• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
ljm32

home search assistant+Search extender+ Shop wizard

2 posts in this topic

I have been to forums for this can not remove it, please help

 

Programs that can not be removed:

when i try and remove home search assistant+Search extender+ Shopping wizard

i receve this message:

 

//looking-for.cc/uninstall/HomeSearchAssitant.html

//looking-for.cc/uninstall/ShoppingAward.html

//looking-for.cc/uninstall/SearchExtender.html

 

i hvae downloaded Adware, Spybot search and destory, advanced uninstall pro 2004. i have removed files with regedit.exe and i have also disabled system restore+security services when implemneting all this file finding. i need help!

 

Here is a file log from adware:

7-4-2004 11:09:21 PM - Scan started. (Custom mode)

 

Listing running processes

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ThreadCreationTime : 7-5-2004 2:52:56 AM

BasePriority : Normal

 

 

#:2 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ThreadCreationTime : 7-5-2004 2:53:01 AM

BasePriority : High

 

 

#:3 [services.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-5-2004 2:53:01 AM

BasePriority : Normal

FileSize : 99 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

OriginalFilename : services.exe

ProductName : Microsoft

Created on : 8/29/2002 12:00:00 PM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 8/29/2002 12:00:00 PM

 

#:4 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-5-2004 2:53:01 AM

BasePriority : Normal

FileSize : 11 KB

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

ProductName : Microsoft

Created on : 8/29/2002 12:00:00 PM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 8/29/2002 12:00:00 PM

 

#:5 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-5-2004 2:53:02 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/29/2002 12:00:00 PM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 8/29/2002 12:00:00 PM

 

#:6 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-5-2004 2:53:02 AM

BasePriority : Normal

FileSize : 12 KB

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

ProductName : Microsoft

Created on : 8/29/2002 12:00:00 PM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 8/29/2002 12:00:00 PM

 

#:7 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-5-2004 2:53:04 AM

BasePriority : Normal

FileSize : 50 KB

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

ProductName : Microsoft

Created on : 8/29/2002 12:00:00 PM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 8/29/2002 12:00:00 PM

 

#:8 [kodakccs.exe]

FilePath : C:\WINDOWS\system32\drivers\

ThreadCreationTime : 7-5-2004 2:53:12 AM

BasePriority : Normal

FileSize : 288 KB

FileVersion : 1.1.4900.0

ProductVersion : 4.3.1.0

Copyright : Copyright © Eastman Kodak Co. 2000-2003

CompanyName : Eastman Kodak Company

FileDescription : Kodak DC Ring 3 Conduit (Win32)

InternalName : DcFsSvc.exe

OriginalFilename : DcFsSvc.exe

ProductName : Kodak DC File System Driver (Win32)

Created on : 6/18/2003 2:54:10 PM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 6/18/2003 2:54:10 PM

 

#:9 [mgabg.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-5-2004 2:53:12 AM

BasePriority : Normal

FileSize : 80 KB

FileVersion : 1.00.020

ProductVersion : 1.00.020

Copyright : Copyright Matrox

CompanyName : Matrox Graphics Inc.

FileDescription : MGABG

InternalName : MGABG

OriginalFilename : MGABG.exe

ProductName : Matrox Graphics Inc. MGABG

Created on : 3/8/2001 9:22:48 PM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 3/8/2001 9:22:48 PM

 

#:10 [navapsvc.exe]

FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\

ThreadCreationTime : 7-5-2004 2:53:12 AM

BasePriority : Normal

FileSize : 113 KB

FileVersion : 8.07.17

ProductVersion : 8.07.17

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

ProductName : Norton AntiVirus

Created on : 5/18/2004 2:17:41 AM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 2/27/2002 3:29:26 PM

 

#:11 [nprotect.exe]

FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\

ThreadCreationTime : 7-5-2004 2:53:12 AM

BasePriority : Normal

FileSize : 132 KB

FileVersion : 15.03.0.36

ProductVersion : 15.03.0.36

Copyright : Copyright © 2002 Symantec Corporation

CompanyName : Symantec Corporation

FileDescription : Norton Protection Status

InternalName : NPROTECT

OriginalFilename : NPROTECT.EXE

ProductName : Norton Utilities

Created on : 5/18/2004 2:18:32 AM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 2/5/2002 10:03:00 AM

 

#:12 [scsiaccess.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-5-2004 2:53:12 AM

BasePriority : Normal

FileSize : 177 KB

Created on : 2/4/2003 1:22:30 PM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 2/4/2003 1:22:30 PM

 

#:13 [nopdb.exe]

FilePath : C:\PROGRA~1\NORTON~1\SPEEDD~1\

ThreadCreationTime : 7-5-2004 2:53:13 AM

BasePriority : Normal

FileSize : 168 KB

FileVersion : 6.03.0.36

ProductVersion : 6.03.0.36

Copyright : Copyright © 2002

CompanyName : Symantec Corporation

FileDescription : NOPDB

InternalName : NOPDB

OriginalFilename : NOPDB.dll

ProductName : Norton Speed Disk

Created on : 5/18/2004 2:18:43 AM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 1/30/2002 10:00:00 AM

 

#:14 [explorer.exe]

FilePath : C:\WINDOWS\

ThreadCreationTime : 7-5-2004 2:56:42 AM

BasePriority : Normal

FileSize : 973 KB

FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)

ProductVersion : 6.00.2800.1221

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

OriginalFilename : EXPLORER.EXE

ProductName : Microsoft

Created on : 5/12/2003 5:12:10 AM

Last accessed : 7/5/2004 2:52:53 AM

Last modified : 5/12/2003 5:12:10 AM

 

#:15 [dvdtray.exe]

FilePath : C:\Program Files\HP CD-DVD\Umbrella\

ThreadCreationTime : 7-5-2004 2:56:44 AM

BasePriority : Normal

FileSize : 52 KB

FileVersion : 1.2

ProductVersion : 1.1

Copyright : Hewlett-Packard Company 2000-2001

CompanyName : Hewlett-Packard Company

FileDescription : HP CD Tray

InternalName : hpcdtray

OriginalFilename : hpcdtray.exe

Created on : 6/7/2003 11:07:06 PM

Last accessed : 7/5/2004 2:56:44 AM

Last modified : 12/18/2002 10:50:02 PM

 

#:16 [pdesk.exe]

FilePath : C:\WINDOWS\System32\PDesk\

ThreadCreationTime : 7-5-2004 2:56:44 AM

BasePriority : Normal

FileSize : 608 KB

FileVersion : 6.71.014

ProductVersion : 6.71.014

Copyright : Copyright © 1996-2001

CompanyName : Matrox Graphics Inc.

FileDescription : PDesk

InternalName : PDesk

OriginalFilename : PDesk.exe

ProductName : Matrox PDesk

Created on : 8/3/2001 8:37:04 PM

Last accessed : 7/5/2004 2:56:44 AM

Last modified : 8/3/2001 8:37:04 PM

 

#:17 [point32.exe]

FilePath : C:\Program Files\Microsoft Hardware\Mouse\

ThreadCreationTime : 7-5-2004 2:56:45 AM

BasePriority : Normal

FileSize : 172 KB

FileVersion : 4.10.0851.0

ProductVersion : 4.1

Copyright : Copyright © Microsoft Corp. 1983-2002

CompanyName : Microsoft Corporation

FileDescription : Microsoft IntelliPoint

InternalName : POINT32

OriginalFilename : POINT32.EXE

ProductName : Microsoft IntelliPoint

Created on : 4/11/2002 6:47:52 PM

Last accessed : 7/5/2004 2:56:45 AM

Last modified : 4/11/2002 6:47:52 PM

 

#:18 [navapw32.exe]

