I ran avg again and there were no infected files this time. I looked in the add\remove program and there was nothing out of the ordinary, no toolbars, etc. Next is to clean the registry, id like to do it manually instead of using pcbugdoctor bc everytime i click a link on a webpage, it reverts back to the searchpage, and i do not know if that re-launches the virus or not. How do i go about cleaning the registry maunally and eventually getting this off my computer? Do i delete stuff off the registry or? Any help would be great. Sorry for sounding like i'm computer illiterate but, better safe than deleting a rundll.exe file or something. It probably is annoying, but a detailed explanation like i am a 7 yr old doing this would help lol. Then, once i clean the registry will i just be able to delete that icon out of the c:\ folder and restore my homepage to whatever i like? Jason

well thats great that u got all the virus gone..what u have now is what is called spyware or adware.they make an easy little tool for removeing those so u dont have to search thru your reg and delete something by mistake..this is free as well and run it ...its good to have http://www.lavasoftusa.com/support/download/ once downloaded click on update to get latest adware update.am sure u will like it as well and u going to be surprised at the spyware and crap u got on there...it should also take off that search page u had.. good luck. and a good thing to use that i highly reccommend is avg and zonealrm pro with web filtering it blocks all the viruses if u have it set up to block all 3rd party ads.

just an update i found this adware spyware and harmful strings in regs software it works really well and better than adware here is the website and it gives u a choice to manually deselect reg entries of programs u know u have http://www.adwares.net/ goodluck.

Is there a simpler solution? or a package to take care of the whole thing? If I wait, will a total fix become available and in the meantime is any further damage being done? Help please

umm so many replies...is your problem stillt he same with the searchpage in explorer.. do this click start search..find files or folders..change your settings to look for hidden and system files type in searchpage.html and delete the thing. open explorer up and go to a wesite like www.google.com and click tools internet options and use current as homepage. try that since u ran ad-ware u should be ok on the spybots and other crap and now virus freeing hopefully. good luck and any problems just post again.

Jason, JulianUK Try this program: http://209.133.47.200/~merijn/files/CWShredder.exe It is a program to remove CoolWebSearch hijack...I believe that is what you have. Save the download to desktop. Reboot to safe mode/offline (tap f8 on boot) and run the tool. Click fix not just scan. Let it clean what it finds. Reboot and run again just to be sure. Empty out temporary internet files including offline content and history. Reset web settings. Start> settings> control panel> internet options. Delete files At the popup check "delete offline content> Click ok Click "clear history" Click ok Click the programs tab Click "reset web settings" Yes at the popup Now try IE If still jacked..post back _________________________________ I never give up! Windows Update

Hi! Just go to regedit and through "ctrl+F" search my computer for "searchpage" and delete all keys you will find. Hopefully this will help you. I did get rid of this virus this way. Good luck

I have messed with this thing all day trying to get rid of searchpage virus. Finally came across a program called start page guard. http://www.spywareinfo.com/downloads/spg/ Just downloaded it and it worked. Just set your homepage to what you want. Not sure if the virus is still in my computer but it seems to be back to normal.

Ohhh Boy, never had anything like this before. I have the "c:searchpage.html" problem. I've tried CWShredder, tried regedit, tried spyware spg. Nothing works. Anyone else have an answer???

I finally got the searchpage.html problem fixed. First of all make sure you've deleted all of your temporary files. (C:\Documents and Settings\user\Local Settings\Temp) and (C:\Documents and Settings\user\Local Settings\Temporary Internet Files). Next open your registry editor (go to run and type regedit) then under the edit menu click 'find' and type in c:\searchpage.html ('find next' or F3 will move to the next instance) Delete all entries that are found except for the default URL prefixes. Change the prefix entries to http://

Dear blender Just done as suggested...... ......... Quiet... shhh Yes it all seems OK! Thanks to all for your suggestions, will keep them for future reference. What about criminal penalties for virus freaks.. They should be locked up for good Regards JulianUK

JulianUk Hope it stays gone... Before you get attacked again: Make sure you have ALL your windows updates. Download Spywareblaster and IE-Spyad. Both are excellent protection and both are free. Spywareblaster blocks known bad active x controls and other spywares/trojan/crap downloads. IE-Spyad puts several thousand crap sites in restricted zone of IE where java, active x, and anything else potientially harmful is disabled...if ya hit a bad site...less chance of getting attacked/hijacked. As for punishment for the virus writers: They are locked up in a huge room full of infected computers...say 5000 of them. They can,t leave the room until all are clean and running proper. They don't have access to internet for tools to help, no antivirus, no OS cd, nothing. They have to hack out all the viruses manually and fix whatever infected files manually.... They eat there, sleep there, all their daily activities go on in that room until all computers are clean and working like before infection. No clues are given as to what each machine is infected with...all have multiple and different infections. How many viruses do you think they would write and spread after that?...HAHAHA ________________________________________ Tim Have you tried running the latest CWShredder in safe mode/offline? A couple of the newer hijacks require safe mode run (tap f8 on boot) Run the tool a couple times rebooting between each run. If still jacked post back... __________________________________ I never give up! Windows Update

No, CWShredder still doesnt work. I've tried Julian's regedit solution a number of times but it doesnt work either, the searchpage.html registry entries just come back. I'm pissed. Five years with my old PC and Windows 95, no issues. Two weeks with a new PC and Windows XP and I'm hosed!

