CoolWebSearch Problems

Discussion in 'adware, spyware & hijack cleaning' started by lunchboxen, Jun 22, 2004.

Thread Status:
Not open for further replies.
  1. lunchboxen

    lunchboxen Registered Member

    Jun 22, 2004
    Seems I've been hijacked by the coolwebsearch spyware program. I've run Ad-Aware 6 and Spybot S&D numerous times, each time it still finds problems. Firstly, Each time I scan with Ad-Aware 6, it seems to repetitively find registry entries related to "possible browser hijack attempts" as well as A single file each time, listed in my System32 folder related to the CoolWebSearch program. I've run both spyware programs numerous times, and it does not seem to rid me of this problem. Below I have posted my HJT log, in hopes that someone may be able to help me. From reading the log myself, I do not notice anything out of the ordinary. However, each time I reboot my computer, or after a couple of hours go by, new registry entries appear in the log file. Regardless, below is the log, after cleaning by both Spybot and Ad-Aware. A second problem I have is a puzzling one. I also run Spybot S&D's resident program. Basically, it watches for important registry entry changes, and allows me to either block or allow them. Now, evey time it asks me to change these settings, ( usually upon exiting IE, or sometimes randomly) I ALWAYS press "Remember this decision" and "Deny change". However, these changes STILL take place. As puzzling as this is, I look forward to help from some of you more knowledgable folks. Thank you in advance for your help.

    Logfile of HijackThis v1.97.7
    Scan saved at 2:45:44 AM, on 6/22/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe
    C:\Program Files\RamBooster\Rambooster.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijack This\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = NOT USED (OK)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
    O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster\Rambooster.exe
    O4 - HKLM\..\RunOnce: [AOLToolbarDirRemoval] cmd.exe /C rd "C:\Program Files\AOL Toolbar"
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: AIM (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Pop Fu by pogo -
    O16 - DPF: Yahoo! Pool 2 -
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) -
    O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) -

    Again, Thank you in advance for helping me with this ongoing and perplexing issue.

  2. lunchboxen

    lunchboxen Registered Member

    Jun 22, 2004
    Well, it seems I've solved the issue myself. Thank you for NOT getting back to me in any sort of timely fashion. I suppose as I did not bump my own thread in a desperate manner, I shouldn't have been noticed, and it is my own fault. Oh well. GG WS... Hope to never see you again.
  3. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England

    I am happy that you were able to resolve your problem on your own, after all getting a problem fixed is what it is all about. However, that is a pretty rude post you've just made here.

    If you haven't noticed, there are a very large number of hijack logs here and the people who volunteer their time to work these can't always get to them all quickly. Sometimes it does indeed take a day or two. Your post was less than 24 hours old, and it just hadn't been reached yet.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.