FilePath : C:\PROGRA~1\NORTON~1\NORTON~1\

ThreadCreationTime : 7-5-2004 2:56:45 AM

BasePriority : Normal

FileSize : 73 KB

FileVersion : 8.07.17

ProductVersion : 8.07.17

Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Agent

InternalName : NAVAPW32

OriginalFilename : NAVAPW32.EXE

ProductName : Norton AntiVirus

Created on : 5/18/2004 2:17:41 AM

Last accessed : 7/5/2004 2:56:45 AM

Last modified : 2/27/2002 3:27:58 PM

 

#:19 [cryu.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-5-2004 2:56:45 AM

BasePriority : Normal

FileSize : 26 KB

Created on : 5/20/2004 11:38:19 AM

Last accessed : 7/5/2004 2:56:45 AM

Last modified : 5/20/2004 11:38:19 AM

 

#:20 [washer.exe]

FilePath : C:\Program Files\Washer\

ThreadCreationTime : 7-5-2004 2:56:47 AM

BasePriority : Normal

FileSize : 418 KB

FileVersion : 4.7.1.3

ProductVersion : 4.7

Copyright : Copyright 1998-2002 Webroot Software, Inc.

CompanyName : Webroot Software, Inc.

FileDescription : Window Washer

ProductName : Window Washer

Created on : 1/17/2004 7:03:29 PM

Last accessed : 7/5/2004 2:56:47 AM

Last modified : 7/17/2002 9:07:04 AM

 

#:21 [crbp32.exe]

FilePath : C:\WINDOWS\system32\

ThreadCreationTime : 7-5-2004 2:57:00 AM

BasePriority : Normal

FileSize : 9 KB

Created on : 6/24/2004 2:01:22 PM

Last accessed : 7/5/2004 2:56:56 AM

Last modified : 6/24/2004 2:01:22 PM

Warning! CoolWebSearch object found in memory(C:\WINDOWS\system32\crbp32.exe)

 

CoolWebSearch Object recognized!

Type : Process

Data : crbp32.exe

Category : Malware

Comment :

Object : C:\WINDOWS\system32\

FileSize : 9 KB

Created on : 6/24/2004 2:01:22 PM

Last accessed : 7/5/2004 2:56:56 AM

Last modified : 6/24/2004 2:01:22 PM

 

 

Warning! "crbp32.exe"Process could not be terminated!

 

#:22 [lvyn.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-5-2004 2:57:04 AM

BasePriority : Normal

FileSize : 228 KB

FileVersion : 1.00

ProductVersion : 1.00

InternalName : Kern32

OriginalFilename : Kern32.exe

ProductName : Kern32

Created on : 6/24/2004 3:38:02 PM

Last accessed : 7/5/2004 2:52:59 AM

Last modified : 6/24/2004 3:38:02 PM

 

#:23 [wxhfu8bm.exe]

FilePath : C:\WINDOWS\System32\

ThreadCreationTime : 7-5-2004 2:57:05 AM

BasePriority : Normal

FileSize : 228 KB

FileVersion : 1.00

ProductVersion : 1.00

InternalName : Kern32

OriginalFilename : Kern32.exe

ProductName : Kern32

Created on : 6/24/2004 3:38:01 PM

Last accessed : 7/5/2004 2:52:59 AM

Last modified : 6/24/2004 3:38:01 PM

 

#:24 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 7-5-2004 2:57:51 AM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft

Created on : 6/7/2003 9:48:49 PM

Last accessed : 7/5/2004 2:57:54 AM

Last modified : 8/29/2002 12:00:00 PM

 

#:25 [iexplore.exe]

FilePath : C:\Program Files\Internet Explorer\

ThreadCreationTime : 7-5-2004 2:57:51 AM

BasePriority : Normal

FileSize : 89 KB

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

ProductName : Microsoft

Created on : 6/7/2003 9:48:49 PM

Last accessed : 7/5/2004 2:57:54 AM

Last modified : 8/29/2002 12:00:00 PM

 

#:26 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ThreadCreationTime : 7-5-2004 3:09:14 AM

