CooolWebSearch & Home Search Assistent still exists

By wickedfunlady ยท 4 replies
Feb 10, 2005
  1. Hi,
    After running all the tools indicated on the "how to remove" post, prob still existed.
    Attached is current hjt file.
    Also, any suggestions to help prevent this again? lol, hubby is not familiar with how to determine if a search result from google is legit so this is the 2nd time I've had to do this on 2 home pc's

    Thanks in advance!
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You should get SP4 and install that. Your W2K will run smoother after that.
    Next, stop using IE, install Firefox from and use that exclusively.
    Use IE ONLY for Windows-updates.

    Boot in Safe Mode
    Run Spybot again and let it IMMUNIZE your files, takes only a few seconds.
    Press ctrl/alt/del and in Taskmanager try to STOP:

    Decide what you want to do with this program. You should NOT have it running all the time:
    C:\Program Files\pcANYWHERE\awhost32.exe
    Either STOP the process, or change settings to only start when YOU need it.

    Next, run Hijackthis on its own and let it 'fix' (if still there):
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\uomdv.dll/sp.html#28129
    --->> there could be two files, one of them: sp.html <<---
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\gvxoc.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\gvxoc.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\uomdv.dll/sp.html#28129
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\gvxoc.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\gvxoc.dll/sp.html#28129
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\gvxoc.dll/sp.html#28129
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =;;;
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {9D869910-F044-4661-4B01-57F9883F0DAA} - C:\WINNT\system32\winwm.dll
    O4 - HKLM\..\Run: [sdkvh.exe] C:\WINNT\system32\sdkvh.exe
    O4 - HKLM\..\Run: [56.tmp] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\56.tmp.exe 1 28129
    O4 - HKLM\..\Run: [tibs5] C:\WINNT\System32\tibs5.exe
    O4 - HKLM\..\Run: [56.tmp.exe] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\56.tmp.exe 1 28129
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O15 - Trusted Zone: *
    O15 - Trusted Zone: * (HKLM)
    O23 - Service: pcANYWHERE Host Service - Symantec Corporation - C:\Program Files\pcANYWHERE\awhost32.exe <<== YOU DECIDE ==
    O23 - Service: Remote Procedure Call (RPC) Helper - Unknown - C:\WINNT\system32\mfcmu32.exe (file missing)

    When done, delete the bold files. When a directory is also bold, delete everything in it, including that directory itself.

    Clean everything in your Temp directory, your temp. internet files, all your cookies etc.
    Boot back in normal.
  3. wickedfunlady

    wickedfunlady TS Rookie Topic Starter

    Hello, Thanks for the info, but after performing all the tasks described below, prob still persists.
    At this point, is there any suggested software to purchase (I hate buying them since I am a deskside tech)?

    again, I truly appreciate your help!
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    There are good freebies at
    SpywareBlaster and SpywareGuard.
    Lots of good things are said about Pestpatrol from ($30)

    But there is no single program yet that can protect you, only YOUR diligence.

    Show us a fresh HJT-log, perhaps something was overlooked?
  5. Eigfrost

    Eigfrost TS Rookie Posts: 21

Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...