Over 1 million tech questions and answers.

cool web search stinks! HELP!

Q: cool web search stinks! HELP!

Hey.. I've tried getting rid of cool web search so many times! I have adaware and run that.. and it get rids of it for awhile but then it comes back! i also run cool web search.. but hey.. does the same thing.. comes back!! I've tried to go thru that whole process of findnfix but i dont think the dude knew too much which i thought was fine.. cuz I'd try again.. but if anyone could help me it would be GREAT! Here is a fresh hijack log.. when its ON my computer.. if you want one when its not.. just tell me... by that i mean.. when i delete it for like 2 minutes

RELEVANCY SCORE 200
Preferred Solution: cool web search stinks! HELP!

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: cool web search stinks! HELP!

Read other 10 answers
RELEVANCY SCORE 62.8

Running windows 7

For the first time in 15 years of using a PC, I've finally come down with a virus. It seems to redirect my searches to different fraud search engines, mostly "coolsearchsystem.com".

Microsoft Security essentials identifies it as: Sirefef.D and Sirefef.E, but it doesn't seem to be able to remove them completely. All resources online so far have also failed.

This is the hijackThis log...
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:35:10 PM, on 11/10/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\wininit.exe
C:\windows\system32\csrss.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\w... Read more

A:Cool search system, not as cool as promised

Hello and Welcome to the forums!My name is Gringo and I'll be glad to help you with your computer problems.Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger:Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will appea... Read more

Read other 48 answers
RELEVANCY SCORE 56.8

I am having major problems. In my add/remove program the shopping wizard and search assistant are listed. When I try to remove them my computer freezes up and nothing happens. I have to shut down and start up again. Computer is running really slow and many programs won't even open. I have run ad-aware and removed what it found, spy sweeper and removed it's findings and mcafee virus scan. I don't know what else to do! Please help me! Thanks in advance! Oh and everynow and then a pop up comes up and the only title it has is "only the best"
 

A:Pleaz help me remove shopping wizard, search assistant, and cool web search!

Read other 12 answers
RELEVANCY SCORE 52.4

I have been trying to get rid of this spyware that is driving me crazy with pop ups and is preventing me from opening up my task manager. I ran hijackthis! here's my report, can someone help me remove this?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:44 AM, on 6/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\UPS\WSTD\MSSQL$UPSWSDBSERVER\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svcho... Read more

A:Cool web search HELP

Hello and Welcome.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.
---------------------------------------------------------------------------------------------

Please follow our 5 Step process outlined here:

http://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Read other 6 answers
RELEVANCY SCORE 52.4

spybot came up with this on last run "Cool WWW Search.Msconfig"
when i tried to remove it it said "associated files still in use (in memory)
could be fixed after restart"
i restarted but it's still there.....help.

i'm using xp pro.
do you want to see a hijack this log or is there an easy fix ?

thanks in advance ...t bone
 

A:Cool WWW Search ?

Read other 11 answers
RELEVANCY SCORE 52.4

PLEASE HELP! I need to get this off my computer and can't!!!! I had it before and you helped me remove it, but CWShredder isn't even picking anything up! It is only affecting the default page in IE, but not Netscape~!

Does anyone know what 180ResearchAssistant is?

THANKS SO MUCH.
 

A:Cool Web Search

I believe that is spyware

Create a permanent folder, either on the hard drive or in My Documents and download Hijack This: http://www.majorgeeks.com/download3155.html

Close out any open web browsers

After it downloads, run a scan, save the log file it creates
Then copy and paste the log back into this thread

Do not attempt to fix anything yet
 

Read other 1 answers
RELEVANCY SCORE 52.4

Can't get rid of CoolWebSearch.

Here's my hijack this log file.

I've run Adaware and Spybot, both came clean.

Also my desktop wallpaper will not work, just get a blank screen. Could this be rleated?

Logfile of HijackThis v1.99.1
Scan saved at 1:10:08 PM, on 2/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr____.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:... Read more

A:Cool Web Search

Read other 16 answers
RELEVANCY SCORE 52.4

I've got this cool web search virus again. here is the logfile. Thanks.

Logfile of HijackThis v1.99.0
Scan saved at 2:22:04 PM, on 2/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sierra Wireless Inc\AirCard 555\Verizon\Components\SwiWiFiComm.exe
C:\WINDOWS\Rcserv.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\UMS\Director\bin\twgipcsv.exe
C:\PROGRA~1\UMS\httpd.exe
C:\PROGRA~1\UMS\Director\bin\twgipc.... Read more

Read other answers
RELEVANCY SCORE 52.4

hi at all,
I think I have the damn cool web search, but my ad-aware can't find it.
but when I open a ewb page strange pages open automaticaly too.
ad-aware find only the tracking.

this is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 18.56.37, on 13/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Hcontrol.exe
E:\WINDOWS\system32\sistray.EXE
E:\WINDOWS\system32\khooker.exe
E:\WINDOWS\system32\pctspk.exe
E:\Programmi\Synaptics\SynTP\SynTPLpr.exe
E:\Programmi\Synaptics\SynTP\SynTPEnh.exe
E:\Programmi\ASUS\WLAN Card Utilities\Center.exe
D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
E:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
D:\Programmi\HighCriteria\TotalRecorder\TotRecSched.exe
D:\Programmi\D-Tools\daemon.exe
E:\WINDOWS\ATKOSD.exe
D:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
D:\Programmi\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
E:\WINDOWS\System32\svchost.exe
E:\Programmi\MSN Messenger\msnmsgr.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\explorer.exe
E:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\Programmi\Internet Explorer... Read more

A:COOL WEB SEARCH, again!!!

