Home Search Assistant...

By mhopeck
Aug 3, 2004
Topic Status:
Not open for further replies.
  1. I can't uninstall the Home Search Assistant and SearchExtender and Shopping Wizard...when I click to remove them from the Add/Remove Programs window, they all come up with this...

    Unable to open "http://looking-for.cc/uninstall/HomeSearchAssistant.html".

    Unable to open "http://looking-for.cc/uninstall/SearchExtender.html".

    Unable to open "http://looking-for.cc/uninstall/ShoppingWizard.html".

    I'm pretty sure these programs aren't supposed to be there because I just recently formatted the hard drive and started everything over from scratch...I just don't know where they came from or how to get rid of them. If someone could point me in the right direction, I would greatly appreciate it.

    Thanks, Matt
  2. Goalie

    Goalie Newcomer, in training Posts: 703

    edit: According to http://www.computing.net/security/wwwboard/forum/12346.html Adaware 6.0 has an update that takes care of these. Please try that first.

    I went to the pages myself... (Were you connected to the 'net when you did this?)

    http://looking-for.cc/uninstall/SearchExtender.exe

    Is a direct URL to what they claim to be the searchextender removal tool. See below first, but if that fails download these "tools" to try to fix this...

    http://looking-for.cc/uninstall/HomeSearchAssistant.exe

    For HomeSearchAssistant.

    I'm gonna save myself time, and guess the last one is

    http://looking-for.cc/uninstall/ShoppingWizard.exe

    One thing I would definately suggest is downloading Spybot Search & Destroy from security.kolla.de and Adaware 6.. both do an excellent job of hunting down and removing such things.

    Also see http://www.computing.net/security/wwwboard/forum/12346.html

    Hope this helps.
  3. mhopeck

    mhopeck Newcomer, in training Topic Starter Posts: 22

    currently, i am using both spybot - search & destroy and ad-aware, AND an additional Spyware Doctor for additional support, and so far this threat has not been tamed...
  4. Goalie

    Goalie Newcomer, in training Posts: 703

    When you use these, though, be sure you download the most recent updated definitions.

    You need to be sure you're using Spybot S&D 1.3, as 1.2 is no longer being updated. It was rather abruptly dropped, I thought... caught many of my machines unawares.

    Have you tried the uninstallers above? Judging by the questionability of the product to start with, I somewhat doubt that they'll work, but they may not be too bad of a thing to try.

    Also, what Anti-Virus are you using?
  5. mhopeck

    mhopeck Newcomer, in training Topic Starter Posts: 22

    I've been updating through the programs almost every time I use them and I use them quite frequently, and still no go on getting rid of these "things". I am using AntiVir Version 6, that I got from Majorgeeks.com as my antivirus. I was thinking about using HijackThis! or whatever that program is I've seen on most messageboards, but I don't want to ruin my computer. As far as trying the websites associated with these files, well, first I wouldn't trust it from the start just because, and second I did try the first one, and nothing happened at all. I would try again, but I'm not so sure that's a good idea. What do you think about the HijackThis! program?
  6. bubbles335

    bubbles335 Newcomer, in training

    i have the same problem. i have ad-aware 6.0 and McAfee virus scan and neither have helped. i tried the links posted to unistall the programs, but all of them failed to work. is there anything else i can do?
  7. Goalie

    Goalie Newcomer, in training Posts: 703

    1. Be sure your adaware definitions are up to date.

    2. Have you tried Spybot Search & Destroy? It does a good job, and is a compliment to Adaware.

    3. If all else fails, get Hijack this from the web, and post your log here, we'll try to help you.

    PS- Welcome to Techspot!! :wave:
  8. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  9. bubbles335

    bubbles335 Newcomer, in training

    I have run Ad-aware, CWShredder and Spybot.
    this is my hijackthis log:

    Logfile of HijackThis v1.98.2
    Scan saved at 2:59:04 PM, on 08/09/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
    C:\WINDOWS\D3IV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HIDSERV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
    C:\WINDOWS\NETZV32.EXE
    C:\WINDOWS\SYSTEM\CWMCWI.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\WINDOWS\SYSTEM\LOXIL.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSFTSN.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\MY DOWNLOAD FILES\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    F1 - win.ini: run=hpfsched
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Class - {B2A5EACF-0437-872B-EC15-4F5DA5CE403A} - C:\WINDOWS\SYSTEM\NETFS.DLL
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
    O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
    O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [NETZV32.EXE] C:\WINDOWS\NETZV32.EXE
    O4 - HKLM\..\Run: [qdhbujasht] C:\WINDOWS\SYSTEM\cwmcwi.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
    O4 - HKLM\..\RunServices: [D3IV.EXE] C:\WINDOWS\D3IV.EXE
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
    O4 - HKCU\..\Run: [Vaje] C:\WINDOWS\SYSTEM\loxil.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - User Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
    O4 - User Startup: PowerReg Scheduler V3.exe
    O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
    O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
    O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
    O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/28881e28f40c0047e400/netzip/RdxIE601.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
    O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
    O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
  10. Goalie

    Goalie Newcomer, in training Posts: 703

    You need to end the following processes first:
    C:\WINDOWS\SYSTEM\LOXIL.EXE
    C:\WINDOWS\NETZV32.EXE
    C:\WINDOWS\SYSTEM\CWMCWI.EXE
    C:\WINDOWS\D3IV.EXE

    Then fix the following entries:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\jtduj.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O4 - HKLM\..\Run: [qdhbujasht] C:\WINDOWS\SYSTEM\cwmcwi.exe
    O4 - HKLM\..\RunServices: [D3IV.EXE] C:\WINDOWS\D3IV.EXE
    O4 - HKCU\..\Run: [Vaje] C:\WINDOWS\SYSTEM\loxil.exe
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

    I also see the netzv32. If you use NetZero for an ISP, I would leave it. Otherwise, I would consider removing this entry as well. A google for that file got NOTHING.

