Coolwwwsearch removal help
i recently did a search with Spybot S+D, and 4 instances of Coolwwwseach came up. i tried to fix them but they couldn't be fixed. this what they were:
CoolWWWSearch.Toolband: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com\*!=W=4
CoolWWWSearch.Leftovers: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4
CoolWWWSearch.Mupdate: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4
HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 10:32:48 PM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr. Anderson\My Documents\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
i also installed Spyware Shooter today, and i was thinking that maybe it was added because of that? i would really like some help with this because i have no idea how it got it. Buckeye Sam, help me!
CoolWWWSearch.Toolband: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com\*!=W=4
CoolWWWSearch.Leftovers: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4
CoolWWWSearch.Mupdate: Trusted Site (Registry change, fixing failed)
HKEY_USERS\S-1-5-21-484763869-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4
HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 10:32:48 PM, on 6/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr. Anderson\My Documents\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
i also installed Spyware Shooter today, and i was thinking that maybe it was added because of that? i would really like some help with this because i have no idea how it got it. Buckeye Sam, help me!
0
This discussion has been closed.
Comments
Logfile of HijackThis v1.99.1
Scan saved at 2:23:44 PM, on 7/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TPPALDR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Mr. Anderson\My Documents\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120188538656
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
Fix those entries and your log will be clean.
Maybe spybot's new detection files are more sensitive than their old ones. You don't seem to have any spyware on your computer. Are all of the entries that Spybot is detecting in the registry?
and all the entries are found in the same spot, ZoneMap > Domains. SS adds that to my registry.