« previous next »
Pages: [1]

Author Topic: problem removing coolwebsearch  (Read 789 times)

Offline beejer

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
problem removing coolwebsearch
« on: September 16, 2005, 04:08:23 PM »
Hi, I can't get rid of this thing. I've tried Spy bot S&D, Ad-aware, CWS shredder, ewida security suite, and adbuster and all haven't worked. Here is my hijack this file:

Logfile of HijackThis v1.99.1
Scan saved at 4:54:53 PM, on 9/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\basfipm.exe
C:\MATLAB7\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\ipbx.exe
C:\PROGRA~1\AD-AWA~1\Ad-Watch.exe
C:\WINDOWS\d3ii.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {05F25C50-3BB3-631B-F741-59280D6A3014} - C:\WINDOWS\system32\crcp.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {8CC2DB24-461E-930B-0400-42B4EFEC2D77} - C:\WINDOWS\system32\d3db.dll
O2 - BHO: Class - {C0C47BA7-3AAA-10E3-3AED-070DDAD18C68} - C:\WINDOWS\system32\mstf32.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ipbx.exe] C:\WINDOWS\system32\ipbx.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\AD-AWA~1\Ad-Watch.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\d3ii.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB7\webserver\bin\win32\matlabserver.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Logged

Guest

  • Guest
problem removing coolwebsearch
« Reply #1 on: September 16, 2005, 11:50:23 PM »
try these instructions explainin how to remove coolwebsearch
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
problem removing coolwebsearch
« Reply #2 on: September 17, 2005, 02:38:16 AM »
You need some tools to remove this infection

Can you please do the following
==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Don't run it yet

==Create a New folder on your desktop, call it Aboutbuster
(Right click an empty spot on the desktop and select NEW>>FOLDER)
Download to desktop About:Buster
by RubbeR Ducky
Unzip it to that new folder

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later

Restart your computer

Download and save too desktop
CWShredder.exe
Don't run it yet

If you don't have the latest version of Ad-Aware
Please
Download and Install Ad-Aware SE Personal 1.06
We'll need this later

Now that you have the tools
We'll update them later

Can you supply a fresh hijackthis log
After posting the log please do NOT restart your computer again until we have tried some fixes
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline beejer

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
problem removing coolwebsearch
« Reply #3 on: September 17, 2005, 01:16:27 PM »
that is a fresh hijack this log, I haven't restarted my computer on purpose.
Logged

Offline beejer

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
problem removing coolwebsearch
« Reply #4 on: September 17, 2005, 03:22:13 PM »
hey ill give a fresh one because im about to restart my comp right now
Logged
Pages: [1]
« previous next »