Okay, this was a VERY easy fix... and it only took me about 20 seconds tops. It seems to work for me: now i can type in google.com without having that searchpage.html link show up. Here is what I did: 1.) Go to the start menu and go to "RUN". 2.) type in "regedit" without the quotes. 3.) In the registry editor, go to "EDIT" and then "FIND" (or hit Ctrl+F). 4.) Type in "searchpage.html" and then the "find next" button. 5.) You should be in the "URL" => "DefaultPrefix" folder. If not, then click on it on the left hand window with all the folders. 6.) In that DefaultPrefix folder, delete the entry called "searchpage.html". That might be the only entry in there. Once you have one so, in place of it will be the text, "value not set". This should be fine. 7.) Now close regedit, open IE Explorer and type in google.com. It should work fine.

I have one last problem. I seem to have rid myself of the "searchpage" problem but I am now having difficulty contacting some sites. I have been trying to download ie-spyad from http://www.staff.uiuc.edu/~ehowes/res/ie-spyad.exe but I keep just getting my Google page instead, I now realize this has been happening on a number of sites. Do I need to change a line in the registry ? and are all the registry lines in which I previously had the searchpage link and which are now set to blank OK? Turning to the punishment for Virus Bas.ds, I think the solution above is just perfect. JulianUK

Hi I have this virus too. I tried using the Start>Run>regedit method but a window pops up saying "Registry editing has been disabled by your administrator". How can I re-enable it? Thanks.

Recently an adware trojan appeared on my computer, changing my preferences and hijacking Internet Explorer. I used the usual means of deleting it (anti-virus AVG, Ad-Aware, Hijack This!) but the thing kept miraculously re-appearing everywhere I deleted it. I tried system restore, and my computer crashed, leaving my dissertation data stranded on my hard drive with no access to back-up hardware. I couldn't even copy files from one folder to another, and Windows went down within ten seconds of being loaded, even in the so-called "safe mode". I finally licked this adware trojan. It took about four days to get my system back up, and I didn't have to reformat the hard drive. For those who care, here's how I--a complete ignoramus about computers--accomplished this amazing feat: DISCONNECT INTERNET, especially broadband 1) Ran AVG or other virus software while Windows is running normally 2) unattached hard drive and backed up files to friend's desktop, then to external hard drive; used boot cd to re-install Windows so that I could use the OS normally (original data, including adware virus, still on system) 3) rebooted computer in safe mode (EXTREMELY IMPORTANT--otherwise the virus is running on top of Windows, reinstalling itself everywhere you delete it) 4) used Ad-Aware to eliminate nasty .dll files and spyware executive files (about 37 of them); used the updated version (very important) 5) used Startup List to ensure there were no suspicious files that would re-load the virus when the computer re-started 6) used Hijack This! to remove all nasty registry changes, normal and "obfuscated" (who at MS dreamt up this piece of tomfoolery???). 7) Checked for extra BHOs used BHODemon. 8) Ran a final full check with CWShredder to see if I missed anything. 9) Re-checked the registry entries for Internet Explorer using Regedit from the Run command prompt--you have to check Local Machine and Current User settings under Internet Explorer and regular Microsoft search registries (undoubtedly this is the most despised and vulnerable addition to Windows XP). 10) Deleted all files in C:/Documents and Settings/user/Local Settings/Temp and C:/Documents and Settings/user/Local Settings/Temporary Internet Files (not accessible through the normal browser; I had to open them from the "Run" prompt--thanks again MS). 11) Loaded Internet Explorer with internet still disconnected. Informed IE, under Tools, Internet Options, Programs to reload default settings, deleted all offline temporary files, deleted cookies Before I did all of this, I searched my system for the name of the nasty software and then went online to see how others had fixed this problem. Occasionally they would post the names of .dll and .exe files that the software used. I got rid of those first, then went through steps 1-11. All of this software is available for free on the internet. God bless the inventors of Hijack This!, Ad-Aware and AVG! Lessons learned: SYSTEM RESTORE IS HAZARDOUS. If your anti-virus software finds something ugly during a system restore, bye-bye OS. It will only partially restore, and now you can't back-up because your hardware drivers are gone, gone, gone with the wind. This happened to me in Japan, where computer "repairmen" won't move your data for you. 1) Undoubtedly the biggest lesson I learned was to back things up regularly. 2) You have to boot in safe mode now to defeat the most ugly forms of viruses and Trojan Horses. They come through ActiveX and Scripting, against which IE has no effective defense. IE cannot differentiate between a trojan horse/virus and website music/animationed gifs etc. Thus, it is by far the worst web browser available. What you CAN do (and it still isn't 100% effective--look at what happened to me!) is set your security (under Internet Options and Security, Custom Level) manually to disable all ActiveX and Scripting when visiting a site you're not absolutely 100% positively clear about (and I mean 100%--my mom's greeting card service even nailed me with a trojan horse!). 3) Since anti-virus software like AVG can't run in safe mode, you'll just have to run it before doing the nuke-assault listed above. However, since AVG found the trojan first and removed the original exe file, it is probably worth it to make that step one. Though, invariably, it won't be your final one-stop solution. 4) Norton Anti-Virus is useless against truly sophisticated trojans like the one I just dealt with. 5) Trojans do not need nor do they ask permission when they run on your system (this is a popular misconception) if ActiveX and Scripting is uniformly enabled. Microsoft has designed a web browser that allows these people wide access to your machine all the time. If you haven't done what I've described above, I would estimate you have 30-70 of such files on your system, tracking your data, changing your preferences, and generally jacking your system. I hope this helps the rest of you stranded out there. If anyone with real computer knowledge has anything to add, please do so. Signed, the Battle-Weary

