Just before I was on my unckles pc and i was looking through his spybot S&D and in the startup sections it said there was some called ctfmon.exe and it said, Current filename:
C:\WINDOWS\system32\ctfmon.exe

Database status:
Not required - virus, spyware, malware or other resource hog

Description
_CoolWebSearch_ parasite related - hijacking to Slawsearch.com


So i used cwshredder and it detected it so i removed it and when I restarted the machien the startup item was there again but when I ran cwshredder it detected nothing so I disabled cftmon from the startup items using spybot S&D. So I then went home I checked my system and it was there also, I also ran cwshredder with the updated version and it detected nothing at all neither did it with the old version. I then went to winpatrol and found the startup item and clicked on its details and it said

C:\WINDOWS\SYSTEM32\CTFMON.EXE
Name: Microsoft® Windows® Operating System
Version: 5.1.2600.2180
Company: Microsoft Corporation
Copywrite: © Microsoft Corporation. All rights reserved.
Startup Location: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Status: running

I cant get anymore free info because for some reason it will not go to the internet winpatrol. I ran a scan with a squared but it found nothing at all. spybot S&D it self found nothing

Is this a case of Coolwebsearch or is it a mistake in spybot S&D ?

What are you opinions?

Thanks Michael :)

I would have understood that report, if the filename had been ctfmon32.exe

http://www.spywareinfo.com/~merijn/cwschronicles.html#ctfmon32

I think this is an F/P, but you can send the file to the address in my profile and I'll gladly have a look.

Regards,

Pieter

Some info... from www.answersthatwork

ok thanks for clearing it up I wasnt sure because all my scanners found absolutly nothing so. Thanks anyway.

Michael :)