Read other 16 answers
RELEVANCY SCORE 52.4

My browser keeps getting hijacked to coolsearch.biz. Spybot, AdAware and other programs don't help. My log is below. Please help!

Logfile of HijackThis v1.98.2
Scan saved at 9:48:33 PM, on 11/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\eXpress\NS Client\AeXNSAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Altiris\Setup Files\PatchMgmtAgent\AeXSetup.exe
C:\WINDOWS\System32\Msiexec.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\EAS\easclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Hummingbird\DM Extensions\papihost.exe
C:\Program Files\Hummingbird\DM Exten... Read more

A:help with cool search

Run HJT again and put a check in the following:

R3 - Default URLSearchHook is missing
O2 - BHO: BHO Class - {CBEFB350-ED5B-4115-B846-C1041676B377} - C:\WINDOWS\System32\CustomIE32.dll

Close all applications and browser windows before you click "fix checked".
 

Read other 3 answers
RELEVANCY SCORE 52.4

I have a Cool web Shredder from trend micro installed and when I run a fix it scan It ALWAYS shows 'cws.msconfig'......Removed. But if I run the scan again straight away it is still there. How Do I get rid of this? Thanks, Sean
 

Read other answers
RELEVANCY SCORE 52.4

I am running windows xp/home edition with SP1 and have the cool search hijacker. I tried running spybot, spysweeper, and cwshredder. No luck in getting rid of this demon. I downloaded hijackthis and here is the log. Thanks for your help.

Logfile of HijackThis v1.97.7
Scan saved at 2:09:30 AM, on 7/31/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\apixq32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jucheck.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe... Read more

A:help with cool search

Read other 13 answers
RELEVANCY SCORE 52.4

Hi,

I have cool-search.ws on my computer and i cant get it off it sets it self up to go to cool-search.ws webpage everytime i click on home. "http://81.211.105.9/" :is the place .....i have searched to see if i can find away of removing but no luck yet....Any ideas????

oh a search & destoy doesnt find it.
Cheers ipatriot
 

A:cool-search.ws

Read other 9 answers
RELEVANCY SCORE 52.4

Here's my HJT log. I keep having "about:blanK" with some search page loading off and on. Ad-aware always finds and removes and so does CWShredder. Nevertheless, it keeps coming back, and not necessarily after rebooting. Do you see anything here?I hope I did this correctly. I haven't done anything since creating this log. Thanks in advance for any help. JimHJTlog JimWLogfile of HijackThis v1.98.0Scan saved at 8:33:29 AM, on 7/2/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Sygate\SPF\Smc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Dell\AccessDirect\dadapp.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Dell\AccessDirect\DadTray.exeC:\Program Files\Messenger\msmsgs.exeC: ... Read more

A:Cool Web Search again?

You are currently using hijackthis from a temp directory. This can cause problems. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on.

Do not fix any entries yourself from this point forward as I need to see whats happening.
FIx these with hijackthis:

R3 - URLSearchHook: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O2 - BHO: (no name) - {0BA9D5DF-E915-497F-B991-F78BF23AFC21} - (no file)
O2 - BHO: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O3 - Toolbar: (no name) - {1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file)
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML

Reboot into safe mode and delete the following file:

C:\WINDOWS\System32\toolbar.dll

Reboot and post a new log

Read other 10 answers
RELEVANCY SCORE 52.4

I have the same problem with my home page defaul. Here is the log file. How do I get ride of the problem...
Logfile of HijackThis v1.97.7
Scan saved at 11:34:30 PM, on 12/24/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\smtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast Hig... Read more

A:Cool-Search POS

Download & Run CWshredder from
http://www.merijn.org/cwschronicles.html
and make sure you follow the advice about the security updates listed at the bottom of the page, in order to prevent re-infection, otherwise you will be continually reinfected
the patches are :
http://support.microsoft.com/default.aspx?kbid=828026
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/ms03-011.asp

then reboot &
Download Spybot - Search & Destroy from http://security.kolla.de

After installing, first press Online, press search for updates, then tick the updates it finds, then

press download updates. Beside the download button is a little down pointed arrow, select one of

the servers listed. If it doesn't work or you get an error message then try a different server

Next, close all Internet Explorer and OE windows, press 'Check for Problems', and have SpyBot

remove all it finds that is marked in RED.

then reboot &
download AdAware 6
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
the current ref file should read 01R241 25.12.2003

Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

then......

click "Use custom scanning options>Customize" and have these options on: "Scan within archives"

