Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Coolwebsearch,virtumonde,others Too


  • This topic is locked This topic is locked
2 replies to this topic

#1 gigatt

gigatt

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:00 AM

Posted 23 May 2008 - 12:50 PM

Hi there,
I was infected a couple months back with a worm (can't remember exactly which variant) It caused my system to become really sluggish and it constantly sounded like it was "loading" something. AVG 7.0 detected and removed/healed it quarantined it and I emptied the vault a month or so later. I also had trouble with java. I kept getting error messages and couldn't open scripts. I have fixed the java problem. I uninstalled 2 different versions that were somehow on there and installed the new one, but the computer is still very slow especially while online. It takes forever to browse and download anything. It also hangs for a long time when it shuts down. I installed the new AVG 8.0 and it pulled up approx 24,000 potentially dangerous objects. The thing is there were thousands of ones that were for coolwebsearch. They look like this

HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6E0C0C-36CF-1F22-6C7E-77DCAD27C083};"Found Adware.CoolWebSearch";"Potentially dangerous object"

I know they may be harmless files but why would I have thousands and thousands of them? Would that be why it is taking so long to shut down my computer or do any other functions? There are thousands of generic ones too. There are some that are virtumonde and the like that if created by spybot or spyware blaster the number of them is logical. (not numbering in the thousands) By far the bulk of all of the 24,000+ are coolwebsearch though. Should I be removing them or at least reducing the amount of them? Will it help anything to do that?? If so how should I go about it?

Thanks!!!
:thumbsup:
gigatt

Here is my log and start up list and a sample of what the "potentially dangerous objects" are

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Atievxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\notepad.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

RIS2PostReboot =
AVG8_TRAY = C:\PROGRA~1\AVG\AVG8\avgtray.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Yahoo! Pager = "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=avgrsstx.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
WormRadar.com IESiteBlocker.NavFilter - C:\Program Files\AVG\AVG8\avgssie.dll - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

User_Feed_Synchronization-{7AA894CB-AEC1-44F7-8F29-9C35D5FC354C}.job

--------------------------------------------------

Enumerating Download Program Files:

[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx
CODEBASE = http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #4: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #5: C:\WINDOWS\system32\pnrpnsp.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\BLAINE\LOCALS~1\TEMPOR~1\Content.IE5\index.dat||C:\DOCUME~1\BLAINE\Cookies\index.dat||C:\DOCUME~1\BLAINE\LOCALS~1\History\History.IE5\index.dat||C:\DOCUME~1\BLAINE\LOCALS~1\History\History.IE5\MSHIST~2\index.dat|||\

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
End of report, 6,918 bytes
Report generated in 3.375 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:52:27 AM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Atievxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wireless-G Notebook Adapter\NICServ.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?action=mini...amp;mn=82229333
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Blue Coat K9 Web Protection (WebFilter) - Unknown owner - C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe

--
End of file - 6504 bytes


HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF816CED-BF5F-39A8-D260-D4DAA38A5370};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFCEDD30-30AC-4757-A4A7-F8241258A742};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF731508-CD28-E0B0-3E85-0CF55FDE9FBA};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF72BF6B-A16B-A24C-41F4-1B094D6F2FA8};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF72A9AB-CE93-9B27-BE3D-C7F99036C936};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6E0C0C-36CF-1F22-6C7E-77DCAD27C083};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFCF604D-210A-9317-A8C5-80208D4AD348};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6D27C3-4ECC-DA8F-1C66-5147D1F3F33D};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6CEB78-7A00-7429-9ADF-26C4F74E4655};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6CDC7E-2CF3-9F95-E938-825B9DA9B55C};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF697DC7-80E5-BFEF-F6DE-3A230F014608};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF696F23-13F3-AD99-8924-A9AB907F3460};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF669B6F-4C0E-D79D-B4A5-A72D9AB06480};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6033EA-0339-EE13-8EE8-07E4033741C1};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF5E4D7B-991C-539A-207F-EE7416539411};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF788D37-AF1F-67A0-DC72-E29D55B84562};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF5B4CBC-CE93-4290-8860-69D7C23478BE};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF59B785-8BA8-6CC5-D234-A72B3757B57D};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF78BD49-D9D8-55E4-DB32-0C263AAC5E1E};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF7AF231-F460-F958-9E42-30A70C516066};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF699FD0-6CA1-B99F-4408-AE338A5FDEAB};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6B1B9A-94DA-536D-899F-404EDD315F02};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6C683B-4AB2-9CF1-5F23-8EC1A2F97B5A};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFB59007-30E2-88D1-986B-566D8510B4B3};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF9BAD1B-0FB9-49D7-E899-A1BFF5E6CDA0};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF523789-72CD-6C7E-44D7-2F02DE395AF2};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF52343D-FFCF-6EB3-A181-B08A3DCB6B9A};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF9849CC-6C90-6CAB-B092-7A873652819D};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF50A5D1-627C-F3FD-84A6-9BF65E699D6C};"Found Adware.CoolWebSearch";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF9BEE64-BCBD-7FE1-E5BA-BE12FC89B7B7};"Found Adware.CoolWebSearch";"Potentially dangerous object"

Edited by gigatt, 24 May 2008 - 09:23 AM.


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:00 AM

Posted 22 June 2008 - 09:57 AM

Hello gigatt

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original post.


Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:07:00 AM

Posted 07 July 2008 - 03:49 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users