Author Topic: coolwwwsearch leftover (again) ;( (Read 1849 times)

Keeza · « **on:** March 07, 2005, 04:08:01 PM »

hi,
i know u have to deal a lot with this problem but i cant help it.
i tried spybot, norton, and nothing works.
i tried to delete se.dll on startup and in safe mode. it is still there

my hijackthis log is the following:

Logfile of HijackThis v1.99.1
Scan saved at 22:06:54, on 07-03-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
D:\Misc Apps\Panda Anti-Virus\APVXDWIN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\WF2K.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Maya 6\docs\Wrapper.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Misc Apps\Panda Anti-Virus\pavsrv51.exe
D:\Misc Apps\Panda Anti-Virus\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Maya 6\docs\jre\bin\java.exe
D:\Misc Apps\Panda Anti-Virus\AVENGINE.EXE
C:\WINDOWS\System32\rundll32.exe
D:\Misc Apps\Panda Anti-Virus\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Henrik & Hilde\Local Settings\Temp\Temporary Directory 2 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {4613BB30-5B2F-40FD-AC33-E6661DB18062} - C:\WINDOWS\System32\colg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [APVXDWIN] "D:\Misc Apps\Panda Anti-Virus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\movie stuff\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [zafit] C:\WINDOWS\zafit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft\Office XP\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O18 - Filter: text/html - {DE0003E3-BD1E-48ED-92D8-E429CE14996A} - C:\WINDOWS\System32\colg.dll
O18 - Filter: text/plain - {DE0003E3-BD1E-48ED-92D8-E429CE14996A} - C:\WINDOWS\System32\colg.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Maya 6\docs\Wrapper.exe" -s "D:\Maya 6\docs/Wrapper.conf (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Misc Apps\Panda Anti-Virus\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - D:\Misc Apps\Panda Anti-Virus\PsImSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

i appreciate your help. thank u so much.

Keeza

Keeza · « **Reply #1 on:** March 08, 2005, 07:23:16 AM »

PLZ..

I NEED Your Help.... It's really corrupting my Internet Explorer... Cant work at all...

THX

Guest · « **Reply #2 on:** March 10, 2005, 01:30:13 AM »

First off Lots of your problems can come from panda. I tried it for less then 4 hours and noticed my resources go down hill.

I have 29 process running when windows starts then installed panda it turned to 38 and the stupid PAVPRSRV.EXE was there even after uninstalling. that was draining 70% of my cpu.

And sadly to tell ya i have a 1800xp proc 1gig ddr 333 cl2 and before all this everything worked great.

Easiest remedy is to reinstall.

after you get a install the way you wish take and make a backup using ghost 2003.
or older.

works great make sure you activate first so you dont have to call in.

Still trying to work around that issue.

Otherwise use LINUX less problems once you get to know it.

guestolo · « **Reply #3 on:** March 10, 2005, 01:34:09 AM »

Download and save to Desktop DLLCompare

Start the Program and click the Run Locate.com

Let it complete the SCAN, which won't take long

Click the Compare button to start the next process.This will take a bit longer.
The results appear in two panes - files in the upper pane have been verified to 'exist'.
Files in the lower pane were 'not able to be accessed'.
Very few files should be listed in the lower pane,if any, when the Compare scan is complete.
Click on each of the listed entries in the lower pane to select them. Right-click on the file and use the option Rescan. This will cause Windows Find to see if the file does exist, and then if so it will be removed from the list to reduce the number of identified files.

Click the Make a Log of what was found button
Post back this log

Also, Download STARTDRECK

Unzip it to it's own folder

run StartDreck.exe:

Hit: -config
Hit: -Unmark all

Check these boxes only:
*Registry->run keys
*Registry->Browser helper objects
*System/drivers> Running processes
hit >ok.

Use the "save" tab, to save, name and post the log

Also post back a fresh Hijackthis log afterwards

Keeza · « **Reply #4 on:** March 11, 2005, 05:12:19 AM »

ok thankx..
here is DLLCompare log:

* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

O^E says: "There were no files found

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />"
________________________________________________

1,249 items found: 1,249 files, 0 directories.
Total of file sizes: 246,301,550 bytes 234.89 M

Administrator Account = True

--------------------End log---------------------

i guess thats good ... here is StartDreck Log:

StartDreck (build 2.1.7 public stable) - 2005-03-11 @ 11:08:03 (GMT +01:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 1)
Internet Explorer: 6.0.2800.1106
Logged in as HH

