directed to sweetIM search page [resolved]

where do i start it. 88)
few days ago i installed sweetIM add on for Yahoo messenger, it’s a smiley package for YM.
i don’t know how & why (i remember unticking everything), it also install its toolbar on my firefox 3.0.1 & IE6.
i managed to remove all of the toolbar & the yahoo add on. no more sweetIM on my computer.
but now, everytime i type an incomplete link to Firefox, (let say “comodo”), i’m directed to sweetIm search page >:(
(usually i’ll be directed to google page).
anybody know how to change this?
i’ve tried to click the “G” (google) symbol & “manage search engine”, and i removed everything except google, but it didn’t work.

[attachment deleted by admin]

Disable add-ons in Explorer and FireFox :stuck_out_tongue:

did that >:( still directed to the monkey search page 88)

oh i moved you here :slight_smile:

Reinstall FireFox ? 88) And never use IE >:(

Try running hijackthis and post back a log :slight_smile:


it simply means your default search engine in the registry has been modified >:-D. Does HJT cover browsers other than IE ???

I wonder if it could be as simple as

I do not use Firefox so follow their instructions similar to these for IE. Even though you use firefox, most have a version of IE double check it.

Go to tools at the top right of IE (if IE 7), then Internet Options and check Search, if it is the culprit highlight it and click on remove and then set a new default.

To ensure that your selection does not get written over again reboot and recheck.

Oh, be sure and run any file and registry cleaning programs you use before the reboot


i’ve done all of above suggestions except reinstalling & using HJT. still got the monkey 88)
maybe i’ll just reinstall it. but i have plenty of bookmark items :-\
oh mine is IE6, never use it, but this monkey install its toolbar automatically there. i’ve uninstall them all,
the toolbar for IE6 & the smiley for YM using revouninstaller and the toolbar for firefox from tools/add ons

i use only google toolbar & i removed all of the other options except google on “manage search engine” (attached). but still got directed to sweetIm search 88)

[attachment deleted by admin]

Now get me that log >:(


later dude ;D i don’t even have HJTi’ll download it. but it’s gonna take a while, you know…mouter 88)

here you go :stuck_out_tongue:

[attachment deleted by admin]

Wow. You don’t have as nearly much junk as I thought ;D

Close your browser and then let HJT remove this entry:

R3 - URLSearchHook: (no name) - {2C2C1BED-5B1C-4bf2-BC2A-86BF224B01AB} - (no file)

Don’t worry; it’ll backup every deleted item. Retry Firefox and report back.

[attachment deleted by admin]

your log: ??? you have broken internet access ???

done! errr little mistake :-\ i remove the entry without closing my browser first :-
i’m still directed to the monkey search page.

Also remove this:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

To be sure, search the registry for any instance of “sweetim” and be wary of the results because I bet you’ll see it somewhere.

OK.will do! once i’m at my office

done that :stuck_out_tongue: using regseeker. there are a lot of entries for sweetim, but all of them related to “comodo firewall pro” ??? so i didn’t do anything about it. maybe they’re rules created by CFP or something like that?

RegSeeker will also pluck the remaining registry keys leftover by Defense+ :-TD. that’s why i put in the wishlist to include a purge all button for all obsolete files on the PC :a0. Anyway, that’s another topic.

still got the monkey (:SAD)
isn’t this something to do with IE ??? not Firefox ???

here’s the latest hijackthis log :stuck_out_tongue:

[attachment deleted by admin]

a quick skim shows this as a suspicious entry:
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)

Come on, where are all the HJT nuts experts (:NRD)?

beside you? ??? ;D
so…should i delete that entry too or i’ll wait for the nut expert’s opinion? :stuck_out_tongue:

Lol, toshiba is bloated ;D

I can’t find anything else that could be malware so kill it. If your computer can’t boot-up anymore, then it was legit (:NRD)