,"Scan active process... Read more

Read other 3 answers
RELEVANCY SCORE 52.4

As advised, this log is complicated. What do I need to do next in order to remove CWS once and for all?Thank you in advanceJohnLogfile of HijackThis v1.97.7Scan saved at 15:41:13, on 18/06/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\WINDOWS\System32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exeC:\WINDOWS\system32\HPConfig.exeC:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\System32\carpserv.exeC:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXEC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\windows\system\hpsysdrv.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E... Read more

A:Cool Web Search

Step 1. Download DLLFix from:http://downloads.subratam.org/dllfix.exeorhttp://tools.zerosrealm.com/dllfix.exeStep 2. After it has completed downloading, navigate to the folder you saved it in and double-click on dllfix.exe.Step 3. It will prompt you to extract the files somewhere. Type in c:\dllfix and press install.Step 4. Navigate to c:\dllfix and double-click on start.batStep 5. Run Option 1 by pressing 1. The program will now start searching.Step 6. Once the search is complete a notepad will open called output.txt. Post the contents as a reply to this post.

Read other 2 answers
RELEVANCY SCORE 52.4

Hi.
My computer was infected with the cool www search and I used Ad Aware to remove it. The removal was successful, however, it keeps coming back. It does tell me that it has been deleted, but the 14 files return each time a scan. Any suggestions?
Thanks for the help.
 

A:Cool Search

Hi and welcome to TSG,

Please do this. Click here: http://www.majorgeeks.com/download3155.html to download Hijack This.

It’s very important that you save it to its own folder on your hard drive, such as program files (not temporary files or the desktop), so that it can create proper back-ups and be able to restore them if necessary.

Close all open windows and open Hijack This. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and then save it to NotePad. Click on “Edit” – “Select all” – “copy” and then “paste” into the thread.

DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed.
 

Read other 1 answers
RELEVANCY SCORE 52.4

I've been trying to get Cool Web Search of this XP home PC for hours now. Evertime I think I get it strait it pop up again. I installed Norton AV 2005 and got all the updates. When the problem appears norton finds a file or 2 and deletes it. When I reboot it is there is a file there again with a different name (Hkey- Local Machine-Software-Microsoft-Windows-Current Version-Run). Here is the HijackThis log file:Logfile of HijackThis v1.99.1Scan saved at 11:51:31 AM, on 7/7/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\CTsvcCDA.exeC:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exeC:\Program Files\Norton AntiVirus\navapsvc.exeC:\Program Files\Norton AntiViru... Read more

A:Cool Web Search :(

PLEASE PRINT OUT THESE INSTRUCTIONS BEFORE PROCEEDING.(Click on Print this topic in the upper RH corner.)STEP 1:Please make sure that you can view all hidden files. Instructions on how to do this can be found here.STEP 2:Please download Trend Micro? CWShredder? here.Save it to its own folder named CWShredder and place it at the root of your C:\drive along with HijackThis.Don't run it yet, we will use it later.STEP 3:Download AboutBuster from RubbeR DuckY hereSave it to its own folder named AboutBuster and place it at the root of your C:\drive along with HijackThis.Double-click AboutBuster.exe and press Update to make sure you have the latest reference file version.NOTE: You might want to view this AboutBuster tutorial here first before running the tool.Don't run it yet, we will use it later.STEP 4:Download and install the latest version of Ad-Aware SE hereNOTE: If you are still using the older Ad-Aware 6, go to Add/Remove Programs in the Control Panel and uninstall it now before installing Ad-Aware SE.Please configure the program by following these instructions here.Before scanning click on "Check for updates now" to make sure you have the latest reference file.Don't run it yet, we will use it later.STEP 5:Download the eScan Antivirus Toolkit here.Save it to the desktop. This program is 10MB in size.Don't run it yet, we will use it later.STEP 6:Download and install the Ewido Security SuiteNOTE: The Ewido Security Suite utility will not install on Window... Read more

Read other 1 answers
RELEVANCY SCORE 52.4

Hi there,I've followed your advice and run adaware and spybot. I'm not sure whether my pc is still infected. Please could you take a look?HJT log :Logfile of HijackThis v1.99.1Scan saved at 17:48:26, on 12/04/2005Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\System32\RUNDLL32.EXEC:\Progr... Read more

A:Cool web search?

Hi Phil! Your log is in fact clean now! To help keep you that way:The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from th... Read more

Read other 3 answers
RELEVANCY SCORE 52.4

I've got this cool web search virus again. here is the logfile. Thanks.

Logfile of HijackThis v1.99.0
Scan saved at 2:22:04 PM, on 2/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Sierra Wireless Inc\Network Adapter Manager\Network Adapter Manager.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sierra Wireless Inc\AirCard 555\Verizon\Components\SwiWiFiComm.exe
C:\WINDOWS\Rcserv.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\PROGRA~1\UMS\Director\bin\twgipcsv.exe
C:\PROGRA~1\UMS\httpd.exe
C:\PROGRA~1\UMS\Director\bin\twgipc.... Read more

A:cool web search

There's a Removal Tool that worked real well for me HERE

It's a good idea to run all virus/spy/ad/malware removal progs from "SAFE" mode, particularly HiJackThis!, I think.

Afterthought:

Y'know, I've noticed while cruising around these kind of forums for months that everybody in the world is posting HijackTHis! logs and asking other people to look at them and decide what needs to go.

It seems to me that it shouldn't be THAT difficult to make some kind of prog that will read your log for you and spit back those log entries that are KNOWN to be bad, those which are Questionable and those that are considered SAFE (or necessary).

THEN it seems to me that you could make that prog available only via a particular web-site and so everyone could go to that site, paste in their log and get the results back instantly, rather than waiting for some anonymous person to feel like looking at your log and making decisions of unknown validity.

This would seem to be a good way to get people to come to your site. And it should be too draining of bandwith. HijackTHis! logs are small and are in text, and the report shouldn't be much bigger than the log itself. So a small text file goes "in", and a small text file goes "out" with a minimum of calculations necessary (no rocket-science math here either). Everybody wins. Traffic increases and people get instant and reliable results for which HijackThis entires they need to remove.

Read other 13 answers
RELEVANCY SCORE 52.4

As I have noticed, I am not alone with my CWS problem. (Thank God)!
Can I follow removal instructions given to Tony etc. or should I follow specific instructions?
Have already downloaded Adaware (Lavasoft), Spybot and registered with Avast.com. Nothing has worked so far. Please help.

A:Cool Web Search

Hi JohnWelcome to BCFirst, create a folder for HijackThis in the root folder of your hard drive.Reason: in case something gets fixed that didn't need to get fixed you can always restore. example C:/HJTC/hijackthisClick here to download Hijack This. Save it to the folder you have just createdClose all open windows and open HIJACK THIS. Click ?Scan?[/b] . When the scan is finished (it only takes a second), the scan button will change to?Save Log?. Click on?Save Log? and save it to NotePad. Copy the entire log and paste it here. DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.If you need More instructions on how to use Hijack this click the link belowhttp://www.bleepingcomputer.com/forums/ind...showtutorial=42Lobos

Read other 1 answers
RELEVANCY SCORE 52.4

I am working on a computer that has se.dll in the Temp folder. I have tried everything short of formatting. When I manage to get it out after reboot and reconnection to the net it reinstalls itself. Please help me get it out. Thanks in advance.Here is my HJT log:Logfile of HijackThis v1.99.1Scan saved at 4:07:40 PM, on 02/18/2005Platform: Windows ME (Win9x 4.90.3000A)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\MPREXE.EXEC:\PROGRAM FILES\EXECUTIVE SOFTWARE\DISKEEPER\DKSERVICE.EXEC:\WINDOWS\SYSTEM\RPCSS.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\EXPLORER.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXEC:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXEC:\WINDOWS\PCTVOICE.EXEC:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXEC:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXEC:\PROGRAM FILES\LIUTILITIES\WINTASKS\WINTASKS.EXEC:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\WINDOWS\SYSTEM\PSTORES.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\WINDOWS\... Read more

A:Cool Web Search or more?

Hello sweetsatin,

I am reviewing your log, and will post back shortly

Read other 4 answers
RELEVANCY SCORE 52.4

I am trying to get a friends computer running right again. There seems to be a persistent hijacker that I can not get rid of. Spybot S&D has been run, Spywareblaster allows me to change the IE homepages but they return to the hijack pages upon rebooting. I have run CWshredder and it finds no CWS instances, but I understand that it is no longer being updated (sniff). Below is the HT log:

Logfile of HijackThis v1.97.7
Scan saved at 8:20:09 AM, on 7/7/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Applications\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ntnz32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\APPLIC~1\NORTON~1\navapw32.exe
C:\WINDOWS\apixg.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Microsoft... Read more

A:Cool Web Search

Read other 12 answers
RELEVANCY SCORE 52.4

Hi I think I have Cool Web Search, well I kno wI have some junk on my computer the spyware removal wont fix. Can someone have a look at this for me please

Logfile of HijackThis v1.99.0
Scan saved at 4:45:36 PM, on 2/3/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\MultiPASS4\MPTBox.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PeerGuardian pr14\PeerGuardian_1.99b_pr14.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Labtec Wireless Desktop\MagicKey.exe
C:\mysql\bin\winmysqladmin.exe
C:\Program Files\Labtec Wireless Desktop\MulMouse.exe
C:\Program Files\Labt... Read more

A:Cool Web Search

Read other 8 answers
RELEVANCY SCORE 52.4

I got this virus on my PC due to stupidty of not having protection software. Since then I've added Norton and Webroot Spy Sweeper. I also run Ad-Ware SE and I delete versions of this but it keeps recreating itself. Any ideas how to rid myself of this? I ran program that lists the processes running and got this:

Logfile of HijackThis v1.99.1
Scan saved at 9:41:21 AM, on 8/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program... Read more

A:Cool Web Search?

Read other 11 answers
RELEVANCY SCORE 52.4

I have been violated by a site entitled "Cool Web Search" It comes up as my home page and no matter what I do I cannot change it or find it to kill it. PLEASE HELP!

A:cool web search must die

Hi there and welcome to BC.We need a complete HijackThis (HJT) log file to be able to analyze what is happening on your computer. After you done this please post the log into the forum "HijackThis Logs and Analysis" Forum now let's start.If you do not have a copy of HijackThis or do not have the latest version (1.99.1) then download it from here: HijackThis. Double-click on the file you just downloaded and click on the UnZip button to install the program. It will be installed to the C:\Program Files\HijackThis\ directory by default.Start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.And then post it into the "HijackThis Logs and Analysis" forumHope ive helped you Regard's Claudio

Read other 4 answers
RELEVANCY SCORE 52.4

Hi,I recently did a Ad-Aware, ADS scan and it showed 102 bad files, all COOL WEB SEARCH. It seems like I keep deleting these files during scans but they keep coming back. Fortunately, my browser has not been hijacked for close to one month. I would like to permanently remove any Cool Web Search files. Hopefully someone can help. Thanks Here is my most recent Hijack THis Log:Logfile of HijackThis v1.99.0Scan saved at 4:00:12 PM, on 2/17/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\LEXBCES.EXEC:\WINNT\system32\spoolsv.exeC:\WINNT\system32\LEXPPS.EXEC:\WINNT\Explorer.EXEC:\WINNT\ehome\ehtray.exeC:\Program Files\Gateway Utilities\GWInkMonitor.exeC:\Program Files\Common Files\Sonic\Update Manager\sgtray.exeC:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exeC:\Program Files\Iomega\DriveIcons\ImgIcon.exeC:\Program Files\QuickTime\qttask.exeC:\WINNT\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Microso... Read more

A:Cool Web Search

Fix this:

O23 - Service: SmartLinkService - Unknown - slserv.exe (file missing)
But thats about it. Nothing else bad on there

Read other 1 answers
RELEVANCY SCORE 52.4

A friend of mine used my pc and now CWS is on my system. I bought Spy Sweeper and found two installed cws programs on my system. I removed them with spy sweeper but instantaneously showed back up. So i treid it in safe mode, found the same two "things" on my system but could not get rid of them. Very hard to surf the web. So I read the Mozilla's Firefox was a good browser for this kinda stuff. Well I installed it and it works great. My question to you is how do I get it off my system? Does this attach itself to files. Do I have to format my harddrive?
 

A:un-Cool Web Search

Hi, No, a format should not be needed, but it can be frustrating trying to remove some about:blank hijacks, if that is what you have...let's find out:

There are directions here to do it: There are .zip form and .exe form, take your pick.

Download it here:

http://radiosplace.com/

Or here.
It's a direct download so be ready with the folder for it.

Basically, create a new folder, the desktop is OK (provided you MAKE a folder on your desktop), name it something like HJT, and download TO that folder, run hijackthis.exe from there. If there are users of the computer who might start HJT and use it, hide the program in a folder elsewhere!

When it is done scanning> the Save log button will become available, save the log as hijackthis.txt which will open with Notepad. Go back to TSG, open your post, and copy and paste the entire logfile into a reply in your thread (here) and wait for advice.

Please do NOT use HJT yourself to remove anything, most of what it shows is good and needed by the system
EDIT: I have asked someone to stop in and help with your problem so expect a reply soon.
 

Read other 3 answers
RELEVANCY SCORE 52.4

I have searched for days (while being interrupted by CWS)! and have still not found an update for DLLFix or similar.

What advice can you give to remove CWS?

A:Cool Web Search

hi JohnWelcomew to BCit's not that simple to give advice on CWS anymore certain varients get treated differently as well it depends on the OSso i advise to do thisFirst, create a folder for HijackThis in the root folder of your hard drive so it can make proper backups exampleC:/HJTC/hijackthisnextClick here to download Hijack This. Save it to the folder you have just createdClose all open windows and open HIJACK THIS. Click ?Scan?[/b] . When the scan is finished (it only takes a second), the scan button will change to?Save Log?. Click on?Save Log? and save it to NotePad. Copy the entire log and paste it here. DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.Lobos

Read other 2 answers
RELEVANCY SCORE 52.4

Hi! I did my Hijack this log and I was wondering if someone could tell me what items I should delete. This spyware is driving me crazy - LOL. Thanks in advance.....

Logfile of HijackThis v1.98.2
Scan saved at 10:16:25 AM, on 9/23/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM32\WINMM64.EXE
C:\WINDOWS\PENT64S-NT.EXE
C:\WINDOWS\SYSTEM32\SPORMS32NT.EXE
C:\WINDOWS\PESY64SP.EXE
C:\WINDOWS\SYSTEM32\MSPES-NTOR.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZAPRO.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS1982.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-r... Read more

A:Can someone help me regarding Cool Web Search?

You may want to print out these instructions or save them to your desktop because we will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet.

Download CWShredder from this link:

http://www.downloads.subratam.org/CWShredder.exe

Save it to your desktop, but do not run it yet!

