I have a question ....Whenever I try to visit a particular site for eg if i type yahoo.com Some how i get redirected to http://www.qksrv.net and then to yahoo. All I know qksrv.net is some spy program running on my computer which records the clicked liks. I dont know how to remove the program from my machine
My machine is running on Windows XP.
I dont want to install any spyware programs because the last time i did was installed adware and some how it messed up my system .I had to do SYSTEM RESTORE


Any help.?

actually you need to google over to Tom Coyote's and get hi-jack this.........run it and post the results back over here.....I believe you have had your browser stolen, as it were. We will attempt to retrieve it.....

actually when i try to access some sites i am redirected to http://www.qksrv.net and then to the site where I actaully wanted to go

I am pasting below the output of Hijack-this .....

-------------------------------------------------------------------------------
Logfile of HijackThis v1.97.3
Scan saved at 3:35:57 PM, on 10/13/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0HIC1.EXE
C:\Program Files\Common Files\Presentia\LTDMgr.exe
C:\Program Files\Common Files\Presentia\LSvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Inet Delivery\intdel_2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NetZero\exec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cmd.exe
C:\PROGRA~1\TEXTPA~1\TextPad.exe
C:\Documents and Settings\edwindantas\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?installation_id=1B62C39F-DAE9-4DF7-88C9-BC9D8EFE5144
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_1_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\iesearch.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_1_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {7704D8D8-9EFE-4D82-9C89-0ECBA8434EEE} (PSSetup Class) - http://www.thepowerstrip.com/download/PSOCX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37648.9012152778
O16 - DPF: {C7B05B62-C8D7-438C-840B-4994DAAA8EEE} - http://webpdp.gator.com/v3/download/pdpplugin5094_hd3sstb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://vegasvilla.microgaming.com/vegasvilla/FlashAX.cab
O16 - DPF: {E43DF60D-D6FA-42AB-921C-FE0A023C5BE1} (eWebEditProLibCtl.eWebEditPro) - http://mediastudio.acroyear.net/cms/ewebeditpro.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC3BC53E-F7F4-4A29-BB46-87337A588159}: NameServer = 64.136.28.120 64.136.28.133


-------------------------------------------------------------------------------

Has anyone found the cause to this one yet. It started to show up on my machine also. Ran virus scan and ad-aware but it still is there.

Mopwr It would be useful to see what your Hijack This output would have in common with his. That might tells us what the cause is.

to remove this piece of garbage from Windows 2000 Internet Explorer.......
1) go to Internet Options/Programs and Select Reset Web Settings
2) go to Control Panel/Add Remove Programs and remove Win32 BI
3) search for and remove ClrSchP038.exe
4) run regedit
5)search for all instances of quicksearch and clrsch
6)delete them from the registry
7) reboot

Thanks jonnyt9876, hope that you register and join us here.

The problem is more noxious than I originally thought. It reattatched itself to IE 6 with the new patches this morning.

It seems that in addition to the procedures that I described in my last post there are several more dll's, exe's and registry entries that need to be removed.

In the registry search "seekseek" and "iesst.dll" and delete the entries
on your hard drive search for and delete slmss.exe (do not confuse it with smss.exe) also search for iesst.dll and delete it if it exists.

Great update, thanks for not leaving people in the lurch when you found out that your instructions were incomplete.

If what I have suggested in my last 2 posts doesn't work then try this program.

http://www.spywareinfo.com/~merijn/files/beta/CWShredder.exe

It will remove the 3 most common Web Search Hijack types.

try this:
http://www.seekseek.com/uninstall/index.asp


e-mail from: webmaster@seekseek.com

>>
Thank you for contacting us.

In order to make the uninstallation process as easy as possible, please visit
the link below. If you are prompted to download, you will need to click "Yes".
The download is the actual uninstaller.

http://www.seekseek.com/uninstall/index.asp
(this will also uninstall all references to seekseek.com)

If you have any questions, please feel free to write back.


Best regards,

Webmaster

Quoting Patrick Gallaher <patrick.gallaher@111cast.net>:

> how do i go about the removal of the seekseek.com popup ads?
>
> -patrick


<<

CWShredder will not remove SeekSeek.

Run Hijack This and look for any or more of the following items:

O2 - BHO: DefaultSearch.SeekSeek - {5074851C-F67A-488E-A9C9-C244573F4068} - C:\WINDOWS\IEASST.DLL
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe

All these contribute to the SeekSeek hijack.


Have Hijack This fix all 4, Plus of course the hijacked browser pages themselves.

It will unregister and delete IEASST.DLL.

Now restart your computer, and delete:

The C:\Program Files\Common Files\slmss subfolder
The C:\WINDOWS\mwsvm.exe file

That gets rid of the hijack

_________________
Tony CLSID List

thanks Tony K

My pleasure, phoenix22

_________________
Tony CLSID List

Many thanks Tony Klein to take the time to help us despite your busy
schedule