I have just been into my registry and searched for Google. Found a couple of references which I deleted.. seems OK. Then I noticed hundreds of website directories under windows\internet settings\zonemap\domains Can I safely delete this lot, they seem like a load of rubbish?.... I have now deleted some of them but is there a faster way than deleting them one at a time? Just a note: That searchpage virus also deleted my restore history! JulianUK

After spending countless, and fruitless, hours trying to correct the problem ... you guys aren't making me feel better by indicating that simple procedures such as editing the registry is working. Here's what I do in this regard ... (a) Delete all Temp and Temporary Internet files (b) Run REGEDIT as detailed in other messages (c) Change the Internet Explorer Properties to have a homepage of "http://www.yahoo.com" (from "c:\searchpage.html") (d) Run Internet Explorer only to have it show the c:\searchpage.html page (e) Run REGEDIT to see that the Search and SearchURL entries I had deleted are back again I can repeat this process forever and it still doesnt work.

umm time for my 2 cents worth..dont get mad or start flameing as i am a grown up whos "trying" to help folks out. rule 1. messing with windows registry is very dangerous and not for the inexperience typical user..however..certain "key" words can be used to clean up trojan mess.. i notice the problem is with searhpage so type "searhpage in windows registry find tool" should solve the reg problem.. 2. use a realiable antivirus dont believe t.v. and whats hot to buy at the computer store or walmart.....meaning...go with the facts and facts are AVG 6.0 OR 7.0 ALL THE WAY. cant get much better than 100% detection 3. use a firewall software...one i found that blocks these stupid viruses and trojans is zonealarm pro....set up correctly to block pop ups 3rd party intruders and web filtering meaning staying off the xxx sites and cracker sites..where 90% of these things come from...going to these sites are dangerous without a firewall software or hardware. 4. use ad-ware..xoftspy...or reg mechanic..out of these ad-ware seems to be the best at finding reg keys..update it and customize your settings.. following these simple rules will keep your system rock solid and virus free..even in life there are rules and thats true with computers. so a good stable setup for protection is as followed avg antivirus=realiable antivirus protection zonealarm pro=realiable software firewall protection ad-ware=great tool for seeking out adware spyware and strings left behind by trojans. good luck peps and hope this helps

ok, folks the easy way is this: install coolwebscherer disconnect internet (very important!) run coolwebscherer and fix all re-start the computer (very important!) and that's it; coolwebscherer does exactly the same stuff automatically than hijack this (at least, with searchpage) Lazy

Hi guys, I got that problem today. I read your comments and solved the problem easily by removing the searchpage.html file and modifying the registry. But I'm wondering something. Tim, you who are still having this problem, yould you mind looking in your "C:\Program Files" directory and tell me if you don't have an .exe file in there. If it is the case, which is it. Cause I deleted such a file and I'm wondering if it isn't part of the problem. It was just in case. Bye.

