cooolwebsearch in regedit

I was hijacked a few months ago and my system works fine now (with the help of this forum) My question: in the registry there are many entries saying coolwebsearch. Do I have to delete these or since everything seems fine, should I just ignore them. Thanks.

 

Hi oldtr111,

I'd rather not tell you to delete them without knowing where they are.

Download https://www.wilderssecurity.com/attachment.php?attachmentid=137409
unzip and run RegSrch.vbs
Copy and paste the most common factor in the dialog box:
(for example coolwebsearch)
After a while a prompt will come up. Click OK to write the results to wordpad and post them.

Regards,

Pieter

 

Here it is:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "coolwebsearch" 6/20/2004 2:01:19 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="My Computer\\HKEY_USERS\\S-1-5-21-2562781850-3638726810-2032726562-1003\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\coolwebsearch.biz"

[HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.biz]

[HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.co.uk]

[HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.com]

[HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.info]

[HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.net]

[HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.org]

[HKEY_USERS\S-1-5-21-2562781850-3638726810-2032726562-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolwebsearch.us]

 

Hi oldtr,

If the value of those registry keys = dword:00000004
then these entries may be due to a blocklist you are using.
If they are a lower value they should be deleted (or changed to 4).

Regards,

Pieter

 

Thanks so much for your help.

 

My pleasure.

Regards,

Pieter