1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Clicksearchclick.com!!!!!!! the worst, help PLEASE!!!!!!

Discussion in 'Virus & Other Malware Removal' started by ncamocai, May 29, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. ncamocai

    ncamocai Thread Starter

    Joined:
    May 29, 2005
    Messages:
    2
    Please help with this: clicksearchclick.com the worst adware ive ever had. It keeps me redirecting to their site. www.clicksearchclick.com, and legimate links on webpages refer to their site ex: i go to download.com click on software, and the link takes me to www.cliclsearchclick.com/search=software or smth like that. Ive runned ad-aware, Spybot search and destroy, micrsoft antispyware, and no one could get rid of it. IT REALLY PISSES u OFF i can not surf the web anymore, all the time i get to the f*** clicksearchclick.com site.

    Here is the HJT log:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:58:01, on 28-05-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\dumpreg.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
    C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\WINDOWS\System32\Services\{D83CAAA7-4C44-4CCE-8374-E66574F33381}\SVCHOST.EXE
    C:\WINDOWS\System32\win32.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Archivos de programa\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
    C:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
    C:\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=19
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{D83CAAA7-4C44-4CCE-8374-E66574F33381}\SVCHOST.EXE
    O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{D83CAAA7-4C44-4CCE-8374-E66574F33381}\SECURITY.EXE
    O4 - HKLM\..\Run: [gcasServ] "C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Download All by FlashGet - C:\Archivos de programa\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - C:\Archivos de programa\FlashGet\jc_link.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\ARCHIV~1\FlashGet\flashget.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
    O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{98A7F687-A200-4AB6-9AAC-E6F80AA71DA3}: NameServer = 200.74.160.103 200.74.160.104
    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
    O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe
    O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    THANKKKKKK you!!!.
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    No anti-virus protection?
    Get AVG (it's free): http://www.grisoft.com/doc/40/lng/ww
    Install it.

    With IE closed, run Hijack This again.
    Put a checkmark on these entries and hit "fix checked":

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.clicksearchclick.com/index.php?aff=19

    O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{D83CAAA7-4C44-4CCE-8374-E66574F33381}\SVCHOST.EXE

    O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{D83CAAA7-4C44-4CCE-8374-E66574F33381}\SECURITY.EXE

    O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe

    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...Bridge-c139.cab

    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab

    O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab

    O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab

    O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll


    Boot into Safe Mode (start tapping the F8 key at Startup, before the Windows logo screen)

    Because XP will not always show you hidden files and folders by default,
    Go to Start > Search and under "More advanced search options".
    Make sure there is a check by "Search System Folders" and "Search hidden files and folders" and "Search system subfolders"

    Next click on My Computer.
    Go to Tools > Folder Options.
    Click on the View tab and make sure that "Show hidden files and folders" is checked.
    Also uncheck "Hide protected operating system files" and "Hide extensions for known file types."
    Now click "Apply to all folders"
    Click "Apply" then "OK"

    Find and delete this folder:
    C:\WINDOWS\System32\Services

    Find and delete these files:
    C:\WINDOWS\System32\win32.exe
    c:\eied_s7.cab
    c:\ex.cab
    C:\WINDOWS\System32\vbsys2.dll

    Also in safe mode navigate to the C:\Windows\Temp folder.
    Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Go to Start > Run and type %temp% in the Run box.
    The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new log.
     
  3. ncamocai

    ncamocai Thread Starter

    Joined:
    May 29, 2005
    Messages:
    2
    Well, thank you!! the problem seems fixed... apparently it was c:\windows\services, anyway here goes the new log...

    Logfile of HijackThis v1.99.1
    Scan saved at 2:22:54, on 29-05-2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\dumpreg.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe
    C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe
    C:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Archivos de programa\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cl/
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Archivos de programa\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
    O17 - HKLM\System\CCS\Services\Tcpip\..\{98A7F687-A200-4AB6-9AAC-E6F80AA71DA3}: NameServer = 200.74.160.103 200.74.160.104
    O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome. Your log is clean now. :)

    **But it's very important that you get anti-virus protection immediately!**

    *You are also due for a Windows Update. Get all that latest critical patches and service packs (SP2).*
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/366428

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice