everytime i search google, i get 3 very annoying and stupid search results. they are as follows:

Find WORLD FAMOUS NEWSPAPER COVERS on Crawler.com with Free Websearch Tools
Click here to download WebSearch Tools and search 15 engines for WORLD FAMOUS NEWSPAPER COVERS at
once now with free pop-up blocker, yellow/white pages, free games, maps, skins, cursors and
more.
http://download.websearch.com/ - 75k

Find WORLD FAMOUS NEWSPAPER COVERS With Free Websearch Tools
Click here to download WebSearch Tools and search 15 engines for WORLD FAMOUS NEWSPAPER COVERS at
once now with free pop-up blocker, yellow/white pages, free games, maps, skins, cursors and
more.
http://download.websearch.com/ - 60k

Find WORLD FAMOUS NEWSPAPER COVERS Using the Free 2020 Search Toolbar
Having trouble finding WORLD FAMOUS NEWSPAPER COVERS? Get the 2020Search toolbar and say good-bye
to those annoying pop-ups. Many other useful features such as: text highlighter, multi-search
engine, drag & drop, e-mail results and more.
http://www.2020search.com/ - 69k



these are very annoying and id like to know if this is a virus or something. thanks

probably adware - do you have Ad-aware?

yes and nothing coems up

Try getting the latest definitions with Ad-Aware, and then scan again.

You also may want to try Spybot: Searh & Destroy. ;)

you have a coolwebsearch infection.

download hijack this and cwshredder here (http://www.zerosrealm.com/downloads.php)

run cwshredder, close all browser windows and hit fix. reboot and post your hijack this log here.

good luck.

XCleaner is also very good. :)

help guys- it wont go away and no tools detect this mother! are u sure in your diagnosis? is it really the cool web search malware crap?12 scanners come up with nothing.

Use SpyBot!! Ad-Aware Sucks

Only certain people are qualified to read and give advice on your log file....posted below is an excellent place the can evaluate your log file...i have also listed how to download and operate "Hijack This"...remember do not fix anything until your log file has been analyzed by someone who knows what they are doing B)

How To post a HijackThis Log:

Download 'Hijack This!'. http://www.computercops.biz/downloads-file-328.html
Unzip (extract) it to a folder of its own , doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.

http://forum.tweakxp.com/forum/forum_posts...p?TID=4303&PN=1 (http://forum.tweakxp.com/forum/forum_posts_view.asp?TID=4303&PN=1)

Logfile of HijackThis v1.97.7
Scan saved at 4:01:29 PM, on 3/16/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\gearsec.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\COREYT~1\LOCALS~1\Temp\Rar$EX00.359\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Trojan Guarder Gold Version.lnk = C:\Program Files\Trojan Guarder Gold Version\Trojan Guarder.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09e5ccee93aa3f...ip/RdxIE601.cab (http://software-dl.real.com/09e5ccee93aa3f98e400/netzip/RdxIE601.cab)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8035.3400115741 (http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38035.3400115741)
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab (http://install.wildtangent.com/bgn/partners/aolim/install.cab)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab (http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab)








This is my log file. Maybe someone here could help me

cmon all u techies

its google and yahoo- no one can help me with this?

hello?

hhhhhh

I told you where to post already...if you did...your problem would of been fixed by now B)

Hi,
sorry, just got back. hope you are still around. it looks to me like cwshredder did it's job.

before fixing, extract the program and put hijack this in it's own folder.
rescan with hijack this and check the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll

O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09e5ccee93aa3f...ip/RdxIE601.cab

this one is optional, but if you no longer want wild tangent, fix
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...lim/install.cab

if you want to save resources, and don't need real player and quick time loaded at startup fix these:
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime.

close all browser windows, and hit fix checked.

Reboot, and let us know how it goes.

cant thank you enough, dopey. its finally gone. wtf was that anyway? none of my scanners picked it up. what was my problem?

I suspect it was mainly the cwsearch problem.

you should try and get the windows updates though. the critical patches should make you less vulnerable to these attacks.

and uninstalling the microsoft java in favor of sun java is recommended.
see the instructions here:


http://www.winnetmag.com/Article/ArticleID/38206/38206.html

spywareblaster is also a must have program.


http://www.javacoolsoftware.com/spywareblaster.html

good luck and stay safe. :)