Jump to content


Photo

CoolWebSearch Hijack


  • Please log in to reply
1 reply to this topic

#1 kingofbeers1876

kingofbeers1876

    Member

  • New Member
  • Pip
  • 1 posts

Posted 09 July 2004 - 11:09 AM

I've been trying to get rid of this hijack with no luck. Any help would be appreciated.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VetMsgNT.exe
C:\WINDOWS\system32\ieed.exe
C:\WINDOWS\mszu.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\David\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yiysq.dll/sp.html#44272
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://yiysq.dll/index.html#44272
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://yiysq.dll/index.html#44272
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yiysq.dll/sp.html#44272
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://yiysq.dll/index.html#44272
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yiysq.dll/sp.html#44272
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\goldend\prefs.js)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1of6vaes.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\1of6vaes.slt\prefs.js)
O2 - BHO: (no name) - {13AF610F-11F9-1AF3-779B-C19B937033C0} - C:\WINDOWS\appdg.dll
O4 - HKLM\..\Run: [ieed.exe] C:\WINDOWS\system32\ieed.exe
O4 - HKLM\..\RunOnce: [mszu.exe] C:\WINDOWS\mszu.exe
O4 - HKLM\..\RunOnce: [ipys.exe] C:\WINDOWS\ipys.exe
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.ma...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B77E68E9-1A05-413A-8703-2EBBA97BB929}: NameServer = 206.141.193.55 206.141.192.60

#2 Guest_SirJon_*

Guest_SirJon_*
  • Guests

Posted 09 July 2004 - 11:40 AM

1. Go to Add/Remove programs, uninstall any toolbars or any strange freeware programs you don't recognize. Be connected to the Internet.

2. Run your antivirus program and scan your entire C:\drive in Safe Mode. Get the latest update files first! If you don't have one, get one.
http://www.grisoft.c...s_dwnl_free.php
http://www.avast.com/i_idt_153.html
http://www.free-av.com/

3. Run Ad-aware in Safe Mode, then run HJT again and post your new log here for review.
http://service1.syma...src=sec_doc_nam




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button