My bad! It's coolwebshredder (I wrote coolwebscherer). Sorry about this. Anyway, do as I explained in my last message; it works. Lazy

If after regedit, the values go back to their old ones, then do this first.... Open internet explorer. Go to tools->internet options -> programs->reset web settings (at this point, you have msn as your home page -- which will never change) Use regedit now to get rid of the "searchpage" values to restore the "http://" prefix and other problems.

i have read all posts, but it doesnt work anyway.. huhhh.. can anyone give me another suggestion.. me to

what is your problem and post your test results on here instead of saying something doesnt work..how are we to know what your situation is if u dont post your problem. thanks.

being impulsive and foolish and not wanting to wait for an expert to read my logs, i just disconnected (physically, even) from internet and ran 'hijack this' and selected all 12 lines that said anything with c searchpage. rebooted and reconnected and everything is fine. which is good- i have a german keyboard and can't find the forward slash, so having to type in a whole address was very very tricky!!!! thanks for your help- jeremy

I have read and read and tried and tried...My problem is that I cannot delete anything from the registry or from hijack. It looks like they are deleting - but then they are all back again. I can see them all and place a check and click fix checked - it says it's deleting them - but they are still all there - same thing in my registry --- any ideas?

i,m having the same problem as everyone else and i,m not really a computer guy . just a beginner and searchpage has got my computer good this time. if any one can help let know.

I recently got the searchpage virus on my comp and it is as nasty as the rest of u claim. I use windows XP with zone-alarm (the free version) and Norton-Antivirus corporate edition and it still got through. I tried running a scan with norton and it found nothing...then i deleted any searchpage registry entries using regedit...then reset default settings for my browser..then deleted the /c:searchpage.html file...then reset my hopepage to google.com..... just to find everything i deleted back again. I tried downloading some of the suggested tools and anti-spyware and anti-virus tools...however everytime i try to access a download by clicking on the link...i am sent back the the searchpage.html page.... i am stuck...any suggestions?....thanks..

To All who still are infected with that searchpage.html crap... It is one of the many varients of CoolWebSearch trojan. First of all...whoever reading this whole thread...as Viruskiller said...mucking around in the registry is dangerous as hell unless you know what you are doing and have backed up the system properly in case you muck up. It is easy to do serious damage requireing you to re-install windows! Ok...my rant is done...on to fixing it. Download cwshredder from here: http://209.133.47.200/~merijn/files/CWShredder.exe Save it to disk. Download Hijackthis from here: http://209.133.47.200/~merijn/files/HijackThis.exe Important Put hijack in its own folder...it makes backups of what is to be removed in case restore is needed. (don't use a temp folder or the desktop...backups get lost there) If you have any home page locking tools such as spybot or spywareguard...disable the home page lock function before continuing. Now...boot the computer to safe mode/offline. (tap f8 at bootup) Run CWShredder.exe> click fix not just scan...let it remove all found. Reboot the computer. While still offline... Start hijackthis, hit scan and check to fix all R0, R1 entries with searchpage.html Check the 02-BHO entry referencing OsbornTech Popup Blocker.<-this is a new CWS hijacker<--bullcrap popup blocker. Check all 013 entries Don't "fix" anything else unless you are sure what you are doing. Hijack will delete whatever you tell it to. It Does not know good from bad...just shows you what is there. (good and bad) Once all are checked; close all open windows except hijack and click fix checked Reboot the computer when done. While still offline.... Next Empty out temporary internet files including offline content and history, and reset web settings. Start> settings> control panel> internet options. Click delete files On the popup check delete all offline content Click ok Click clear history Yes at the prompt Click the programs tab Click reset web settings Yes the prompt. Now try your IE and search functions... If all is working well...next place to visit is windows update and install all critical updates rebooting as necessary. It will take several visits to get them all if you are behind. Also re-enable home page locking tools at this time if you use them. Other prevention info: http://www.spywarewarrior.com/viewtopic.php?t=169 If you need/want tutorial on Hijackthis...: http://hjt.wizardsofwebsites.com/ http://www.spywareinfo.com/~merijn/htlogtutorial.html http://aumha.org/a/hjttutor.php _____________________________________ I never give up! Windows Update

UltraViolence was right. I am on XP and under my c\windows there is only start.chm no start.html. Therefore, as he said, the dele contents of start.chm and read-only solution does not work for me! Tried it several times and it just does not work! Ask for help if anyone has same problem and solved it. hi there!

I was having one hell of a time with this virus... I'd love to castrate whoever made this junk... anywho I have found a solution that worked for me... I tried all the other solutions but nothing worked so here is how i did it, and it looks gone to me. Note that i tried all other options before doing this so you may have to run all the suggested fixes above before getting to this step. 1) disconnect from the internet 2) open ONE IE window. 3) go to TOOLS > Internet Options > Programs > Reset Web Settings (click yes to reset home page) -Clear your cache as well 4) close IE 5) Open REGEDIT (**** caution ****) 6) Find and **DELETE** all occurences of 'searchpage.html' *some keys must be replaced with 'http://' 7) Download and run XoftSpy http://www.paretologic.com/xoftspy/ 8) Run the program... as its searching you will see hopefully only 2 bugs found (as long as you have no other spyware). Now instead of buying XoftSpy to fix the problem simply write down the registry location something like 'interface/#####-etc...' 9) run regedit again 10) search for the first few numbers after 'interface/' **MAKE SURE YOU FIND THE EXACT EXACT EXACT NUMBERS** match the reg key to the ones you wrote down and if EXACT match delete the key. -there should only be 2 keys found. both starting with 'interface/'. delete both keys. 11) start IE 12) Reset web settings one more time to put all the keys you deleted from the registry back to default. 13) close IE 14) Turn on Internet and try Internet Explorer. It worked for me, i have no problems now. No more start page or anything. Seems to me that the program hid itself in the registry. After I did these steps I ran XoftSpy, Ad-Aware, and SpyBot and they found nothing, usually they would find the bug again. Hope this helps!!