»Registry
»Run Keys
»Current User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\ctfmon.exe
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
»RunOnce
»Default User
»Run
*CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
»RunOnce
»Local Machine
»Run
*NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
*C-Media Mixer=Mixer.exe /startup
*APVXDWIN="D:\Misc Apps\Panda Anti-Virus\APVXDWIN.EXE" /s
*QuickTime Task="D:\movie stuff\QuickTime\qttask.exe" -atboottime
*EPSON Stylus CX3200=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
*zafit=C:\WINDOWS\zafit.exe
*SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
*WinFoxV2=C:\WINDOWS\System32\WF2K.EXE Initial
*WinFast2KLoadDefault=rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
*SoundMan=SOUNDMAN.EXE
*nwiz=nwiz.exe /install
*NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
*NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
*sp=rundll32 C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll,DllInstall
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Browser Helper Objects (LM)
*{4613BB30-5B2F-40FD-AC33-E6661DB18062}
`InprocServer32=C:\WINDOWS\System32\colg.dll
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+600=\SystemRoot\System32\smss.exe
+672=\??\C:\WINDOWS\system32\csrss.exe
+696=\??\C:\WINDOWS\system32\winlogon.exe
+740=C:\WINDOWS\system32\services.exe
+752=C:\WINDOWS\system32\lsass.exe
+936=C:\WINDOWS\system32\svchost.exe
+1024=C:\WINDOWS\System32\svchost.exe
+1140=C:\WINDOWS\System32\svchost.exe
+1216=C:\WINDOWS\System32\svchost.exe
+1416=C:\WINDOWS\system32\spoolsv.exe
+1428=C:\WINDOWS\Explorer.EXE
+1560=C:\WINDOWS\Mixer.exe
+1628=D:\Misc Apps\Panda Anti-Virus\APVXDWIN.EXE
+1660=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
+1668=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
+1684=C:\WINDOWS\System32\WF2K.EXE
+1712=C:\WINDOWS\SOUNDMAN.EXE
+1732=C:\WINDOWS\System32\RUNDLL32.EXE
+1764=C:\WINDOWS\System32\rundll32.exe
+1772=C:\WINDOWS\System32\ctfmon.exe
+1992=C:\WINDOWS\System32\alg.exe
+2008=D:\Maya 6\docs\Wrapper.exe
+2028=C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
+2040=C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
+224=C:\WINDOWS\System32\nvsvc32.exe
+228=C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
+408=D:\Misc Apps\Panda Anti-Virus\pavsrv51.exe
+872=D:\Misc Apps\Panda Anti-Virus\PsImSvc.exe
+976=C:\WINDOWS\System32\svchost.exe
+1000=C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
+1280=D:\Misc Apps\Panda Anti-Virus\AVENGINE.EXE
+1324=D:\Maya 6\docs\jre\bin\java.exe
+2412=D:\Misc Apps\Panda Anti-Virus\WebProxy.exe
+1832=D:\Misc Apps\Spybot - Search & Destroy\SpybotSD.exe
+2328=C:\WINDOWS\regedit.exe
+2348=C:\Program Files\Internet Explorer\iexplore.exe
+3508=C:\Documents and Settings\Henrik & Hilde\Desktop\eugen\startdreck\StartDreck.exe
»Application specific

and here is the hijackthis log i got afterwards...

Logfile of HijackThis v1.99.1
Scan saved at 11:09:21, on 11-03-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
D:\Misc Apps\Panda Anti-Virus\APVXDWIN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\WF2K.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Maya 6\docs\Wrapper.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Misc Apps\Panda Anti-Virus\pavsrv51.exe
D:\Misc Apps\Panda Anti-Virus\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Misc Apps\Panda Anti-Virus\AVENGINE.EXE
D:\Maya 6\docs\jre\bin\java.exe
D:\Misc Apps\Panda Anti-Virus\WebProxy.exe
D:\Misc Apps\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Henrik & Hilde\Local Settings\Temp\Temporary Directory 3 for hijackthis_199.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {4613BB30-5B2F-40FD-AC33-E6661DB18062} - C:\WINDOWS\System32\colg.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [APVXDWIN] "D:\Misc Apps\Panda Anti-Virus\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickTime Task] "D:\movie stuff\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [zafit] C:\WINDOWS\zafit.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE Initial
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft\Office XP\Office10\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O18 - Filter: text/html - {DE0003E3-BD1E-48ED-92D8-E429CE14996A} - C:\WINDOWS\System32\colg.dll
O18 - Filter: text/plain - {DE0003E3-BD1E-48ED-92D8-E429CE14996A} - C:\WINDOWS\System32\colg.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - D:\Maya 6\docs\Wrapper.exe" -s "D:\Maya 6\docs/Wrapper.conf (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Misc Apps\Panda Anti-Virus\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - D:\Misc Apps\Panda Anti-Virus\PsImSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

thank you so much for your help....
Looking forward to your answer..

Keeza

guestolo · « **Reply #5 on:** March 12, 2005, 03:16:51 AM »

Download the Pocket Killbox
UNZIP it to a folder of your choice

Please Save these instructions too a Notepad file on your desktop for easy access
START>>RUN>>type in notepad
hit OK

Disconnect from the Internet (Close down all browser windows) and all unnecessary programs running in the background

Run Pocket KillBox>>Now you have Killbox and this notepad file open
click on Tools --> Select Delete Temp Files. Click OK.

In the Full Path of File to Delete box, copy and paste the entire line directly below in bold

C:\WINDOWS\System32\colg.dll

Select the radio button to
Replace on Reboot
Additionally, select the "Use Dummy" option
Click The Red circle and a white X
When prompted to Delete on Reboot, click YES
If prompted to Reboot Now, Click NO

Do the same for this file
C:\WINDOWS\zafit.exe

Also do it for this full path of file name

C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll

But this time allow the computer to Reboot

Back in Windows, stay disconnected from the Internet

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {4613BB30-5B2F-40FD-AC33-E6661DB18062} - C:\WINDOWS\System32\colg.dll

O4 - HKLM\..\Run: [zafit] C:\WINDOWS\zafit.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\HENRIK~1\LOCALS~1\Temp\se.dll,DllInstall

O18 - Filter: text/html - {DE0003E3-BD1E-48ED-92D8-E429CE14996A} - C:\WINDOWS\System32\colg.dll
O18 - Filter: text/plain - {DE0003E3-BD1E-48ED-92D8-E429CE14996A} - C:\WINDOWS\System32\colg.dll

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer again

Back in Windows
Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Delete files + offline content---Also Reset home page

Post back a fresh Hijackthis log afterwards

TheTechGuide Forum

News:

Author Topic: coolwwwsearch leftover (again) ;( (Read 1849 times)

Keeza

coolwwwsearch leftover (again) ;(

Keeza

coolwwwsearch leftover (again) ;(

Guest

coolwwwsearch leftover (again) ;(

guestolo

coolwwwsearch leftover (again) ;(

Keeza

coolwwwsearch leftover (again) ;(

guestolo

coolwwwsearch leftover (again) ;(