Greetings. I have an VERY ANNOYING Virus or whatever it is called "Website Access" - atleast that's what I know since he sometime during the day, opens a new program and hides it away in the activity manager and keeps spamming me with "Modem Event Checker" saying "Plug your phone line into the net" or similiar and creates a new connection in my Connections folder called "Coolweb" and tries to dial them. This is really really annoying since "Cwshredder" which is suppose to exterminate the "Coolweb" virus, doesn't kill it, neither do spyware doctor nor Avast antivirus. Does anyone know how to get rid of this.. Crap? I will give the one I find out who creates viruses a life not worth living.

Please post a Hijack This log. Download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by "Create a desktop icon" then click "Next" again. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Here is the logfile: Logfile of HijackThis v1.99.1 Scan saved at 14:11:30, on 2006-08-07 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program\Stardock\Object Desktop\ThemeManager\wbload.exe C:\Program\Alwil Software\Avast4\aswUpdSv.exe C:\Program\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program\Java\jre1.5.0_06\bin\jusched.exe C:\Program\Dell\Media Experience\PCMService.exe C:\Program\CyberLink\PowerDVD\DVDLauncher.exe C:\Program\Alwil Software\Avast4\ashMaiSv.exe C:\Program\Alwil Software\Avast4\ashWebSv.exe C:\Program\Intel\Modem Event Monitor\IntelMEM.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe C:\WINDOWS\System32\alg.exe C:\Program Files\iclogin1.2.exe C:\Program\QuickTime\qttask.exe C:\Program\Delade filer\InstallShield\UpdateService\issch.exe C:\Program\DAEMON Tools\daemon.exe C:\Program\MessengerPlus! 3\MsgPlus.exe C:\Program\ALWILS~1\Avast4\ashDisp.exe C:\Program\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\TGTSoft\StyleXP\StyleXP.exe C:\Program\Messenger\msmsgs.exe C:\Program\Spyware Doctor\swdoctor.exe C:\Program\TClock\TClock.exe C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe C:\WINDOWS\system32\wuauclt.exe C:\Program\MSN Messenger\msnmsgr.exe C:\Program\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cool.exe C:\Program\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wow-europe.com/en/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/se/sve/gen/default.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [PCMService] "C:\Program\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [IntelMeM] C:\Program\Intel\Modem Event Monitor\IntelMEM.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe /IMEName O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [IC Login] "C:\Program Files\iclogin1.2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe O4 - HKLM\..\Run: [avast!] C:\Program\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LF Connection Keeper] C:\Program Files\LF Connection Keeper\LFConnectionKeeper.exe O4 - HKCU\..\Run: [STYLEXP] C:\Program\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [WormsWorldParty.exe] C:\DOCUME~1\Adam\SKRIVB~1\WORMSW~1.exe /r O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [TClock.exe] C:\Program\TClock\tclock_install.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q O4 - Startup: PowerReg Scheduler V3.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\WTablet\TabUserW.exe O8 - Extra context menu item: Download with GetRight - C:\Program\GetRight\GRdownload.htm O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe (file missing) O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccProxy.exe (file missing) O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect-tjänst (navapsvc) - Unknown owner - C:\Program\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SAVScan - Unknown owner - C:\Program\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\Program\DELADE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing) O23 - Service: StyleXPService - Unknown owner - C:\Program\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe ( "[i]DO NOT post a HiJackThis log here unless an expert has requested it. Instead, please ask in plain english about what is wrong with your computer. You also may want to look at the automated HiJackThis analyzer by clicking here.[/i]" ) I will give the one I find out who creates viruses a life not worth living.

Turn off Spyware Doctor and temporarily disable any of the following anti-spyware realtime protection programs that you may have, after you have downloaded the suggested tools but before you run SmitRem, from this link Temporarily Disable Realtime Protection then turn off Norton's ScriptBlocking: To disable Norton AntiVirus Script Blocking: Start Norton AntiVirus. If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet Security, then start that program. Click Options. If you see a menu, click Norton AntiVirus. In the left pane, click Script Blocking. In the right pane, uncheck Enable Script Blocking (recommended). Click OK. Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download and install Ewido Security Suite We will need this later in safe mode Be sure to update Ewido Download killbox to your desktop from this link Killbox We will need it later in safe mode Download SmitRem.exe and save the file to your desktop. Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem. Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. Reboot back into Windows normal mode. Do a search for "smitfiles.txt" usually found a C:\smitfiles.txt and post the results of the scan. Reboot into safe mode Run Hijack This from safe mode, close all windows except Hijack This, place a check to the left of the following items and press "fix checked": R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [IC Login] "C:\Program Files\iclogin1.2.exe" O4 - HKCU\..\Run: [WormsWorldParty.exe] C:\DOCUME~1\Adam\SKRIVB~1\WORMSW~1.exe /r O4 - HKCU\..\Run: [TClock.exe] C:\Program\TClock\tclock_install.exe Exit Hijack This but remain in safe mode Run Killbox from safe mode. Start Killbox place a tick next to [x]Delete on reboot "Press the All Files button" Copy this whole list into the windows clipboard, all the bolded file paths below. Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\Program Files\iclogin1.2.exe C:\Program\TClock\TClock.exe C:\WINDOWS\system32\cool.exe C:\DOCUME~1\Adam\SKRIVB~1\WORMSW~1.exe Next in Killbox go to File > Paste from clipboard "Click on the All Files button." Next click on the button that has the red circle with the white X in the middle. It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now. Click Yes and let the computer reboot. If the computer does not reboot automatically just reboot it manually. Reboot into safe mode immediately. Navigate to and delete these folders if found: C:\Program\TClock C:\DOCUME~1\Adam\SKRIVB~1 (This folders name will begin with "SKRIVB" any other charactors could follow) Run Ewido from safe mode and let it delete all that it finds. Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Reboot into normal mode Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok. Post a new Hijack This log please.

Oh man, I´m having the same problem as yours. But, luckly, this problem happens only with my Internet Explorer, but most time I use Firefox and I don´t have this problem. I´ve done everything you´ve done and also couldn´t remove this crap! Please, if you have found a solution for this, please mail me! my email is danielsousat@gmail.com Thanx! daniel