OK **JUST DONE** I do NOT use any program for solve this probrem. I do this : 1 Delete file "searchpage.htm" from c:\ 2 goto Start-->Run...type regedit-->in Registry Editor windows click edit-->Find...type "searchpage.html" then click Find next... 3 Delect All of registry that appear "searchpage.html" and click Find next again for search searchpage.html else and delete it **I do NOT disconnect the network when I solve this problem** It's work. I use WinXP v2002 SP1.

HELP HELP HELP I had all the problems above then thought that I had solved them.... I no longer see sign of Searchpage BUT My browser will only give me access to the Homepage site (eg Google)... When I try to visit any other sites I am immediately returned to (Google or whatever)... I simply cant visit anyone else HELP HELP Any Ideas JulianUK

Hey Folks. When I ran Hijackthis i found this: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:@MSITStore:C:\WINDOWS\start.chm::/start.html Maybe it is "C:\WINDOWS\start.chm" .. ?? Anyway I deleted "searchpage.html" from c:\ Then ran "Hijackthis" -deleted every row containing "searchpage.html" I also deleted the row I mentioned above. Everything seems fine for know.

This is an excellent site for Hijacked people to get solutions, mine is solved now..takes sometime but its the best why posted yet. http://www.spywareinfo.com

I have been having alot of troubles myself with this searchpage.html and after much fumbling and searching for solutions on the internet I found an executable file "addcls.exe" and a "ADDCLS.EXE-061B21C3.pf" file on my computer. I got rid of both and went back into REGEDIT and replaced all instances of searchpage.html (for the last time) and I have not had any problems since.

Response #37 solved my issue with this problem. Thank You. Did also search hard drive for searchpage.html and deleted all of those. My XP Professional would not boot in safe mode, but everything worked just fine in normal mode. Thank You , Thank You , Thank You !!!!!

i got a variant of this virus. after DLing CWshredder and following a few other suggestions on this page i got rid of it. BUT--i still have to type "http://" before every address or it won't display the page. i wonder if the virus is still lurking somewhere (i doubt it, CWS doesn't find anything, nor do any virus scanners that i've used), or i just messed something up? has this happened to anyone else? any suggestions? thanks.

Don, When running REGEDIT, keep pressing F3 to search for more searchpage.html files. You'll be surprised at how many more there are. Do it until you can't find any more. (delete them). I had the same problem!

I suffered from this virus too - no matter what I did, it would not go away - I deleted all instances of it from the registry, and it kept coming back. I ran Ad-aware, Spybot S&D, Startpage Guard, AVG 6.0, CW Shredder, Sophos Anti Virus and HijackThis, and eventually, it's gone. However, now, my computer will connect to the net to allow me to browse, my I cannot connect to MSN Messenger, or bitTorrent, and I cannot update my Spybot - they all say that I should check my connection, but I know it is working, since I am looking for help on these websites - someone, please, help me before I am forced to take a 14lb sledgehammer and turn this into a large pile of confetti.

I also got this hijacker program. On Windows XP Prof, IE6SP1. If I removed the searchpage-releted registry entries, 1 minutes later they came back again.... My solution is : stop service called "Remote Registry Service" and disable its auto-starting. (needs administrator privileges) After it the latest HijackThis was able to remove the searchpage-releted registry entries. I recommend to use also Spybot S&D, the Immunize function and the "Lock IE startpage against changes" BR, Robinson from Hungary.

C:/Searchpage , step one download lavasoft adaware , step two download Hijack this place it in its own folder step 3 goto C:/windows/system 32 and delete Mshelper.dll and then rename mtwirl.dll to Mtwirl.bogus. Then search for C:searchpage file and delete it . restart computer, run Hijack this and change have it fix all occurences of C:searchpage . run adaware and get rid of rest . go back to C:/windows/system32 and delete mtwirl.bogus walla and god bless , it took me two days to figure it out. PS dont play with your registers that Mtwirl.dll is active and rewriting them every 15 seconds. SO until you rename it and reboot your stuck with it

Yo hope4agape, Ur solution works a treat, thank you. For anyone else who is looking for a solution, this is it!!!!! It has gotten rid of the annoying searchpage and all the rubbish surrounding it.

