1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: WWW.cool search ?????

Discussion in 'Virus & Other Malware Removal' started by bedhead, Oct 31, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. bedhead

    bedhead Thread Starter

    Joined:
    Oct 25, 2004
    Messages:
    277
    I have been using my own system to locate drivers and things and needed for older system now i find www.coolsearch is in my system it puts Vip porn link straight into favrorites and add short cuts to desktop one for fast loans and one for online pharmacy. My spy bot finds these files in Hikey Local machine\software\microsoft\internet explore\main\searach bar=about blank. There are 4 different lots of them i can't get rid of it i have tried to delete it myself and aslo spy bot fixes these errors but as soon as i go back on-line they are there any ideas
     
  2. tracer357#1

    tracer357#1 Banned

    Joined:
    Jul 19, 2004
    Messages:
    531
    www.coolsearch is spyware.
    reboot your system in safe mode remove all your "temp. internet files & cookies.
    if you have a spyware program run that also.
    run a file and folder search if you fine anything related to coolsearch delete it.
    reboot your system and that should take care of the problem.
    also run a registry checker and make sure it is removed from there.
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Download Hijackthis

    Create a permanent folder on your hard drive like c:\program files\hjt. Unzip the file to that folder.

    Double click on Hijackthis.exe then click on the "Scan" button, then click on "Save Log".

    Copy and paste it back here and someone will be happy to review it.

    Don't make any changes until instructed to do so.

    I'm moving your thread to the Security Forum.
     
  4. bedhead

    bedhead Thread Starter

    Joined:
    Oct 25, 2004
    Messages:
    277
    OK i tried all the first posts suggestions and thought it was gone but alas as soon as i came on-line it was back i will not get a cahnce to ry out next suggestion till later tonight i wll let you know how i get all thanks for all the help :)
     
  5. bedhead

    bedhead Thread Starter

    Joined:
    Oct 25, 2004
    Messages:
    277
    Logfile of HijackThis v1.98.2
    Scan saved at 17:57:19, on 01/11/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMJB.EXE
    C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MMDIAG.EXE
    C:\WINDOWS\DRWATSON\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\WINRES.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: PhoenixNet - {410580e0-06a1-11d7-b272-d401c516854a} - http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875 (file missing)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file missing)
    O9 - Extra 'Tools' menuitem: Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file missing)
    O15 - Trusted Zone: *.teensguru.com
    O15 - Trusted Zone: *.offshoreclicks.com
    O15 - Trusted Zone: *.i-lookup.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.flingstone.com
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...0aed1d241b7f:10dc9c5f8abb4d115429d2d2b4e511ef
    O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/mmed.cab

    This is my results thanks for your time
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click on the link below to download CWshredder.
    http://www.intermute.com/spysubtract/cwshredder_download.html

    Run the program and let it do it's thing. Make sure to click on "Fix" and not scan only.

    Reboot.

    Run HJT again and put a check in all of the following that remain:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\WINRES.DLL
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file missing)
    O9 - Extra 'Tools' menuitem: Search the Internet - {307D80B7-6553-42FB-9C99-19841353B4F0} - http://www.searchalot.com (file missing)
    O15 - Trusted Zone: *.teensguru.com
    O15 - Trusted Zone: *.offshoreclicks.com
    O15 - Trusted Zone: *.i-lookup.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.flingstone.com
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f... 9d2d2b4e511ef
    O16 - DPF: {00000000-CDDC-0704-0B53-2C8830E9FAEC} - http://install.global-netcom.de/ieloader.cab
    O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/mmed.cab

    Close all applications and browser windows before you click "fix checked".

    Reboot.

    Download Spybot http://www.majorgeeks.com/download4392.html


    Click on "Search For updates" When prompted.

    Next, close all Internet Explorer windows, and click Check for Problems. Once the scan is complete, have SpyBot remove all it finds marked in RED.


    Reboot.

    Download Adaware SE http://lavasoft.element5.com/software/adaware/

    Install the program and launch it.

    First in the main window look in the bottom right corner and click on Check for updates now then click Connect and download the latest reference files.

    From main window: Click Start then under Select a scan Mode tick Perform full system scan.

    Next deselect Search for negligible risk entries.

    Now to scan just click the Next button.

    When the scan is finished mark everything for removal and get rid of it.(Right-click the window and choose select all from the drop down menu and click Next)

    Reboot and post another HJT log for review.
     
  7. bedhead

    bedhead Thread Starter

    Joined:
    Oct 25, 2004
    Messages:
    277
    Hi there thanks for above info :) I have followed all steps to the end where i have to use adaware for scan. I am not sure what to do with the results :(. It scanned straight away with no options for deselect I am now looking at the results.
    Alexa 9 objects
    altnetBed 29 obj
    brilliantDigital 7 obj
    coolwebsearch22 obj
    eAcceleraition 3 objects
    elitum.elitebarBho 5 obj
    Roings 4 obj
    Searchalot 3 obj
    Tracking cookie 2obj
    IELoader 1 obj
    Cydoor 1 obj
    Other 1 obj .Do i Quaratine OR JUST CHECK THE BOXES AND CLICK NEXT ??
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    When the scan is finished mark everything for removal and get rid of it.

    To mark everything for removal, right-click the window and choose select all from the drop down menu and click Next.
     
  9. bedhead

    bedhead Thread Starter

    Joined:
    Oct 25, 2004
    Messages:
    277
    Logfile of HijackThis v1.98.2
    Scan saved at 17:11:24, on 17/11/04
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\STARTER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\HPZSTATX.EXE
    C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
    C:\WINDOWS\DRWATSON\DESKTOP\NEW FOLDER\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.iol.ie
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
    O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
    O9 - Extra button: PhoenixNet - {410580e0-06a1-11d7-b272-d401c516854a} - http://www.seqdl.com/servlets/Redir?BID=65457&CID=9875 (file missing)

    as requested once again thanks for your time
     
  10. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Pretty short log, you must have some things disabled with msconfig? Is everything running ok?
     
  11. bedhead

    bedhead Thread Starter

    Joined:
    Oct 25, 2004
    Messages:
    277
    Everything seems ok I have a small prob with Msn and Home publisher but there alrighty now we did uncheck alot of boxes in startup so were are only starting with Explorer and Starter is this ok ??
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Seems like there should be more...Where is your anti virus?
     
  13. bedhead

    bedhead Thread Starter

    Joined:
    Oct 25, 2004
    Messages:
    277
    I have no anti virus :( iIdo have a stinger which searches for Worms and viruses i all so have Spybot and Spyblaster If you think i need anti virus can you recommend an online downloadable one.
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Stinger is a very stripped down version of McAfee, it will only find a select number of items.

    Security Help Tools

    Click here to see how to tighten your security settings and some good free tools.

    Go to the Security Help Tools and get one of the free anti virus products there.
     
  15. bedhead

    bedhead Thread Starter

    Joined:
    Oct 25, 2004
    Messages:
    277
    Thank you for all your help my computer is now running like a dream :) I would love to be able to send a donation but i am skint if i ever win the lottery u guys will be the first to know :) You have been the most helpful support site ever and have solved many of my problems so all i can say is you time and effort and very much aprecatied i wish you many years of success and encourage those who can to send these guys all your money to lose this site would be tragic any way no i am gabbing on see you again some time no doubt this wont be my last visist:)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/290854

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice