I have a program on my computer that keeps resetting my home page and my other pages to a home search page i have tried every program their is and it comes back within 5 minutes now other programs are being affected like kazaa lite this should be illegal!!! :censored

please anybody help me!!!!!!!!!!!!!!!!!!1

Have you tried running any of the spyware programs, like spybot?

::hands sreich05 a sledge hammer::

eheh

download and install adaware + new definitions

http://www.lavasoftusa.com/support/download/

---

Does that fix it?

Oh and don't forget 2 run it

i have all of those programs and none help ,most dont even recognize the hijack

And I assume you have updated both with the latest refs? And tried running them with "scan within archives" checked, while in safe mode?

i have all of those programs and none help ,most dont even recognize the hijack

whelp ur screwed . if "all of those programs" don't work than you should backup and reinstall ....

sorry

its not that bad once you get into the habit of starting fresh every year or two. )

i have all of those programs and none help ,most dont even recognize the hijack

LOL, I just noticed this... so when the few that do detect it find it, do they fix it?

Yer really not helping yourself here.

when they detect it they delete it but the settings will change back within five minutes i have ad aware, spy watch, hijack this, spyware blaster, avast antivirus, spy cleaner gold, sorry to be short i am at my wits end and do not want to give up to this hijack

Logfile of HijackThis v1.98.0
Scan saved at 9:34:26 PM, on 7/26/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP1 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\ipjf.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\WINNT\sysqv.exe
D:\Program Files\Memzip\memzip.exe
D:\PROGRA~1\SPYCLE~1\SpyWatcher.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jxqiz.dll/sp.html#37680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxqiz.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jxqiz.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\jxqiz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jxqiz.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxqiz.dll/index.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E9E12E0A-9084-2E3B-F8E9-E72B36A23984} - C:\WINNT\system32\ntlh.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_19_0 .dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [sysqv.exe] C:\WINNT\sysqv.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MemoryZipperPlus] D:\Program Files\Memzip\memzip.exe
O4 - HKCU\..\Run: [Spy Watcher] "D:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll (file missing)

i dont know if this helps

Try SpywareBlaster, Download this program and enable all protection. Also read the article here. It will explain more about it. You can download it from this page also, and its free.

http://www.javacoolsoftware.com/spywareblaster.ht

Then delete these


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jxqiz.dll/sp.html#37680
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxqiz.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://jxqiz.dll/index.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\jxqiz.dll/sp.html#37680
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\jxqiz.dll/sp.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://jxqiz.dll/index.html#37680
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing

Did you download Viewpoint Media Player? Heres an article that says it downloads itself without the users knowledge. If you did not download this program on your own delete this one You may want to delete the whole program if you dont want it.

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

http://www.kephyr.com/spywarescanner/library/viewpointmediaplayer/index.phtml

I have that viewpoint thing. Had it on my work machine. they throw a dialog to update their software on bootup from a systray app, and it's displayed in flash without a close button. I'd have to go in and kill it from task man. Thanks for the link.

BTW, I think AIM installed it for me. :curse

No problem Dang, According to my list Viewpoint Media player is concidered Spyware........Jim :sponge

Nice night! Think you got everything I saw.

Make sure you close all browser windows before removing and restart right after.

Note to others: when you see that your start page is a .dll, it's safe to assume this may be the problem! If you are unsure of a process, look it up on Yahoo, or try:
http://www.liutilities.com/products/wintaskspro/processlibrary/

sreich05, did that info help you?

when i delete them the same files come right back within five minutes or whenever i open ie!

Boot in safe mode, and then remove those entries in HJT. Run adaware and spybot, make sure both are set to scan within archives and have latest refs. reboot when done.

i think that did it thanks guys!

Ad-Aware 6.0 (core 181) with the latest .ref file should take care of your problem buddy. Try a "deep system scan." If that doesn't work, use Mozilla or something other than Internet Explorer until your problem is solved.

IE, likes to DL anything these companies WANT.
Getting REALLY tired of that prog.
MS put the backdoors in, they should REMOVE THEM.

The hijacker/spyware you are having a problem with is called "coolwebsearch". It is a real pain in the ass. Do a search using that keyword and you will find many sources on proper removal.

Also for the record viewpoint media player comes installed on every computer sold. It is a plugin that makes the internet more exciting, seamless and complete. It is no more dangerous than the flash plugin. The vmp plugin is the most amazing and curve breaking technology I have come accross. The most well known fortune 500 companies relly on this plugin to deliver their presentations. They choose it because it outperforms flash like a hotrod vs tractor. Here is a great example of what it is used for.

http://www.tagheuer.com/sportvision/multimedia/3dmodels.lbl

Also vistit http://www.viewpoint.com and read more about it. Very cool stuff.

This reply was just in case you have the problem again or if any one else has the same symptoms.

Mick,
This is over 3 months old...
And why you advertizing here?

Also, there are at LEAST 6 versions of CoolWeb.. ALL different, and made by different companies... And I wont even mention the hackers using it. And that program dont always work, on about 1/4 of the combinations out there.

This is from the original thread:
"I have a program on my computer that keeps resetting my home page and my other pages to a home search page"

Then the focus some how shifted to the vmp. I read the thread and found it interesting. I have worked with the vmp in the past and was just steering new readers to the source of the problem.

The symptoms he complained about are "coolwebsearch" symptoms. I don't care if there are 50 versions of it. That was the problem and no one mentioned it even once. These forums are used as a source of info by many. The thread never labeled the problem - the only labeling that was done was finger pointing at the vmp which is just a plugin - like flash, realone, quicktime, etc... It is just not a name brand. Anyways didn't mean to insult you by following up and mentioning that the problem is related to coolwebsearch. Oh yeah and advertising? What am I selling you? lol - cmon guy - cut me some slack. Peace

There are so many ways to take over your IE and windows its almost stupid. I do not like people running tool bars unless they KNOW its 101% SAFE...
companies can change there USE of the toolbar, just by rewritting its use agreement, or not even that.

Installing ANY, bells whistles, addons to windows or IE is hazardous.
Unless you can GUARENTEE, that NO info is taken/used/abuse no augmentation to the system running/popup/redirects/home pages. I ask users NOT to do anything, unless they are VERY sure they wish to.
I dont fix these because I want to, I fix them because WINDOWS should have fix IE in the first place.. I try NOT to use IE as it is totally vulnerable to manny attacts.

I believe Viewpoint Media Player is bundled with Spyware.


http://www.spywareguide.com/product_show.php?id=880

WB Nightowl..

True that MANY companies have spyware in them.. But the programs are great, and the program maker DIDNT want it, unless he wanted the money from adverts..

ECA

I removed the comment regarding the TB. Sorry that bothered you. As for the vmp I asure you gentlemen that it is not spyware. Many of you are just not understanding the tech. It does communicate with the server but only to recieve updates for the plugin and to provide feedback regarding the presentations.

Updates: Every time a new flash version comes out you don't have it until you come across a file that requires it - then you have to download it. Also all the major websites never prompt you to download the new flash plugin - they will show you a photo instead. The vmp is always the newest version. Always. Which is great because it never disturbes your internet experience. It is seemless - so seemless that you don't even know it is there. I guess that is why many start to point their fingers at it - they are not familiar with it or what it does.

Feedback: The feedback that gets sent back to the servers are raw data refering to the presentation. Info like: how long was the presentation viewed for. What was looked at for the longest time. Etc... Info that means nothing to me or you. It is not spying - I could collect 90% of this info strictly from the server.

Also keep in mind that every computer OEM has it installed on the computers that they sell. Why? To make your internet experience seemless. Think of it as flash, quicktime, realplayer, windows media, etc...
Another thing to ease your mind is that the biggest fortune 500 companies are paying thousands of dollars to license this tech and millions to develop for it. Do you think they would bind their names to spyware? Also it is one of the most widely accepted formats by the biggest publishers online.

Are any of you developers?

Michael

Nightowl:

It should not be called spyware:
http://www.2-spyware.com/remove-viewpoint-media-player.html

These anit-spyware companies pick up anything that has an outgoing signal to servers. This is why I explained what the outgoing signals were in my previous post. They are not malicious. Viewpoint is going to be responsible for a big change on the internet. It has been ahead of the curve for a long time and the internet is finally ready for it's power. They will be playing a big role in the x internet(executable internet). They will be the graphical OS for many x internet apps in the future.

Devils advocate:

the biggest fortune 500 companies are Advertisers... they want any info they can get from you..
Age, sex, location, and what you are clicking on, and how much you make. They know MORE then the Census does about you. and they PAY alot for this knowledge.

so, wouldnt thay want you to press a button and give them information?
How about this:
Advertisering agency wants as many clicks as they can get. they get .10-.50 per click. they make neet programs for your use, and gather info from it to make popups FOR you to click. 1% of those on the internet Click 1 advert every day... something like, 500,000 clicks(low ball park)= $50,000...

No question about it you are right about that. Every major website is using cookies and server side tools to gather as much about it's users as possible. This means more targeted ads - This is good and bad. Ultimately it is unavoidable. I am okay with companies that take responsiblity for their actions and care about their image. Apps like gator, gain, savings, etc... should all be outlawed. Their is a fine line between spyware/adware and not spyware/adware. Some companies respect the end user and some are simply annoying and have no courtesy to the end user. Then there are the ones that are really out to harm you. The vmp is just misunderstood. It is like saying that everyone with a gun is a murderer. I am sure you get my point. Good chatting with you.

I agree its not a major threat but I've had a few logs in the past that had problems and after they got rid of Viewpoint their problem was gone.

Perhaps in the future they will improve on their program so people like us wont give it a bad review.........Jim :vivi

Verily, ....TRUE....
When I clean a system, I WANT IT ALL gone....
I dont know if someone has hacked it, dont know if it has a back door, or WHAT...

Rather SAFE, then LAGGED to death...

The company offers great support. If you ever have a problem I suggest running it by them. They would give you instructions to properly delete the files - I am sure they would even provide you with a list of files to manually delete if needed. This is not some hokey pokey company.

Although I must say I believe it is a loss not to have it installed. It really is a greatest plugin. It renders every format available. 2d, 3d, Ipix, Audio, flash, and all formats of video. It is state of the art. Seriously. To license the plugin companies pay $25k.

Check this out:
http://automobiles.honda.com/info/prototypes/accord_hybrid.asp?function=gallery&qtvr=exterior_360s_enhanced

http://www.smb.compaq.com/HTML/interactive/h5500/model.html

This simply can not be done with any other technology. Honda, Toyota, GM, GE, Boeing, Sony, Samsung, HP - just to name a few companies that base their presentations on this tech. This application/plugin/vmp serves it's purpose. It actually does something. It is not on your computer just spying. It is a top tier plugin to be honest it is the most sophisticated plugin available. It is a privelage to come accross site that have developed for this tech. It makes the presentation power of the internet so much better. I honestly believe that the problem is that many of you are just not familiar with it.

I agree, but its only a warning...

But, IF you run a clean system, and THINGS start poping up... I would start looking HERE..

The only thing that would ever pop up that is generated by them is an offering by them. For example: I have realone installed on my pc and I have all the message options turned off. When they started to promote their new realarcade offering I recieved a pop up. I prompted in and installed it - it was a free offering and was pretty cool. I know you have your doubts about viewpoint but they are unjustified. Viewpoint is no different then real networks or any other legit company. They were actually the company that created the program poser. Poser is one of the programs used to make 3d animations for movies. It is like maya, 3dstudio, bryce, etc... The company has been around for many years - close to a decade. Like I said - the app works so quietly in the background that no one is familiar with it. Meanwhile it is on like 70% of the worlds PCs. No bull****. Read their privacy statement on their site and keep in mind that they are public company that is regulated by the SEC. They can not release false info.

ECA - did you look at some of those examples I posted? I am sure you recognize the benefits of this tech. It is like holding it in your hand and having a salesperson simultaneously telling you what everything is.

I just wanted to conclude this thread with this - since I just got wind of it and I remembered this thread.

http://www.hijackthis.de/filedb.php?keyword=ViewMgr.exe&action=suche

"Hijackthis.de no longer labels Viewmgr.exe as Spyware/Trojan software."