Request for help to remove the 'coolwwwsearch.com' trojan

Recently I opened an email from someone who I thought used to be an acquaintance. My hotmail account blocked some of the contents, so I got suspicious. I ran Spybot Search and Destroy recently detected the trojan 'coolwwwsearch.com' on my machine.

From reading other posts, it seems to be a tough one to beat.

I followed your cleanup instructions and used SUPERAntiSpyware in safe-mode to remove as much of it as I could. I used MGTools to create HJT logs etc (see attached). Also included in that log is my system info.

I don't know if the computer is fixed, but my anti-keylogger software is not working properly (it keeps shutting down). Can this be fully removed or do I need to do a clean re-install?

 

Hi TimW

SAS and MBAM logs are attached, along with C:\MGLogs.zip.

My system is Windows 7 home premium, so ComboFix wouldn't install.
Regards,
Doug

 

Hi TimW,

ESET found
C:\MGTools\Process.exe Win32/PrcView application
Is that a legitimate function for MGTools, e.g. a false +ve?

I don't know whether the trojan has embedded into my system restore points or not: I've read others have had this issue. Is this likely to be an issue?

The main result of this virus/clean up is that Guarded ID (my kernel based anti-keylogger program) is no longer functioning as it did before hand. Now, when I type into the "IE or mozilla: find box; the google toolbar; or the URL box", numbers come up instead of letters. Also, I run a program called Personal Brain (mind-mapping software), and the same issue occurs.
I will probably attempt to re-install this program again, as when its not running, everything is fine.

The other minor issue is that my hook-based anti-keylogger (Keylogger hunter) no longer runs from start up, as it did before the infection.
I am wondering if the trojan attempted to mess with these programs?

After deleting that At1.job, it seems that the random pop up ad's have stopped coming up. Has your strategy worked?

 

I've just un-installed GuardedID and used CCleaner to do a clean up and registry clean.

I re-installed and re-activated the GuardedID licence, and it is up and running again. However: the same issue remains, typing in text into the URL box, the google toolbar, and the find box in both IE and Mozilla result in numbers instead of letters.

I am going to call their tech support too, but re-installing hasn't helped.