Please close all browsers and windows and have HijackThis fix these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-abc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://s-redirect.com/?b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-abc
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://s-redirect.com/?a=2&b=n-abc
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://s-redirect.com/?a=2&b=n-abc
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL... Read more

Read other 1 answers
RELEVANCY SCORE 52.4

I recently bought a new pc, it has been working perfectly but........ not anymore. When I try to launch internet explorer, Cool web search appears (instead of Google), and everything goes slower and slower... Here's my Hijackthis log... Please help!!!

Logfile of HijackThis v1.97.7
Scan saved at 22:13:07, on 02/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Archivos de programa\Java\j2re1.4.2_01\bin\jusched.exe
C:\Archivos de programa\Lexmark X1100 Series\lxbkbmgr.exe
C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe
C:\Archivos de programa\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\System32\systime.exe
C:\ARCHIV~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\ARCHIV~1\McAfee.com\Agent\mcregwiz.exe
C:\WINDOWS\System32\ctfmon.ex... Read more

A:cool web search

p.s. I have already used CWSchredder, and it says that my system is completely clean... and it isn't

Read other 9 answers
RELEVANCY SCORE 52.4

ran ewido in safe mode as a regular precaution. seems cool web search is there
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:03:32 PM, 5/20/2006
+ Report-Checksum: 758CE5A2

+ Scan result:

HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CLSID -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj\CurVer -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 -> Adware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\sue\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\sue\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\sue\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\sue\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\sue\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\sue\Cookies\[email protected][2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\sue\Cookies\[email protected][1].txt -> TrackingCook... Read more

A:cool web search?

Read other 8 answers
RELEVANCY SCORE 52

Operation system Window XP Home edition

My mom switched on my laptop in the morning of May 26, and downloaded a movie thru pipi.cn (a chinese movie search engine). Since then, several things have happened.

1) A warning symbol (golden triangle with a exclamation sign in the middle) will appear every 2 minutes. A message bubble will appear on top of it bearing 4 different messages. They are, "Your Security and privacy are at risk!...", " Warning: Your computer is infected with spyware!...", "Internet attack attempt detected:...", and "Your computer is working slowly!...". When I clicked the bubble, an ie window opened and loaded a webpage selling anti-spyware softwares. It's URL is <http://windows-privacy-protection.com/?aid=444.0>. But I see the address "about:security" in the address bar. I must add that I foolishly downloaded one of the advertised softwares, SpyMaxx, and used it to scan my laptop.

2) Hijacked desktop. My desktop turned turqoise blue. Although I tried to change to desktop thru Display Properties, but it would change back automatically around every 60.5 seconds. I notice this phenomenon is coupled with a two flickers of blackness of all the icons on the desktop as well. A warning in yellow font, "Warning: Spyware threat has been detected on your PC..." and a link to the aforementioned website is on the desktop as well.

3) Pop-up Windows. A window with a red bo... Read more

A:Cool Web Search Infection

Ok now run this tool and post back the scan report.SmitFraudFix by S!RiThe report can be found at the root of the system drive, usually at C:\rapport.txt To fix the Task Manager issue please follow the instructions in Post #4 here...http://www.bleepingcomputer.com/forums/t/132872/task-manager-disabled/

Read other 7 answers
RELEVANCY SCORE 52

Guys, I have a problem with the CWS:Searchx trojan, in that I cannot prevent it from reinfecting my system. I have run the CWShreader and I am currently clean. I have installed all of the updates as recommended by the CWShreader program but it still comes back. I have also applied most of the recommended updates from the "How did I get infected in the first" thread.

Here is the log file from HijackThis. Can you help?

Thanks in Advance.

Logfile of HijackThis v1.97.7
Scan saved at 7:45:53 PM, on 9/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton SystemWorks\N... Read more

A:[solved]Cool Web Search

Read other 16 answers
RELEVANCY SCORE 52

Well, your fabulous forum helped me get rid of BlazeFind from my desktop system. Now my laptop has Cool Web Search. ARG! I more than happily donated to supporting the forum for the EXTREMELY appreciated help I received last time, and I knew right where to come for this problem.What I've got:Ad-aware 6 keeps finding Cool Web Search.IE brower keeps going to about:blank with search content.Popup windows galore!What I've done:Followed the posted tutorialRan Ad-aware Plus 6.0 (paid version)Ran Spybot S&D 1.3 (new version)Ran CWShredder (says everything is clean)Ran HijackThis (log below)Logfile of HijackThis v1.97.7Scan saved at 9:32:04 PM, on 6/16/2004Platform: Windows 2000 SP4 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\regsvc.exeC:\WINDOWS\system32\MSTask.exeC:\WINDOWS\System32\WBEM\WinMgmt.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\imqvcbf.exeC:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exeC:\Program Files\Linksys\Wireless-B Noteboo... Read more

A:Help again! Cool Web Search this time

hello TivoBuddyRun hijack this put a check next to these close all browsers and hit fixMake sure not to miss one R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Loren\LOCALS~1\Temp\sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Loren\LOCALS~1\Temp\sp.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Loren\LOCALS~1\Temp\sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Loren\LOCALS~1\Temp\sp.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Loren\LOCALS~1\Temp\sp.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Loren\LOCALS~1\Temp\sp.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htmR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blankR1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankR3 - Default URLSearchHook is missingO2 - BHO: (no name) - {3C2D0A1C-EAA3-424E-B94F-CF45DD430C4A} - C:\WINDO... Read more

