Shopping Wizard, Home Search Assistant, Search Extender

[Unregistered]

Three programs called Shopping Wizard, Home Search Assistant, and Search Extender are present in the list of programs on the Add or Remove Programs list. When I attempt to remove them, my computer directs me to a website that asks for the reason I want to remove their program. They also provide a link to download something that will remove their program. When I double click on this application after downloading it, nothing happens. What do I do? Here is my log:

Code:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:56 PM, on 3/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SygatePersonalFirewall\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\d3ze32.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\?xplorer.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F80FD839-B3F2-35E6-66BD-F75654382483} - C:\WINDOWS\ntwg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE~1\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\hijackthis_199\HijackThis.exe /startupscan
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gyuaubeb] C:\WINDOWS\System32\?xplorer.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3ze32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\SygatePersonalFirewall\smc.exe

[Ruby]

Hello Guest, welcome to HijackThis.de

Please print out these instructions of safe it as a text-file (*.txt)
since we will ask you to work in safe mode, offline. Follow the numbers.

1
Turn off System Restore.

2
Take a visit to:
www.windowsupdate.com to get the Windows ServicePack 2.

3
Make sure you set windows to see the hidden files and folders.

4
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
C:\Program Files\HijackThis

5
Please give the following files to Upload malicious software:

C:\WINDOWS\d3ze32.exe
C:\WINDOWS\System32\?xplorer.exe
C:\WINDOWS\ntwg.dll

6
Create new directories (folders) (Windows Tutorial):

C:\download
C:\bases

7
Download for free:
Registrar Lite

8
For the greatest safety, it is recommended that if you edit the registry, you
back up the entire registry.

9
Removal Instructions

1) Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter. You can also use Registrar Lite:

2) In the left panel, double-click to:
HKEY_CLASSES_ROOT>CLSID>{A37B1EF1-FF7A-A47A-8449-3BCE6606697A}>InprocServer32

3) In the right panel, locate and delete the entry or entries:
@ = C:\WINDOWS\System32\sdkns32.dll
ThreadingModel =Apartment

4) In the left panel, double-click to:
HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>
CurrentVersion>Explorer>Browser Helper Objects>{A37B1EF1-FF7A-A47A-8449-3BCE6606697A}

5) In the right panel, locate and delete the entry or entries:
@ = ""

6) In the left panel, double-click to:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Uninstall>HSA

7) In the right panel, locate and delete the entry or entries:
DisplayName = Home Search Assistent
UninstallString = "rundll32 url.dll,FileProtocolHandler http://looking-for.cc/uninstall/HomeSearchAssistant.html"

8) In the left panel, double-click to:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Uninstall>SE

9) In the right panel, locate and delete the entry or entries:
DisplayName = Search Extender
UninstallString = "rundll32 url.dll,FileProtocolHandler http://looking-for.cc/uninstall/SearchExtender.html"

10) In the left panel, double-click to:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Uninstall>SW

11) In the right panel, locate and delete the entry or entries:
DisplayName = Shopping Wizard
UninstallString = "rundll32 url.dll,FileProtocolHandler http://looking-for.cc/uninstall/ShoppingWizard.html"

12) Close the Registry editor.
Source

10
Download for free:

zipgenius (if you have no zip-tool)
DELLATER.ZIP install it to your desktop!
clearprog
ccleaner
Ad-Aware SE
Spybot Search & Destroy
mwav.exe

cwsserviceremove
About Buster
CWShredder.exe

11
(MUST!) Turn to safe mode. Close all windows including Internet Explorer.

12
How to use:
Run then DELLATER.exe on your system. Click ok.

Ad-Aware SE install and update it

Spybot Search & Destroy install and update it

mwav.exe: (MUST!) Unzip the 'mwav.exe' into the new directory 'c:\bases' (!).
Use 'kavupd.exe' to get the latest signatures (MUST!). If you 'hear' that the
signatures are more than 30 days old, stay trying. You will get the actual
signatures. Keep trying!

Unzip AboutBuster in an own folder such as C:\AboutBuster.
Start AboutBuster.exe. Click OK, Update, Check For Update and download the updates if present. Don't run it now.

Unzip the contents of cwsserviceremove.zip (cwsserviceremove.reg) to your desktop. Do not do anything with it yet.

13
Start Cwshredder
Double-click on CWShredder.exe.
Click "Fix ->" and click "OK" at the prompt.
CWShredder will scan and clean your system of CWS files.
Click "Next->" and then "Exit".

14
Double-click on cwsserviceremove.reg
When it asks you to merge the information to the registry click "Yes".

15
Start Aboutbuster
Run AboutBuster and save the logs:
Run AboutBuster.exe.
Click OK at the directions prompt.
Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
Click Yes to allow it to shutdown explorer.exe.
It will begin to your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
When it has finished, click Save Log.

16
Run CCleaner
Under windows tab check internet explorer, windows explorer, and system.
Then click Run Cleaner.

17
Go to START > run and type: cleanmgr and click ok.
Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

18
run Ad-Aware SE (Adaware SE 1.05 Tutorial)

Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Change all red X to green ones. Take a full system scan. Delete the content of the ad-aware folders when scan is finished. Safe the logfile.

19
Run Spybot Search & Destroy (Spybot Search & Destroy 1.3 Tutorial)

20
Run mwavscan
Then close everything else, close all windows, all
browsers, all programs. Remember: you MUST work in safe mode!

20-1
Start a full scan (all files!) [Memory, StartUp-Folders, Drives, All Local Drives,
Registry and INI Files, System Folders, Services must be checkmarked] by
running 'mwavscan.com' (directory c:\bases): Click on 'Scan clean' of 'Scan'.
mwavscan takes about one an hour.

20-2
When it's finished, 'view log' and safe it!

21
Go to START>Control Panel>Internet Options>tab programs> and click restore websettings.

22
Delete the whole content of C:\Documents and Settings\Jospeh\Local Settings\Temp <== this folder. Reboot.

23
Reboot your system into normal mode.

24
Run ClearProg: "Clear all" and "Clear" must be checkmarked: delete all your temporary maps and files

25
and:
1) Open Control Panel
2) Click on Internet Options
3) On the General Tab, in the middle of the screen, click on Delete Files
4) You may also want to check the box "Delete all offline content"
5) Click on OK and wait for the hourglass icon to stop after it deletes the temporary internet files
6) You can now click on Delete Cookies and click OK to delete cookies that websites have placed on your hard drive

IE Settings

26
Search the logfile 'mwav.log' in directory 'c:\bases'. Open the logfile with an editor. Look for the files which are tagged as "virus" (of "infected").
Copy&paste all these files tagged as "infected" in a new document.

26-1
---> post every file mwavscan tagged as "virus" (of "infected")
---> and the names of the virusses.

(It looks like this: File C:\WINDOWS\sssasasb32.exe infected by "Trojan-Downloader.Win32.Agent.ig" Virus. Action Taken)

26-2
---> Also post the result:

=>Total Number of Files Scanned:
=>Total Number of Virus(es) Found:
=>Total Number of Disinfected Files:
=>Total Number of Files Renamed:
=>Total Number of Deleted Files:
=>Total Number of Errors:
***** Scanning complete. *****

27
If your system is missing files.

28
Post the logfiles of About:Buster, Ad-Aware SE, the results out the mwav.log and a new HijackThis Logfile.



Please note: Adware T.V. Media Program Removal Tool