coolwwwsearch.olehelp. rootkits detected, please help

[peku006]

Hi aaron2691

Malwarebytes' Anti-Malware

• Open Malwarebytes' Anti-Malware
• Select the Update tab
• Click Check for Updates
• After the update have been completed, Select the Scanner tab.
• Make sure the "Perform full scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

1. Click on the Show Results button to see a list of any malware that was found.
2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
   We will take care of the System Volume Information items later.
3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
   The log can also be found here:
   C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
5. Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please reply with

the Malwarebytes' Anti-Malware Log

Thanks peku006

[aaron2691]

here is the log you requested. MB did request for me to reboot the computer. I have already done so. Thanks.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5128

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

11/16/2010 1:27:35 PM
mbam-log-2010-11-16 (13-27-35).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 337491
Time elapsed: 52 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (explorer.exe,C:\Users\Savannah\AppData\Roaming\Microsoft\Windows\shell.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[peku006]

Hi aaron2691

logs look good
How's the computer running now? Any problems?

[COLOR=darkred]Thanks peku006[/COLO

[aaron2691]

The size of the font & images on firefox pages is disproportional & this morning avira reported that the new files could not be downloaded properly, but I will try updating it again this evening. I have not noticed anything else unusual at this point but will let you know if I come across anything. Thank you again for all of your much needed help! We REALLY appreciate it!

[aaron2691]

sorry about the delays between the last few posts peku. I had to go out of town, and the wife said that she would handle finishing up with you. but then she had issues logging into my account. and I didn't have internet access. Thanks again for your time.