Acrxx, I have been clean for a day then out of the blue I was infected with about:blank. Fortuinatly this was easier fix. step one, have adaware , and Hijack this in its own folder. step 2 , goto C:/windows/system32 rename file aoh.dll to aoh.bogus It's running so you cant delete it. Then restart your computer. RUN adaware and hijack this remove all names with ABout:blank on them . Go back to file c:/windows/system32 delete AOH.Bogus You should be clean .

kris, that did the trick!! thanks for the help.

I think the virus it's gone, but now I have another problem, something's wrong with mi IE, the browser only give me access to the Homepage any other link that I clicked, it just redirects me to my homepage. Does anyone have an idea of what to do ????

Well, i was the first to start up with this searchpage.html crap trying to find a solution in these posts, its a real pain, after being away for a good week i figure its time to kick this virus right in the a: drive. I've printed out solution 37 stated above and it looks promising, but i read all of the posts and found out things go wrong even afterward. Now im afraid to touch anything in fear i might make things worse or i might be able to only go to my homepage no matter what address i type in. Until theres some concrete evidence that a solution works with no problems afterward, im not touching anything yet. This reallly is a pain, good luck to all and be sure to let everyone else know if something actually does work problem free. Thanks! Jason

Hi, I got the searchpage virus #1256 and I did just as Blender in reply#37 and got rid of the virus. THANK YOU, THANK YOU, THANK YOU ... BLENDER. And I agreed totally w/ Blender that messing around with Registry thru RegEdit is not a good idea. Also my appreciation for all of you posted all helpful advises...

And I also wanted to add that while the searchpage virus froze my Internet Explorer, I use Netscape browser (luckily that I still have it and it was totally not infected) to search for help on the Internet... So after you cured yours, install yourself another browser just in case it came back... :)

Hello again all, Well, i downloaed cwshredder and let it run, then i manually pulled the search page internet icon from the c: folder and deleted it. It has not come back, which is new, and now whenever i open up internet explorer a box comes up saying "ie cannot find the homepage searchpage.html" and after i hit ok i just get a blank normal browser that i can surf in. But, i still cannot change the homepage, any ideas? I am not sure if i should just go with solution 37 or not beings that the icon out of the c drive is gone... Also, when i run spybot i get these 3 repeatedly... Common hijacker: Prefix change (Registry change, nothing done) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes\www=http:// Common hijacker: Prefix change (Registry change, nothing done) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix\=http:// TSCash: 0190 Dialer (File, nothing done) C:\WINDOWS\sysupd.exe When i hit delete or fix selected problems, the 2 common hijackers delete but the tscash dialer always remains, where spybot simply tells me that it cannot be removed and the problem might be fixed after a restart, although it never is... Any relation or is this something totally different and also, how do i get those off? Thanks a lot everyone! Jay Jason

Jay Have you downloaded hijackthis? Post your hijack log here...I'll help you with it. Make sure you have it in it's own folder (not the desktop or a temp folder)...so if something goes wrong in the fix stage...it makes backups so we can restore it. _______________________ Some of the rest of you posting above...some of you have different varients of the hijack which requires different tools and procedures. From reading some of the posts...I see about 8 different varients going on which is why half the responses are not working. Most of you are dealing with a different hijacker/virus/trojan. Most of you should start a new thread...too confusing here at this point. Just deleting the entries out of the registry in many cases will not work because there are files responsible for reinstalling the hijack. I never give up! Windows Update

Yes, i did download hijack this and put it in its own folder in my documents, just like my music and my pictures folder. I ran hijack this and will post the log now. Also, i looked down the log and saw a c:windows sysudp.exe file, which i think stands for win systems update, but i also saw the same thing on that ts cash dialer i mentioned in my previous post that i cannot fix on ad-aware bc it says it is currently in use in memory. Thanks a lot for your help blender, it is greatly appreciated... Logfile of HijackThis v1.97.7 Scan saved at 4:54:05 PM, on 5/4/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\BCMSMMSG.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\Common Files\Dell\EUSW\Support.exe C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\DIGStream\digstream.exe C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\WinZip\WZQKPICK.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\sysupd.exe C:\Program Files\AIM\aim.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\ypager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Jason\My Documents\Hijack\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_12_0.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe O4 - HKLM\..\Run: [LimeShop] javaw -cp "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop" O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe" O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.exe /AUTORUN O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe O4 - HKLM\..\Run: [BCACHEW] C:\WINDOWS\System32\BCACHEW.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: AIM (HKLM) O9 - Extra button: Real.com (HKLM) O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O13 - Home Prefix: c:\searchpage.html?page= O13 - Mosaic Prefix: c:\searchpage.html?page= O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partners/aolim/install.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab

Jay That sysupd.exe is the dialer trojan. You also have a few more adware trojans to remove as well as that silly searchpage.html thing. You don't use limeshop do you?...it is malware too so I would recommend removing it via add/remove programs. Also spykiller is bad....it installs spyware and wont remove it untill you pay for it...ad-aware and spybot are free and do the best job. I recommend removing spykiller thru add/remove programs as well. Once done that... Start hijackthis again and check all the following lines to fix: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\searchpage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = c:\searchpage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = c:\searchpage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = c:\searchpage.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = c:\searchpage.html R1 - HKCU\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html R1 - HKLM\Software\Microsoft\Internet Explorer,Search = c:\searchpage.html O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - C:\WINDOWS\twaintec.dll O4 - HKLM\..\Run: [LimeShop] javaw -cp "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop" O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\sysupd.exe O4 - HKLM\..\Run: [BCACHEW] C:\WINDOWS\System32\BCACHEW.exe O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm O13 - Home Prefix: c:\searchpage.html?page= O13 - Mosaic Prefix: c:\searchpage.html?page= Once all are checked close all running programs and windows and click fix checked Reboot computer to SAFE mode by tapping f8 at startup and delete the following: C:\searchpage.html C:\WINDOWS\alchem.exe C:\WINDOWS\sysupd.exe c:\windows\temp <--all it's contents (not the folder) C:\WINDOWS\System32\BCACHEW.exe c:\program files\lime shop <--folder c:\program files\spykiller <--folder Reboot back to normal/offline and clear out internet files including offline content, history, cookies by going into internet options in control panel...not opening ie. Click the programs tab, click on reset web settings, ok to also reset home page. You will need to re-log on here and other sign in sites. Once done that...post a fresh hijack log. Let me know if there are still issues to resolve. I never give up! Windows Update

Jay I should also ask...Are you the only user account on the computer? Or do you have more user accounts? Let me know...I will want to see logs from other users too if there are any to complete cleanup. I never give up! Windows Update

Hey Blender, Can you please take a look at my HijackThis log too! You seem to know what your doing. I've had this thing for for a couple weeks now and although searchpage.html is gone I can't use my IE browser without being directed back to my homepage which is now about:blank.

Blender, Yes, i am the only one who uses this comp, however, a few things before i run your solution... First, i tried looking for the things you told me to delete, such as limeshop and spykiller, and 1. limeshop will not delete off the add\delete folder and 2. spykiller does not even show up on that menu, nor when i just hit start - search and type in spy or spykiller, etc. I'm not sure if theyre just fragments left behind or? Second, i tried looking for the next list of things u told me to delete in safe mode, and the only one i can find is the limeshop folder in program files. I manually deleted the c:searchpage.html ie icon out of the c folder the other day, as mentioned in a previous post. Should i just run a search on each individual thing and delete them from there? Or where do i go? Also, i click on temp internet files folder, and then content, and inside are 4 letter and number named empty folders and then the dat.file. Should i just delete those 4 folders? Sorry for wanting the explanation like a 2 yr old, but id rather be safe than sorry...Thanks again! Jason

m-eezey Start a new thread here in security/virus with your log and state in the post I asked for it. Alert me when you have done that and I'll help you with it Jay Ok...as for limeshop...I was afraid of that...sometimes it will uninstall from add/remove programs...sometimes not. Check off the items in hijack (includes limeshop's startup and spykiller's too) Once you reboot they wont start and you will be able to delete the folders themselves in program files folder. As for the others I listed...they may be hidden. To show hidden files/folders in xp: Go to control panel Open folder options Click the view tab Scroll down and check: "show hidden files and folders" Uncheck: "hide file extensions for known file types" ""hide protected operating system files (recommended)" Ok the warning Click apply Click ok Now you should be able to find them. To clean out temporary internet files/folders....dont delete the folders themselves... Again go to control panel Open Internet options Click the delete files button On the popup window check" delete all offline content" Click ok.....it will take a few minuites. Click delete cookies Click Clear history Yes at the prompt. Click the programs tab Click "reset web settings" Yes to reset home page settings Click ok. Try IE now...and post new log here. I never give up! Windows Update

Hey blender, thanks for helping me out, i really appreciate it. I've posted my log file in the security/virus forum. The heading is: the trojans are here!!!

