http://www.coolsearch.biz/face1/index.html problem cannot remove

Expand Post »

Hi, can anyone help, have tried using ad-aware, cwshredder, spybot search and destroy clearing out the windows temp folder and more with no joy. have just run hijack this and got the following results

Logfile of HijackThis v1.97.7
Scan saved at 20:43:57, on 26/09/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\E_S10IC2.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
C:\WINDOWS\DXSOUND.EXE
C:\WINDOWS\APPLICATION DATA\TSEO.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\MSXMIDI.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=29126
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.coolsearch.biz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookfor.cc?pin=29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://lookfor.cc/sp.php?pin=29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lookfor.cc?pin=29126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://lookfor.cc/sp.php?pin=29126
F1 - win.ini: run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O2 - BHO: (no name) - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\BXXS5.DLL
O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\BXXS5.DLL,DllRun
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRAM FILES\GRISOFT\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copy 2)] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P28 "EPSON Stylus CX3200 (Copy 2)" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\SYSTEM\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O7 "EPUSB1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O4 - HKCU\..\Run: [Nbcs] C:\WINDOWS\Application Data\tseo.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
O4 - HKLM\..\RunOnce: [ICDRegOCX0] rundll32.exe advpack.dll,RegisterOCX C:\WINDOWS\DOWNLOADED PROGRAM FILES\SyncroAdX.dll
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.13/10043/online.chm::/on-line.exe
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a29296baabe1d6
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...255.2611805556
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

can anybody help, please

Similar Threads

Need help with coolsearch.biz problem (again) in Viruses, Spyware and other Nasties
annoying coolsearch.biz startup page in Viruses, Spyware and other Nasties
annoying coolsearch.biz startup page in Viruses, Spyware and other Nasties

cscontacts

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

1 posts
since Sep 2004

Permalink

Sep 27th, 2004

Re: http://www.coolsearch.biz/face1/index.html problem cannot remove

Hi cs, welcome to DaniWeb! You must not have noticed the announcement at the top of the forum requesting all hijackthis logs be posted in the Security forum.

There are some things you should do, however, before posting your log there. First, have a look at this thread:
http://www.daniweb.com/techtalkforums/thread5690.html

I see you have already done several things to try to get rid of this, but there are a few more. You should also have free online scans done from http://www.trendmicro.com/en/home/us/enterprise.htm and
http://www.pandasoftware.com/actives..._principal.htm

If the problem still hasn't been resolved, update hijackthis using either the Update feature within it or from here: http://www.softpedia.com/progDownloa...load-5034.html
Also, hijackthis should be in it's own folder to save backups in a centralized location (like c:\hjt\hijackthis.exe)

Close all windows, scan with hjt, save the log and post it in the Security forum, again describing the problem you're still having and the steps you've already taken to try to fix it.

dlh6213

Team Colleague

Reputation Points: 63

Solved Threads: 213

Posting Maven

Offline

2,962 posts
since Jul 2004

Permalink

Sep 27th, 2004

Re: http://www.coolsearch.biz/face1/index.html problem cannot remove

Moving to the Security forum now...

DMR

Team Colleague

Reputation Points: 221

Solved Threads: 369

Wombat At Large

Offline

6,439 posts
since Dec 2003

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: about:blank long lasting problem - Logfile of HijackThis

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: I keep losing My internet connection please help me. HIjack log inside.

DaniWeb Message

Cancel Changes

User Name
Password