BasePriority : Normal

FileSize : 668 KB

FileVersion : 6.0.1.181

ProductVersion : 6.0.0.0

Copyright : Copyright

CompanyName : Lavasoft Sweden

FileDescription : Ad-aware 6 core application

InternalName : Ad-aware.exe

OriginalFilename : Ad-aware.exe

ProductName : Lavasoft Ad-aware Plus

Created on : 6/28/2004 2:40:36 AM

Last accessed : 7/5/2004 2:56:53 AM

Last modified : 7/13/2003 1:00:20 AM

 

Memory scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 1

Objects found so far: 1

 

 

Started registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 1

 

 

Started deep registry scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "res://clufi.dll/index.html#96676"

Category : Malware

Comment : Possible browser hijack attempt

Rootkey : HKEY_CURRENT_USER

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "res://clufi.dll/index.html#96676"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "res://clufi.dll/index.html#96676"

Category : Malware

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Start Page

Data : "res://clufi.dll/index.html#96676"

 

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URL.dll/index.html

 

Possible Browser Hijack attempt Object recognized!

Type : RegData

Data : "res://clufi.dll/index.html#96676"

Category : Malware

Comment : Possible browser hijack attempt

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Internet Explorer\Main

Value : Default_Page_URL

Data : "res://clufi.dll/index.html#96676"

 

 

Rads01.Quadrogram Object recognized!

Type : RegValue

Data :

Category : Malware

Comment : "4Z7P7LQ29HNMPR"

Rootkey : HKEY_LOCAL_MACHINE

Object : Software\Microsoft\Windows\CurrentVersion\Run

Value : 4Z7P7LQ29HNMPR

 

 

Rads01.Quadrogram Object recognized!

Type : File

Data : kjgzwx.exe

Category : Malware

Comment :

Object : c:\windows\system32\

FileSize : 448 KB

FileVersion : 1.00

ProductVersion : 1.00

InternalName : wowex32

OriginalFilename : wowex32.exe

ProductName : wowex32

Created on : 7/4/2004 9:06:34 PM

Last accessed : 7/5/2004 2:57:02 AM

Last modified : 7/4/2004 9:06:34 PM

 

 

 

Deep registry scan result :

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 4

Objects found so far: 6

 

 

Deep scanning and examining files (C:)

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

Rads01.Quadrogram Object recognized!

Type : File

Data : irktpw.exe

Category : Malware

Comment :

Object : C:\WINDOWS\system32\

FileSize : 448 KB

FileVersion : 1.00

ProductVersion : 1.00

InternalName : wowex32

OriginalFilename : wowex32.exe

ProductName : wowex32

Created on : 7/4/2004 9:06:41 PM

Last accessed : 7/5/2004 2:57:02 AM

Last modified : 7/4/2004 9:06:41 PM

 

 

 

Rads01.Quadrogram Object recognized!

Type : File

Data : nipl9x4.exe

Category : Malware

Comment :

Object : C:\WINDOWS\system32\

FileSize : 448 KB

FileVersion : 1.00

ProductVersion : 1.00

InternalName : wowex32

OriginalFilename : wowex32.exe

ProductName : wowex32

Created on : 7/4/2004 9:06:41 PM

Last accessed : 7/5/2004 2:56:46 AM

Last modified : 7/4/2004 9:06:41 PM

 

 

 

Disk scan result for C:\

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 0

Objects found so far: 8

 

 

Performing conditional scans..

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment : You will need to restart, and scan again, to complete the removal of this item.

Rootkey : HKEY_LOCAL_MACHINE

Object : SYSTEM\CurrentControlSet\Services\__NS_Service_3

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE

 

 

CoolWebSearch Object recognized!

Type : RegKey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW

 

 

Conditional scan result:

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

New objects : 4

Objects found so far: 12

 

 

Reanalyzing scan result

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

No objects have been removed from the result list.

 

 

11:20:37 PM Scan complete

 

Summary of this scan

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Total scanning time :00:11:16:32

Objects scanned :83636

Objects identified :12

Objects ignored :0

New objects :12

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0