [atlna32.exe] C:\WINDOWS\atlna32.exe
O4 - HKLM\..\RunOnce: [atlss32.exe] C:\WINDOWS\atlss32.exe
O4 - HKLM\..\RunOnce: [netqp32.exe] C:\WINDOWS\system32\netqp32.exe
O4 - HKLM\..\RunOnce: [crxi.exe] C:\WINDOWS\crxi.exe
O4 - HKLM\..\RunOnce: [mfcqn.exe] C:\WINDOWS\mfcqn.exe
O4 - HKLM\..\RunOnce: [javawh.exe] C:\WINDOWS\system32\javawh.exe
O4 - HKLM\..\RunOnce: [applj32.exe] C:\WINDOWS\system32\applj32.exe
O4 - HKLM\..\RunOnce: [mfclz32.exe] C:\WINDOWS\system32\mfclz32.exe
O4 - HKLM\..\RunOnce: [mfcxa.exe] C:\WINDOWS\system32\mfcxa.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKLM\..\RunOnce: [netlv.exe] C:\WINDOWS\netlv.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/108664f93787cbb05e22/netzip/RdxIE601.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37783.4048263889
O16 - DPF: {ABD45F35-2E4C-44C0-A075-6EF1DE75398E} (accel Class) - http://www.riversoftware.net/x0ff.cab
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://www.movie-browser.com/tl4000.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.0.2041/bin/imvid.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (&Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/ym/yiebio5_1_5_0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 3,787 • Replies: 2
No top replies

 
HJThis
 
  1  
Reply Fri 23 Jul, 2004 11:55 am
Hello,IaoKim

Well you have a # of problems here

you have a Peper infection

Download the removal tool :
http://computercops.us/downloads-file-330.html or
http://downloads.subratam.org/PeperFix.exe

BE ONLINE WHEN RUNNING IT and let it have access to pass the firewall.

you should run this twice with a reboot in between.

once you do that

please download
HijackThis
Download then save the file/install to a new folder called HijackThis or something similar, not your Desktop or the Temp folder, and double click on the "HijackThis" icon.
and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and then repost a logfile


make sure to remove/uninstall the Ver, of HJT you are running
& install this Ver, 198

HGD Very Happy
0 Replies
 
vicooty
 
  1  
Reply Tue 12 Oct, 2004 10:40 am
yoursearch search page removal
to remove yoursearch do the following in the order shown
1. use taskmanager to remove ieeng.exe from memory
2. use control panel- internet options to change site to your choice
3. delete file c:\programfiles\internet explorer\ieeng.exe
4. run regedit and search for and delete all entries mentioning yoursearch and ieeng.exe
5. run cwshredder
0 Replies
 
 

Related Topics

Obama Promotes Making the Internet a Utility - Discussion by engineer
YouTube Is Doomed - Discussion by Shapeless
So I just joined Facebook.... - Discussion by DrewDad
Tracking and revealing the trolls....ok or not? - Question by dlowan
You are calling Congress about SOPA today, right? - Discussion by maxdancona
Internet disinformation overload - Discussion by rosborne979
Participatory Democracy Online - Discussion by wandeljw
OpenDNS and net neutrality - Question by Butrflynet
Are you for or against net neutrality, and why? - Discussion by Pronounce
Internet Explorer 8? - Question by Pitter
Blizzard Forum Says You Must Use Real Names ... - Discussion by jespah
 
  1. Forums
  2. » Coolwebsearch, yoursearch hijack..please help..thanks
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.04 seconds on 01/11/2025 at 11:40:06