Read other 9 answers
RELEVANCY SCORE 52

Help!!! I have tried everything including using previous info posted. Keeps reinstalling over and over. Any help will be greatly appreciated. Here's my log file.
Logfile of HijackThis v1.99.1
Scan saved at 4:10:06 PM, on 8/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\iejw32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\BESTBU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Ma... Read more

A:Cannot Get Rid of About:Blank / Cool Web Search

Read other 8 answers
RELEVANCY SCORE 52

Hello Security Forum Experts,

I am having some recurrent problems with some spyware aka Cool Web Search and 'nkvs' or 'nkds' entries in my HJ Log. I am not at the machine that this is occuring on so I cont send the HJ log right now.

I tried removing all entries that were offending in the HJ log, ran Spybot Search & Destroy and CW Shredder.

The entries reappear in the HJ log immediately after removal. CW Shredder ran successfully to completion but did not remove the malware.

Are there any other tools I should be running or using to remove this. Also, I recently read that removing the VM machine capability from the OS closed some doors used by malware infectors to gain entry to my machine. Is this VM Machine something you guys recommend?

If you can help me get rid of this hijacker I would appreciate you help and thanks in advance. I am usually pretty good about keep my machines free of these pests but this nkds entries, along with a number fo obfusgated entries doesnt seem to be affected by the Spybot or CW Shredder.

Any thoughts ?
 

A:Cool Web Search Problem

Give us a post of the HijackThis scanlog to see.

Go to start>run and enter cmd

At the command prompt enter

jview

If it says Java Version 3810 you do not need to do anything about Virtual Machine. If it is a lower version you need to get the Security update from Microsoft.
 

Read other 1 answers
RELEVANCY SCORE 52

I can't get rid of this Cool Web Search bug. I run CounterSpy and it gives me the following results:

CoolWebSearch (Browser Hijacker)
Possible Browser Hijack (Browser Hijacker)
CWS.NS3 (Browser Hijacker)
along with a bunch of cookies.

I quarantine it and keeps coming back.

The following is the log I get when I run hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 9:50:57 PM, on 5/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~4\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~4\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Prog... Read more

A:Solved: Cool Web Search

Read other 8 answers
RELEVANCY SCORE 52

I have tried to rid myself of the above but haven't had much (any) succcess. Below is a copy of my "hijackthis.log:

Logfile of HijackThis v1.98.2
Scan saved at 7:34:53 PM, on 9/29/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\AGRSMMSG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\PROPEL ACCELERATOR\PROPELAC.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\COMMON FILES\ROXIO SHARED\PROJECT SELECTOR\PROJSELECTOR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\HP OFFICEJET V SERIES\BIN\HPOANT07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\HP OFFICEJET V SERIES\FRU\REMIND32.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\DC SERIES 1\CONSOLE\WATCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOEVM07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\AIO\SHARED\BIN\HPOSTS07.EXE
C:\P... Read more

A:About.blank and Cool Web Search

Hi gr8placer
Close your browser window,run hjt in safe mode and fix these items.Any files/folders that I have highlighted will also need to be removed from your hard drive as well as from the log. Make sure to have your system set to show hidden files and folders.. www.xtra.co.nz/help/0,,4155-1916458,00.html while still in safe mode,run "CWshreader".Post a new log when finished....

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {32F2C433-E573-11D8-91E9-000A477805E3} - (no file)
O2 - BHO: (no name) - {C6B68643-0E55-11D9-91E9-000A4826C2E0} - C:\WINDOWS\SYSTEM\HMBFP.DLL
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsol...ArcadeRdxIE.cab
O18 - Filter: text/html - {C6600D82-11A5-11D9-91E9-000A8F07F143} - C:\WINDOWS\SYSTEM\HMBFP... Read more

Read other 7 answers
RELEVANCY SCORE 52

Can Somone Please help me to slove my problem. I have run Ad-aware, Spybot S&D, Spywareblaster, CWShredder, Hijackthis, AboutBuster, Spyware Nuker2004, Spyware Stomer adn Norton Anti-Virus (All with the latest update). However, everytime I open the interner explorer it still set my home page at "about:blank" and tons of pop up. I have been working on this problem for over 5 hours already and I'm running out of option. Thanks in advance. Below is my log.

Logfile of HijackThis v1.98.2
Scan saved at 6:09:30 AM, on 10/1/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
C:\WINDOWS\System32\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\appoe.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\AOL Companion\companion... Read more

A:Can't Remove Cool Web Search. Please Help!

