Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CoolWeb Search(resolved)


  • This topic is locked This topic is locked

#1
hello_world97531

hello_world97531

    New Member

  • Member
  • Pip
  • 3 posts
Having real problems, looked on the internet for CoolWeb Search after getting popups and browser hijacked and found this website. Done everything like Spybot: Search and Destroy but that doesn't find it. CWShredder says that it isn't on the system but I know it is because Ad-Aware finds it great! and then it freezes when it tries to delete it.

Here's the 'Hijack This' log:

Logfile of HijackThis v1.99.1
Scan saved at 8:49:33 PM, on 4/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\BT VOYAGER 105 ADSL MODEM\DSLSTAT.EXE
C:\PROGRAM FILES\BT VOYAGER 105 ADSL MODEM\DSLAGENT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\ATLCM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\MFCXB.EXE
C:\WINDOWS\MFCXB.EXE
C:\PROGRAM FILES\BT BROADBAND BASIC HELP\BIN\MPBTN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\CRHK32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\CRHK32.EXE
C:\WINDOWS\IEOX.EXE
C:\WINDOWS\DESKTOP\ANTI-VIRUS SOFTWARE\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\rlsnx.dll/sp.html#12345
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\rlsnx.dll/sp.html#12345
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\rlsnx.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\rlsnx.dll/sp.html#12345
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\rlsnx.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\rlsnx.dll/sp.html#12345
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\rlsnx.dll/sp.html#12345
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {E2D8233B-EB51-4A42-F2AA-063A02152A72} - C:\WINDOWS\WINCX.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Cache Cleaner] C:\Program Files\Neoteris\Cache Cleaner\dsCacheCleaner.exe -action delete
O4 - HKLM\..\Run: [ATLCM.EXE] C:\WINDOWS\SYSTEM\ATLCM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MFCXB.EXE] C:\WINDOWS\MFCXB.EXE /s
O4 - HKLM\..\RunServices: [MSNX.EXE] C:\WINDOWS\MSNX.EXE /s
O4 - HKLM\..\RunServices: [SYSCF32.EXE] C:\WINDOWS\SYSCF32.EXE /s
O4 - HKLM\..\RunServices: [CREJ32.EXE] C:\WINDOWS\CREJ32.EXE /s
O4 - HKLM\..\RunServices: [JAVAMJ32.EXE] C:\WINDOWS\JAVAMJ32.EXE /s
O4 - HKLM\..\RunServices: [CRGU.EXE] C:\WINDOWS\SYSTEM\CRGU.EXE /s
O4 - HKLM\..\RunServices: [WINUO.EXE] C:\WINDOWS\WINUO.EXE /s
O4 - HKLM\..\RunServices: [NETGF32.EXE] C:\WINDOWS\NETGF32.EXE /s
O4 - HKLM\..\RunServices: [WINWJ.EXE] C:\WINDOWS\WINWJ.EXE /s
O4 - HKLM\..\RunServices: [JAVABD32.EXE] C:\WINDOWS\JAVABD32.EXE /s
O4 - HKLM\..\RunServices: [NETWE.EXE] C:\WINDOWS\NETWE.EXE /s
O4 - HKLM\..\RunServices: [SDKLJ32.EXE] C:\WINDOWS\SYSTEM\SDKLJ32.EXE /s
O4 - HKLM\..\RunServices: [ATLZU32.EXE] C:\WINDOWS\ATLZU32.EXE /s
O4 - HKLM\..\RunServices: [ATLYG32.EXE] C:\WINDOWS\ATLYG32.EXE /s
O4 - HKLM\..\RunServices: [CRHK32.EXE] C:\WINDOWS\SYSTEM\CRHK32.EXE /s
O4 - HKLM\..\RunServices: [APPWW.EXE] C:\WINDOWS\SYSTEM\APPWW.EXE /s
O4 - HKLM\..\RunServices: [WINIE32.EXE] C:\WINDOWS\SYSTEM\WINIE32.EXE /s
O4 - HKLM\..\RunServices: [CRBV32.EXE] C:\WINDOWS\CRBV32.EXE /s
O4 - HKLM\..\RunServices: [APIOM.EXE] C:\WINDOWS\SYSTEM\APIOM.EXE /s
O4 - HKLM\..\RunServices: [NTET.EXE] C:\WINDOWS\SYSTEM\NTET.EXE /s
O4 - HKLM\..\RunServices: [ADDLD.EXE] C:\WINDOWS\SYSTEM\ADDLD.EXE /s
O4 - HKLM\..\RunServices: [IEYU.EXE] C:\WINDOWS\SYSTEM\IEYU.EXE /s
O4 - HKLM\..\RunServices: [IPUR32.EXE] C:\WINDOWS\IPUR32.EXE /s
O4 - HKLM\..\RunServices: [SDKVA32.EXE] C:\WINDOWS\SYSTEM\SDKVA32.EXE /s
O4 - HKLM\..\RunServices: [IEOX.EXE] C:\WINDOWS\IEOX.EXE /s
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SPYSWEEPER.EXE" /0
O4 - Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} (NeoterisSetup Control) - https://sldc-ive.sou...oterisSetup.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab

Any help would be much appreciated!
  • 0

Advertisements


#2
hello_world97531

hello_world97531

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I appreciate that you might be very busy but any help would by much appreciated! Thanks again.
  • 0

#3
hello_world97531

hello_world97531

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I have performed a System Restore back to an earlier date and now the system is back to normal. After scanning with Ad-Aware, it found no items. I was only reluctant to try this because last time we had a virus and tried a System Restore the computer crashed and we lost all our programs and files consequently.
The problem is now fixed.
Thanks anyway.
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi hello world,

Sorry we didn't get to you in time, but it appears that you selected a system restore point before you contracted your problems. In view of the fact your system appears to be cured, i'll close this topic.

Regards,

Usetobe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP