Home Search Assistant Removal Guide
I am posting as per instructed to help identify the service, if any.
Refer to attachments
I got to Step 4
a) I did not see one of the bogus services listed in step 4
b) I ran step 4 in Safe Mode - still nothing
c) I downloaded "Get Active Services" and ran in Normal Mode.
No known bogus files.
See Active List attached.
d) I ran HJT, config, misc tools etc. none of the bogus files appeared under "Enumerating Windows NT/2000/XP services"
Let me know if you want the startuplist log from HJT after i did the config thing
thanks!
Refer to attachments
I got to Step 4
a) I did not see one of the bogus services listed in step 4
b) I ran step 4 in Safe Mode - still nothing
c) I downloaded "Get Active Services" and ran in Normal Mode.
No known bogus files.
See Active List attached.
d) I ran HJT, config, misc tools etc. none of the bogus files appeared under "Enumerating Windows NT/2000/XP services"
Let me know if you want the startuplist log from HJT after i did the config thing
thanks!
0
This discussion has been closed.
Comments
attached: HJT log
(if this is the wrong document can you give this newbie some specific instructions?)
thanks!
b
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://coolsearch.biz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\exsgi.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://coolsearch.biz
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\exsgi.dll/sp.html#29126
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\exsgi.dll/sp.html#29126
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E09E50A9-C957-586A-F4AB-55E38F81CBDB} - C:\WINDOWS\system32\crrp.dll
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.iframe.biz
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.newiframe.biz
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.pizdato.biz
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sp2****ed.biz
O15 - Trusted Zone: *.vse-moe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.com/down/release/PlaxoInstall.cab
fix those entries then find and delete the following files:
C:\WINDOWS\system32\exsgi.dll
C:\WINDOWS\system32\crrp.dll
Then pull the plug on you computer and post a new log.
Also, do not reboot normally or use Internet Explorer (use Mozilla or Firefox instead) until I say your log is okay.
then find and delete the following files:
C:\WINDOWS\system32\exsgi.dll
C:\WINDOWS\system32\crrp.dll
DONE
Then pull the plug on you computer and post a new log.
See Attached Log
Also, do not reboot normally or use Internet Explorer (use Mozilla or Firefox instead) until I say your log is okay.[/QUOTE]Already removed IE and downloaded Firefox
thanks!
bryan
Fix that entry then find and delete MyIE.dll, reboot and post a new log.
I fixed MyIE.dll, but the file was not deleted as I was unable to find it.
thanks very much for all your help.
b