windowws.cc home page

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Phoenix1

Thread Starter
Joined
Sep 3, 2004
Messages
2
I have been hijacked by the windowws.cc virus? My home page keeps getting set to this and pop ups keep jumping up. I have run hijack this to show you the problem. Do you have a course of action for this? Thanks

Logfile of HijackThis v1.97.7
Scan saved at 5:48:16 PM, on 9/03/04
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\sg21f36a09uwu.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\highjackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://super-spider.com/sp.htm?id=191
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://super-spider.com/sp.htm?id=191
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://super-spider.com/sp.htm?id=191
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowws.cc/hp.htm?id=191
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.kaltire.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.vdcu.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://super-spider.com/sp.htm?id=191
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mybc.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by telus.net®
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.nhl.com/
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\21bx722aku7.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [winmain] winmain.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Network Security Guard] C:\WINDOWS\System32\sg21f36a09uwu.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.mybc.com
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {42F2D240-B23C-11D6-8C73-70A05DC10000} - http://63.217.31.12/dial6/058439ca.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37952.6719444444
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
CoolWebSearch.control is a browser hijacker redirecting your browser to www.search2004.net, www.windowws.cc and super-spider.com. Another sign of CoolWebSearch.control running on your computer is a non-working Windows Control Panel if you are running Windows 95/98/ME. CoolWebSearch.control replaces the legitimate control panel file (%WinDir%\control.exe) with its own file.

Detection
Bazooka Adware and Spyware Scanner (http://www.kephyr.com/spywarescanner/index.html) detects CoolWebSearch.control. Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and other potentially unwanted applications. Read more »

Manual removal
Please follow the instructions below if you would like to remove CoolWebSearch.control manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail if one single item is not deleted. If CoolWebSearch.control remains on your system after stepping through the removal instructions, please double-check by stepping through them again.
Start the registry editor. This is done by clicking Start then Run. (The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
Browse to the key:
'HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
In the right pane, delete the value called 'Windows Control', if it exists.
Exit the registry editor.
Restart your computer.
If you are running Windows NT/2000/XP, Start Windows Explorer and delete:
%WinDir%\control.exe
If you are running Windows 95/98/ME, use the System File Checker Tool to recover the Windows Control Panel (%WinDir%\control.exe) from the Windows Setup CD.
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Start Microsoft Internet Explorer.
In Internet Explorer, click Tools -> Internet Options.
Click the Programs tab -> Reset Web Settings
 

Phoenix1

Thread Starter
Joined
Sep 3, 2004
Messages
2
Thanks Cheesball, for one second I thought that fixed it, but as soon as I was on the internet, windowws.cc was back as my home page address, there were links added in my favorites and spyware ads popped up all over. I followed your directions three times. no luck.

Anything I still may be missing here.

Phoneix1
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top