A search Assistant has installed itself in my computer. I have tried to go to 'add/remove programs' and I can see it but when I try and remove it a box comes up saying 'Unistall failed', is they any other way of getting rid of it.

Thanks

RG
Take a look at the 'sticky' FAQ's. There's a guide to removing all sorts of scum from your 'putor.

Thanks,

but 'and there is always a but' I followed all of the advice, went to trend and did a virus scan then installed Spyware Doctor and scaned with that, but this bloody thing has taken over my browser, so every time I open it the address is 'about blank' and the webpage is a 'search for' all sorts of Sh@t, that I have no interest in. (apart from bigger gonads!)

Any help would be great as it is really pi##ing me off.

Cheers

Download and run Hijack This (http://www.download.com/3000-8022-10227352.html?tag=lst-0-4) . Don't do anything yet!! Copy the results onto your clipboard and post here. One of us will let you know where any problems lie and advise you how to proceed.

Hi Racing Green,

You've been hijacked by CoolWebSearch. Follow TimmCat's advice and we'll see what we can do for you.

Cheers

Liam

Have downloaded and unzipped Hijack This and saved it to my desktop. When I try and open it I get the following 'error starting program' A required.DLL file, MSVBVM60.DLL,was not found

Have been back to site to read notes on installing problems and for this message it says try installing a DirectX driver, however on the microsoft site it says u should not with win 98. Any other thoughts ?

Racing Green,

Direct X is not an issue with Win98. All games that run on Win98 need Direct X.

You could try:

DirectX 8.1b Runtime for Windows 98 and Me (http://www.microsoft.com/downloads/details.aspx?FamilyID=f70a3d7c-feac-4d9a-a803-278021061fec&displaylang=en)

If you do not want to run:

DirectX 9.0c End-User Runtime (http://www.microsoft.com/downloads/details.aspx?FamilyID=0a9b6820-bfbb-4799-9908-d418cdeac197&DisplayLang=en)

But I would not worry about running Direct X 9.0c since it says:

System Requirements

Supported Operating Systems: Windows 2000, Windows 2000 Advanced Server, Windows 2000 Professional Edition , Windows 2000 Server, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows 98, Windows 98 Second Edition, Windows ME, Windows Server 2003, Windows XP, Windows XP Home Edition , Windows XP Media Center Edition, Windows XP Professional Edition , Windows XP Service Pack 1


Take Care,

Richard

Hi Racing Green,

Click here (http://download.microsoft.com/download/vb60pro/Redist/sp5/WIN98ME/EN-US/vbrun60sp5.exe) to get the VB 6 missing file, and let it install itself.

Cheers

Liam

Thanks for that. Hijack this has come up with a list of fix items. Here is the first set

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

There are about another 30 fix items, shall I post them all !

Hi RG,

yep, could you post up the whole log, including the header that tells me your OS etc. If it is as I think (CWS) I'll need all the info I can get. (Remember to disable smilies) :)

I'll take a look later on.

Cheers

Liam

Logfile of HijackThis v1.98.2
Scan saved at 1:51:57 PM, on 11/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {73E09961-3272-11D9-988F-44458EAA6B40} - C:\WINDOWS\SYSTEM\JIFFNMA.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [MPE0] rundll32.exe streamci,StreamingDeviceSetup {8E60217D-A2EE-47f8-B0C5-0F44C55F66DC},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINDOWS\INF\mpe.inf,BDAcodec
O4 - HKLM\..\RunOnce: [STREAMIP0] rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINDOWS\INF\streamip.inf,BDAcodec
O4 - HKLM\..\RunOnce: [SLIP0] rundll32.exe streamci,StreamingDeviceSetup {03884CB6-E89A-4deb-B69E-8DC621686E6A},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINDOWS\INF\slip.inf,VBIcodec
O4 - HKLM\..\RunOnce: [CCDECODE0] rundll32.exe streamci,StreamingDeviceSetup {562370a8-f8dd-11d2-bc64-00a0c95ec22e},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\CCDECODE.inf,CCDECODE.Interface .Install
O4 - HKLM\..\RunOnce: [NABTSFEC0] rundll32.exe streamci,StreamingDeviceSetup {07DAD662-22F1-11d1-A9F4-00C04FBBDE8F},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\NABTSFEC.inf,NABTSFEC.Interface .Install
O4 - HKLM\..\RunOnce: [WSTCODEC0] rundll32.exe streamci,StreamingDeviceSetup {70BC06E0-5666-11d3-A184-00105AEF9F33},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\WSTCODEC.inf,WSTCODEC.Interface .Install
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SPYDOCTOR.EXE" /Q
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O18 - Filter: text/html - {73E09960-3272-11D9-988F-4445E1E6CEDB} - C:\WINDOWS\SYSTEM\JIFFNMA.DLL

Racing Green,

This is everything that I would either suspect of needing to be removed:

C:\WINDOWS\SYSTEM\WMIEXE.EXE

Have Hijack This! fix:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

O2 - BHO: (no name) - {73E09961-3272-11D9-988F-44458EAA6B40} - C:\WINDOWS\SYSTEM\JIFFNMA.DLL

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [autoclk] autoclk.exe

O18 - Filter: text/html - {73E09960-3272-11D9-988F-4445E1E6CEDB} - C:\WINDOWS\SYSTEM\JIFFNMA.DLL

Take Care,

Richard

Well thank you very much everyone, that has done the tick, I got 'Hijack this' to fix the items Richard said and my browser is back to normal.

I still cannot remove C:\windows\system\wmiexe.exe as when I try to it says 'windows is using it " Does this matter ?

Anyway thank you everyone again

Cheers

Racing Green,

This File is a Virus:

C:\WINDOWS\SYSTEM\WMIEXE.EXE

The real wmiexe.exe is located in:

C:\WINDOWS\SYSTEM32\WMIEXE.EXE


Take Care,

Richard