Hi.......both Spyware Nuker and SpywareStormer are scamware programs......totally useless....I would advise you to remove them both.
================================================
Run hijackthis again and put a checkmark against these entries....double check
in case you miss anything....
.....then,close all browser and outlook windows including this one and "fix checked"

O2 - BHO: (no name) - {14A8A5FE-B57D-0B1C-6508-01E9615DFBD7} - C:\WINDOWS\addtz.dll
O4 - HKLM\..\Run: [appoe.exe] C:\WINDOWS\appoe.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe

Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
then as some of the files or folders you need to delete may be hidden do this:
Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Locate and delete:
C:\WINDOWS\appoe.exe
C:\WINDOWS\Q328940.log:qnbpn
==============================
Empty the Recycle Bin.

Open internet Explorer Click on "Tools">... Read more

Read other 3 answers
RELEVANCY SCORE 52

Please help!

I have a CoolWebSearch problem this is making my teaching from home impossible!

It takes over my browsers and I am SOOOO slow... I have ran Ad-Aware - CW Shredder - Spybot...Ad-aware finds and deletes 4 reg entrys...but they just come back - CW Shredder finds nothing.

Logfile of HijackThis v1.98.2
Scan saved at 11:08:21 AM, on 3/14/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\suchost.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program ... Read more

A:Help! Cool Web Search Here is my Hyjacklog

Read other 8 answers
RELEVANCY SCORE 52

When I search Google, I am hijacked to Cool Search Engine.
My HijackThis Log file reads:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://approvedlinks.com/sp.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://216.239.39.99/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://approvedlinks.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\,HomeOldSP = http://approvedlinks.com/
F1 - win.ini: load=C:\OPLIMIT\ocraware.exe
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiQiPcl] AtiQiPcl.exe
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au30setp.exe 3
O4 - HKLM\..\Run: [EM_EXEC] c:\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [S... Read more

A:Hijacked: Cool Search

Hi Carl, Welcome to TSG. Do you know you have/had the "Tanked" virus spread via Kazaa? Here it is:

O4 - HKLM\..\Run: [CMD] cmd32.exe

O4 - HKLM\..\RunServices: [CMD] cmd32.exe

You can use HJT to remove these entries from your startup folder, but scan with your AV first, or here:

http://housecall.trendmicro.com/housecall/start_corp.asp
You can use HJT to remove the following too. Close your browser and reboot:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://approvedlinks.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://approvedlinks.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://approvedlinks.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://approvedlinks.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main\,HomeOldSP = http://approvedlinks.com/
O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm

O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm

O8 - Extra context menu item: Download using Download &Express - file://C:\WINDOWS\SYSTEM\MetaProducts\Add_Url.htm

O10 - Unknown file in Winsock LSP: c:\windows\system\msspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\msspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\msspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\msspi.dll
O10 - Unknown file in Winsock LSP: c:\windows\syst... Read more

Read other 3 answers
RELEVANCY SCORE 52

I am helping a friend with his pc, it is a stand alone pc running win xp, major slow down running and booting up. Suspect coolweb search hijack. This is his log file, can someone tell me what should be deleted.
Thanks for your efforts

Logfile of HijackThis v1.99.0
Scan saved at 10:39:28 AM, on 12/28/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\ScsiAccess.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\addzj.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:... Read more

A:cool web search slowdown

C:\DOCUME~1\user\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exeClick to expand...

Move HJT into a permanent directory so that any changes made can be undone if necessary.

Next I would suggest downloading Ad-Aware and Spybot Search and Destroy and if you think you have CWS run CWS Shredder
Lifted this from $teve...follow these directions with these programs and repost a HJT log after you finish

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........

Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"

Then......

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

Then.........

Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"

Then...... click "proceed" to save your settings.

Now to scan it´s just to click the "Scan" button.

When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down me... Read more

Read other 2 answers
RELEVANCY SCORE 52

I've had this on my computer for a few weeks now. AVG keeps detecting se.dll, a trojan horse. It keeps reappearing, just like some other stuff. Thankfully I normally use Opera, but I still have to open Explorer up for some things, of course, which makes things a bit difficult.

I have downloaded CWshredder.exe and am ready to use it. Here is my current Hijackthis log.

Logfile of HijackThis v1.97.7
Scan saved at 7:08:14 PM, on 3/14/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\WINDOWS\OPTIONS\CABS\LOGITECH\HP_FINDER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\CTHELPER.EXE
C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMON.EXE
C:\WINDOW... Read more

A:HJT: Cool Web Search mess

I'm bumping this up in hopes that someone will see this and reply.
 

Read other 3 answers
RELEVANCY SCORE 52

I somehow contracted CoolWebSearch in my msconfig file. CWShredder keeps finding it and removing it, but the next time I reboot, it is there again. Any ideas? Thanks!
 

A:Cool Web Search in msconfig

Read other 10 answers
RELEVANCY SCORE 52

I have been using my own system to locate drivers and things and needed for older system now i find www.coolsearch is in my system it puts Vip porn link straight into favrorites and add short cuts to desktop one for fast loans and one for online pharmacy. My spy bot finds these files in Hikey Local machine\software\microsoft\internet explore\main\searach bar=about blank. There are 4 different lots of them i can't get rid of it i have tried to delete it myself and aslo spy bot fixes these errors but as soon as i go back on-line they are there any ideas
 

A:Solved: WWW.cool search ?????

Read other 16 answers