    Hope this helps.
  11. pkmann

    pkmann Newcomer, in training

    I hope someone can help me, I can not use the search button from my address bar. Each time I try the window opens, I have the customize option which does nothing, and the window is blank.
    What can I do?
  12. Flaxen

    Flaxen Newcomer, in training

  13. dropjaw83

    dropjaw83 Newcomer, in training

    help me

    here is my log for hijack this...someone please tell me what i need to get rid of and how to do it...i've been struggling with my computer for 2 weeks now

    Attached Files:

     
  14. hurleybrother

    hurleybrother Newcomer, in training

    Help me..

    Hey, i think i got rid of home search by running those programs. But search extender and search revelency are still in my add/remove programs list.

    Any way i can delete them?

    Heres my nice clean log...attached at bottom

    Well i hope you guys can help me fix this crap.

    And by the way. My homepage is google, i got home search to stop showing up but i still have search extender and search revelency but i get the "only the best" pop-ups still. puke:

    My homepage keeps going back to about:blank

    Attached Files:

  15. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Get rid of these as well:
    C:\WINDOWS\system32\ipgv32.exe
    C:\WINDOWS\system32\sysyk32.exe

    O2 - BHO: (no name) - {D729152E-DC8A-1818-A137-A22D8D05AA26} - C:\WINDOWS\system32\appms32.dll
    O4 - HKLM\..\Run: [sysyk32.exe] C:\WINDOWS\system32\sysyk32.exe
    O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
    O15 - Trusted Zone: *.frame.crazywinnings.com
  16. geoffworks76

    geoffworks76 Newcomer, in training

    please help!!!!!!!!!!!!!!!

    got hit by the home search assistant. have no idea how to get rid of it and have tried nothing thus far...two days now. please help! here's my hijackthis log!

    Attached Files:

  17. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Please redo and copy it as hjt.txt
    Thank you
  18. geoffworks76

    geoffworks76 Newcomer, in training

    re: hijackthis log...

    here is the log.
  19. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    geoffworks76

    Platform: Windows 2000 SP2 (WinNT 5.00.2195)
    You should really update your W2000 to SP4.

    Uninstall this junk:
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

    Let HJT fix these:
    C:\WINNT\msac.exe
    C:\WINNT\atlly.exe
    C:\Documents and Settings\Administrator\Application Data\uhct.exe
    C:\WINNT\System32\l?***.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\lelyy.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\lelyy.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\lelyy.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\lelyy.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\lelyy.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\lelyy.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\lelyy.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {766A46B0-7120-19A8-47E6-092E66C96EB7} - C:\WINNT\atlxj32.dll
    O4 - HKLM\..\Run: [atlly.exe] C:\WINNT\atlly.exe
    O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
    O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
    O4 - HKCU\..\Run: [Ltcu] C:\Documents and Settings\Administrator\Application Data\uhct.exe
    O4 - HKCU\..\Run: [Hymrwma] C:\WINNT\System32\l?***.exe
    O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.awmdabest.com
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.frame.crazywinnings.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.static.topconverting.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O16 - DPF: DigiChat Applet - http://vdo-lax-002.cnshosting.net/DigiChat/DigiClasses/Client_IE_5_0_1_3.cab
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/download/tgctlcm.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gateway.com/support/profiler//PCPitStop.CAB
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nebefflc.exe
    O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://008i.com/pic//28129.chm::/open.exe
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...b743482bfaec:0a002003c3f6d5950937c6314a45eb37
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_adult.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/149a2ee102396ead1223/netzip/RdxIE601.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.infuzer.com/IDC/client/player/isetup.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
    O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
  20. hurleybrother

    hurleybrother Newcomer, in training

    Help

    Okay, heres my log. You guys told me to remove...

    "Get rid of these as well:
    C:\WINDOWS\system32\ipgv32.exe
    C:\WINDOWS\system32\sysyk32.exe"


    I went under msconfig and went to startup and de-checked those items. Also went under running processes and stopped them. Then cleared all the suspicious stuff and the stuff you told me from my HiJackThis. I pulled the plug on my computer. But when i turned it back on, i still had the crap. And i went under msconfig, and another suspicious .exe was running this time, they were different everytime i restarted, like..sdkws32.exe, sysyk32.exe, is there anyway of deleted those processes from that window too?

    Ill keep my computer on til about 9' tonight. So if you could just get back me me on what i need to do.

    :chef:

    heres my log.

    I already know to delete the repeating HKCO and HKLM, but they come back.

    help me please!

    I just ran aboutbuster. if that makes any difference....
    heres yet another log...

    Attached Files:

  21. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Hurleybrother,

    if you can't be bothered to install any antivirus program, don't expect me to help you clean up your mess.
  22. hurleybrother

    hurleybrother Newcomer, in training

    People...

    You got problems with home search???

    Download AVG FREE, works great!
  23. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

  24. hurleybrother

    hurleybrother Newcomer, in training

    Avg Scan

    From now on, you should tell people to do the AVG Scan, nothing with HJT or anything, it works great, just examaine the found viruses, then delete them if possible. maybe even google the names if you have to. Thats'll all what i stopped all the virusesd processes, ran AVG, and its gone. 1 try..
  25. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    I doubt that, show us your Hijackthis file.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.