Blender, After doing a walkthrough of everything i should delete, i did what you said and showed hidden files, etc, but the only thing is i cannot find either the alchem.exe file or the system32\bcachew.exe. file. I already deleted the c:\searchpage icon from before, and i see the limeshop folder i can delete in safe mode, and after your last post i know how to delete all of the internet temp files, but still no spykiller folder either. I did find the sysupd.exe file, just not the alchem.exe (there is an alchem.ini file however) and the bcachew.exe file. Any ideas? Also, i am going by your list from a few posts above right below what you told me to delete after i run hijack. Is windows temp and temporary internet files the same? Meaning can i use your last post explanation of going to control panel -ie options - delete offline content, etc, etc i know how to do all that, but i was unsure whether the windows\temp folder was different from that, bc you said to delete the contents of that folder, not the folder itself. However, in the windows\temp folder there are a bunch of sub folders including cookies folder, etc, and a bunch of .tmp files, so i just want to be sure u mean to delete the temp files by going to control panel - etc, instead of going to c:\windows\temp and deleting all of the .tmp files. Sorry for the constanttttt badgering, but after my last computer running with rundll error from soemthing i deleted wrongly, i am just making sure...thanks, AGAIN! Jason

Jay Those files you cannot find in the system32 folder...alchem.exe and bcachew.exe...if you enabled hidden files and folders and still cant find them...likely then those 04 items in hijack were just registry entries left over from previous cleanup... No c:\windows\temp is not the same as temporary internet files. When programs get installed they leave remanents behind in the temp folder as well as other programs..good and bad. I empty that folder out about once a month. It is safe to delete everything in there including the sub folders. Whatever programs you have that do perodic updates and use that temp folder will just make new ones next time they update. The cookies folder belongs in: c:\documents and settings\your name\cookies Some of the crapware you had put that in the temp folder. I never give up! Windows Update

Blender, Apparently everything is fixed. The homepage is reset to espn.com and everything seems to be working fine. I still have some pop up action going on and there are backup files in the hijack folder now (what should i do with them?) but other than that, everything seems to be running fine. I ran hijack again and everything is normal, then i ran spybot and adaware and found some new spyware, deleted all, everything is fine with that. However, im not sure if this is related or not, a dpusys notepad preferences file is on my desktop now, can i just delete that or? i have no idea where it is or how it got there. Plus, while im at it, i know of spybot, adaware and now avg, but are there any other programs that will help detect viruses and prevent them from even penetrating my system? I'm running a firewall, but it came with the computer, and after having mcafee not even detect the virus i had, i know the limits of the software that comes with the computer. Any suggestions would be appreciated since i have a high speed modem and all. Thank you again for your time and effort in helping me. It is amazing what kind of things are infecting cyberspace that i did not even know of. Thanks again and i'll let you know if any more problems occur. Jason

Jay With all the junkware constantly infecting the net wherever you go... I use several programs as a layered approach to stop the junk. First and foremost is an up to date operating system. Visit windows update and install all criticals listed. I check there once a week. A good antivirus program updated daily if possible. I use mcafee which is updated every few days. A good firewall..Xp has it's own that works quite well for blocking incomming traffic but not outgoing...you want a 3rd party firewall like zone alarm, kerio, and a few others have a free version out If you want to monitor outgoing trffic. You only want to run one tho...running more than 1 will conflict. I shut off xp's and use zone alarm. Spywareguard...it watches your home and search pages; if something attempts to change your home page (including you) it will alert you with a popup...keep the change or have the program fix it. Updates are about once a month. Spywareblaster...blocks known bad active x controls, tracking cookies, and puts a pile of junkware sites in your restricted zone for Internet explorer. If you hit a bad website..chances are they cant hijack you, install viruses or the like. It also notifies you if your IE security settings are not good and offers to fix...let it. Updates about once a week. IE-Spyad...puts several thousand crapware sites in restricted zone for your protection. Updates about once a month. Download spywareblaster and spywareguard here: http://www.javacoolsoftware.com/downloads.html IE-Spyad here: http://www.staff.uiuc.edu/~ehowes/resource.htm Be sure to read install instructions for this prog...it is a little different. Do you still have both mcafee and avg running? I would uninstall one of them (your choice) as having 2 antivirus programs running will conflict...I keep mcafee and do a perodic online scan if I think I picked up a virus. I would like to see another hijack log to make sure you are clean. That notepad file...if you still have it on desktop can you copy/paste its contents here please? That does sound kinda odd... If you want to delete the backups hijack made...start hijack> click "config" at right> click "backups" at top> click "delete all" at right. Yes the popup. Here is a good web page to check out for protection/prevention: http://boards.cexx.org/viewtopic.php?t=957 __________________________________ I never give up! Windows Update

Hello.. My name is Andrea and I have the 'searchpage' problem also. I took the advice of 'viruskiller101' and downloaded AVG Free Edition and that removed all viruses but 2. The 2 of them will not go into the 'Virus Vault'. It even says it cannot be opened. The programs in question are as follows: C:\Program Files\ISTSVC\ISTSVC.exe -and- C:\Program Files\Common Files\UPDATER\WUPDATER.exe Can somebody PLEASE help me? What do I have to do now? Should I try the removal of Adware/Spyware at www.adware.net? I still get the searchpage problem even after the majority of the viruses are gone. Will someone be so gracious as to help me? Thank you for you time. -Andrea