coolwebsearch problem - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 10-03-2004, 01:53 AM   #1 (permalink)
True Techie
 
Join Date: Apr 2004
Posts: 126
Default coolwebsearch problem

i have adaware installed but not an antivirus yet. i have been taken over by cws. i have just did a format and fresh install of xp so i havent got to reinstall all my apps yet. i use the adaware to clean it but when i open up internet explorer, cws comes rite back. i tried installing avg free edition but when i click on it it just deletes ifself. i also have tried cws shredder. what else am i to do here? thanks
__________________

__________________
System: AMD 64 X2 6000 Dual Core, Asus microATX mobo, 3GB Mushkin PC6200 DDR2, 2x250GB Seagate HDD, Windows Vista Premium
RavishingRocket is offline  
Old 10-03-2004, 03:48 AM   #2 (permalink)
Junior Techie
 
Join Date: Sep 2004
Posts: 83
Default

RavishingRocket

I had the same thing happen to me. Try this program: miniremoval_coolwebsearch_smartkiller, you can get it at http://www.fixyourwindows.com/windowsxpsolutions.htm and click on "miniremoval_coolwebsearch_smartkiller"
__________________

overclocker is offline  
Old 10-03-2004, 09:59 AM   #3 (permalink)
Monster Techie
 
Join Date: Apr 2004
Posts: 1,842
Send a message via AIM to lazerman Send a message via Yahoo to lazerman
Default

Get HiJackThis here- http://www.majorgeeks.com/downloadge...8baee6434cfc13

Do a scan with it and post the results here (do not check anything and have HiJackThis fix it!). I will tell you what to check and have hijackthis fix.
__________________
The Stargate MMORPG
lazerman is offline  
Old 10-03-2004, 10:07 AM   #4 (permalink)
True Techie
 
Join Date: Apr 2004
Posts: 126
Default

i did the online virus scan, it found nothing. i tried the mini removal smartkiller thing and it said nothing found. i did a scan with spy sweeper and it countinuosly finds CWS_Hputi. when scanning with adaware it finds 36 traces of CWS in regkeys. so i clean that out and im fine but when i open up explorer then scan again, all 36 traces are rite back.

Logfile of HijackThis v1.98.2
Scan saved at 10:07:26 AM, on 10/3/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\FreeRAM XP Pro 1.40.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\interMute\AdSubtract\AdSub.exe
C:\Program Files\YahooPOPs\YahooPOPs.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rocket\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=localhost:1032
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\02H6MO~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [FreeRAM XP] "C:\WINDOWS\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: AdSubtract.lnk = C:\Program Files\interMute\AdSubtract\AdSub.exe
O4 - Startup: YahooPOPs.lnk = ?
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096747993829
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O20 - AppInit_DLLs: u7sjf5gymehm.dll
__________________
System: AMD 64 X2 6000 Dual Core, Asus microATX mobo, 3GB Mushkin PC6200 DDR2, 2x250GB Seagate HDD, Windows Vista Premium
RavishingRocket is offline  
Old 10-03-2004, 10:09 AM   #5 (permalink)
Monster Techie
 
Join Date: Apr 2004
Posts: 1,842
Send a message via AIM to lazerman Send a message via Yahoo to lazerman
Default

Okay give me a few minutes to sort it out.
__________________
The Stargate MMORPG
lazerman is offline  
Old 10-03-2004, 10:14 AM   #6 (permalink)
Monster Techie
 
Join Date: Apr 2004
Posts: 1,842
Send a message via AIM to lazerman Send a message via Yahoo to lazerman
Default

Here is your first problem-

O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\02H6MO~1.DLL

That is coolwebsearch parasite. There may be more stuff so just keep waiting, in the mean time check that and have hijackthis fix it.
__________________
The Stargate MMORPG
lazerman is offline  
Old 10-03-2004, 10:20 AM   #7 (permalink)
True Techie
 
Join Date: Apr 2004
Posts: 126
Default

i have checked and fixed that BHO, but when i open explorer again, that same thing comes back in the scan
__________________
System: AMD 64 X2 6000 Dual Core, Asus microATX mobo, 3GB Mushkin PC6200 DDR2, 2x250GB Seagate HDD, Windows Vista Premium
RavishingRocket is offline  
Old 10-03-2004, 10:25 AM   #8 (permalink)
Monster Techie
 
Join Date: Apr 2004
Posts: 1,842
Send a message via AIM to lazerman Send a message via Yahoo to lazerman
Default

I'm not finished yet. Did you by chance add greg-search.com to your trusted sites zone? If not have it fix this:

O15 - Trusted Zone: *.greg-search.com
__________________
The Stargate MMORPG
lazerman is offline  
Old 10-03-2004, 10:29 AM   #9 (permalink)
Monster Techie
 
Join Date: Apr 2004
Posts: 1,842
Send a message via AIM to lazerman Send a message via Yahoo to lazerman
Default

Hav it fix this as well:

O20 - AppInit_DLLs: u7sjf5gymehm.dll

If your still getting the coolwebsearch bar then download this and try it- http://www.computercops.biz/downloads-file-349.html

First go to the update, then fix.
__________________
The Stargate MMORPG
lazerman is offline  
Old 10-03-2004, 10:31 AM   #10 (permalink)
True Techie
 
Join Date: Apr 2004
Posts: 126
Default

i have already tried the cws shredder. it says not present on everything
__________________

__________________
System: AMD 64 X2 6000 Dual Core, Asus microATX mobo, 3GB Mushkin PC6200 DDR2, 2x250GB Seagate HDD, Windows Vista Premium
RavishingRocket is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 04:58 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.