|
Search Tech-Forums - link takes you to our Forum's search page. Note: The following is only a text archive! To view the actual forum discussion, please visit our website at http://www.tech-forums.net Pages:1 Can't get rid of adware/malware- Coolwww.search.aff.winshow(Click here to view the original thread with full colors/images)Posted by: MADWAD After running my Norton Anti-Virus scan then using ad-aware and Cw shredder i downloaded the newest version of Spybot 1.3. It found and fixed a good few problems areas except this stuff Coolwww.search.aff.winshow and Coolwww.search.008k. It said Some problems couldn't be fixed, the reason could be that the files are still in use (in memory). So i let Spybot 1.3 run at the next startup of my computer (it found the same two but still couldn't fix them) Whats the deal with these things? Any advice you be greatly great! Thanks for your time Posted by: emmynem_2005 What Operating System Do U Have??? Posted by: southernlady MADWAD, you need to follow the instructions in this thread: [url]http://www.tech-forums.net/showthread.php?s=&threadid=34713[/url] Liz Posted by: MADWAD Sorry about that Southern Lady, I`ll do what you asked of me but i have a really stupid question first......How do i reboot in Safe Mode in windows xp? I know "get off the crack" but i`m a newbie when it comes to computers...Thanks Again Posted by: Warez Monster Reboot and hit f8 Posted by: rstones12 [url]http://www.pchell.com/support/safemode.shtml[/url] Windows XP If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions. * If the computer is running, shut down Windows, and then turn off the power * Wait 30 seconds, and then turn the computer on. * Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. * Ensure that the Safe mode option is selected. * Press Enter. The computer then begins to start in Safe mode. * When you are finished with all troubleshooting, close all programs and restart the computer as you normally would. Posted by: MADWAD Hello, I went through all the instructions on this board before posting this HJT log.It seems i still have spyware/adware and while using spybot 1.3 i find Coolwww.search.aff.winshow and Coolwww.search.008k. It said Some problems couldn't be fixed, the reason could be that the files are still in use (in memory). Anyways if anyone could take a look it would be great.THANK YOU Logfile of HijackThis v1.98.2 Scan saved at 2:39:24 AM, on 2/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\hphmon04.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Labtec Wireless Desktop\MagicKey.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Labtec Wireless Desktop\MulMouse.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\HPHipm11.exe C:\Program Files\Labtec Wireless Desktop\OSD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Programs\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.3\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409[/url] O16 - DPF: {2B55B5F0-9D95-48CF-96A1-FEAF74CEC150} (portLoader Class) - [url]http://a248.g.akamai.net/7/248/9286/200309241629/ps.theport.com/xmlplayer/eng2/download.cab[/url] O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe[/url] O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - [url]http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe[/url] O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]https://www.gamespyid.com/alaunch.cab[/url] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] Posted by: MADWAD Sorry about not starting a new thread with my HJT log, but i though i had started a new thread, Should i post my HJT log in a new thread now or just leave this be? Sorry SouthernLady..:( Posted by: southernlady We will continue where we are, that's why I joined the two together and moved them. You had info in the first thread we needed that affected the hijack log. Liz Posted by: southernlady Madwad, while I go ahead and analyze what I have, I need you to follow this link: [URL=http://www.majorgeeks.com/download3155.html]HijackThis[/URL] your's is outdated. I need version 1.99 please. Liz Posted by: southernlady Madwad, what I have of your log is clean...so unless something shows in the updated log, I'll have to have you run something else. Liz Posted by: MADWAD Here it is - Thanks ! Logfile of HijackThis v1.99.1 Scan saved at 2:49:23 PM, on 2/16/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Analog Devices\SoundMAX\Smtray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\WINDOWS\System32\hphmon04.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\Program Files\Labtec Wireless Desktop\MagicKey.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Labtec Wireless Desktop\MulMouse.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\System32\HPHipm11.exe C:\Program Files\Labtec Wireless Desktop\OSD.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.3\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 5.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Enable Labtec Wireless Desktop.lnk = C:\Program Files\Labtec Wireless Desktop\MagicKey.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url]http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409[/url] O16 - DPF: {2B55B5F0-9D95-48CF-96A1-FEAF74CEC150} (portLoader Class) - [url]http://a248.g.akamai.net/7/248/9286/200309241629/ps.theport.com/xmlplayer/eng2/download.cab[/url] O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - [url]http://a1540.g.akamai.net/7/1540/52/20021205/qtinstall.info.apple.com/drakken/us/win/QuickTimeInstaller.exe[/url] O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - [url]http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe[/url] O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - [url]https://www.gamespyid.com/alaunch.cab[/url] O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - [url]http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[/url] O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - [url]http://www.bitdefender.com/scan/Msie/bitdefender.cab[/url] O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe Posted by: southernlady MADWAD, download, unzip, and run [URL=http://www.spyware911.net/downloads/startdreck.zip]Startdreck[/URL] And the paste your results here. Btw, that log is clean too. Liz Posted by: MADWAD Here we go again, i ran spybot 1.3 just to make sure that coolwww.search.aff is still being found (but can't be deleted) and it is but anyways heres tthe startdreck log. Again thank you very much for taking sometime to look at this. StartDreck (build 2.1.7 public stable) - 2005-02-16 @ 16:10:25 (GMT -03:-30) Platform: Windows XP (Win NT 5.1.2600 Service Pack 2) Internet Explorer: 6.0.2900.2180 Logged in as Home at 3FZPNQF5RGQV1ZL 舞egistry 舞un Keys 翟urrent User 舞un *MsnMsgr="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background *LDM=\Program\BackWeb-8876480.exe 舞unOnce 聞efault User 舞un 舞unOnce 腿ocal Machine 舞un *Share-to-Web Namespace Daemon=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime *QuickFinder Scheduler="C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" *HPHUPD04="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" *HPHmon04=C:\WINDOWS\System32\hphmon04.exe *HPDJ Taskbar Utility=C:\WINDOWS\System32\spool\drivers\w32x86\3 \hpztsb05.exe *msnappau="C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe" *NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup *nwiz=nwiz.exe /install *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit *ccApp="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" *Symantec NetDriver Monitor=C:\PROGRA~1\SYMNET~1\SNDMon.exe *SunJavaUpdateSched=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe *Zone Labs Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" *gcasServ="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" 舞unOnce 舞unServices 舞unServicesOnce 舞unOnceEx 舞unServicesOnceEx 肇ile Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.disabled *SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy1.3\blindman.exe" "%1" +.exe *exefile="%1" %* +.hta *htafile=C:\WINDOWS\System32\mshta.exe "%1" %* +.htm *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.html *htmlfile="C:\Program Files\Internet Explorer\iexplore.exe" -nohome +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] 翡rowser Helper Objects (LM) *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} `InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx *{53707962-6F74-2D53-2644-206D7942484F} `InprocServer32=C:\PROGRA~1\SPYBOT~1.3\SDHelper.dll *ST/{9394EDE7-C8B5-483E-8773-474BF36AF6E4} `InprocServer32=C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll *MSNToolBandBHO/{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} `InprocServer32=C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll *Navbho.CNavExtBho.1/{BDF3E430-B101-42AD-A544-FADC6B084872} `InprocServer32=C:\Program Files\Norton AntiVirus\NavShExt.dll 肇iles 翠utostart Folders 翟urrent User *C:\Documents and Settings\Home\Start Menu\Programs\Startup\desktop.ini 聞efault User *C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini 腿ocal Machine *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Enable Labtec Wireless Desktop.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk *C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk 膏NI-Files 蓄IN.INI\[windows] *LOAD= *RUN= 艋YSTEM.INI\[boot] *SHELL=Explorer.exe 蓉ext Files *C:\boot.ini *C:\msdos.sys *C:\config.sys *C:\WINDOWS\system32\config.nt *C:\autoexec.bat *C:\WINDOWS\system32\autoexec.nt *C:\WINDOWS\wininit.ini *C:\WINDOWS\system32\drivers\etc\hosts 艋ystem/Drivers 舞unning Processes +0=<idle> +4=<system> +584=\SystemRoot\System32\smss.exe +712=\??\C:\WINDOWS\system32\csrss.exe +784=\??\C:\WINDOWS\system32\winlogon.exe +844=C:\WINDOWS\system32\services.exe +856=C:\WINDOWS\system32\lsass.exe +1004=C:\WINDOWS\system32\svchost.exe +1088=C:\WINDOWS\system32\svchost.exe +1188=C:\WINDOWS\System32\svchost.exe +1264=C:\WINDOWS\System32\svchost.exe +1408=C:\WINDOWS\System32\svchost.exe +1620=C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe +1636=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe +1660=C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe +1712=C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe +1844=C:\WINDOWS\Explorer.EXE +2040=C:\WINDOWS\system32\spoolsv.exe +396=C:\WINDOWS\system32\drivers\KodakCCS.exe +432=C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe +484=C:\WINDOWS\system32\nvsvc32.exe +640=C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe +748=C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe +796=C:\WINDOWS\system32\wdfmgr.exe +1440=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe +1504=C:\WINDOWS\System32\hphmon04.exe +1520=C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-ca\msnappau.exe +1600=C:\WINDOWS\system32\RUNDLL32.EXE +1608=C:\Program Files\Common Files\Symantec Shared\ccApp.exe +1724=C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe +904=C:\Program Files\Labtec Wireless Desktop\MagicKey.exe +176=C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe +468=C:\Program Files\Labtec Wireless Desktop\MulMouse.exe +488=C:\WINDOWS\system32\rundll32.exe +632=C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe +2304=C:\WINDOWS\System32\HPHipm11.exe +2884=C:\WINDOWS\System32\alg.exe +540=C:\Program Files\Labtec Wireless Desktop\OSD.EXE +2576=C:\Program Files\Norton AntiVirus\navapsvc.exe +1284=C:\Program Files\Internet Explorer\iexplore.exe +2352=C:\Program Files\Messenger\msmsgs.exe +2376=C:\My Downloads\startdreck\StartDreck.exe 臧T Services *Alerter Alerter - disabled *Application Layer Gateway Service ALG running on demand *Application Management AppMgmt - on demand *Windows Audio AudioSrv running auto *Background Intelligent Transfer Service BITS - on demand *Computer Browser Browser running auto *Symantec Event Manager ccEvtMgr running auto *Symantec Password Validation ccPwdSvc - on demand *Symantec Settings Manager ccSetMgr running auto *Indexing Service CiSvc - on demand *ClipBook ClipSrv - disabled *COM+ System Application COMSysApp - on demand *Cryptographic Services CryptSvc running auto *DCOM Server Process Launcher DcomLaunch running auto *DHCP Client Dhcp running auto *Logical Disk Manager Administrative Service dmadmin - on demand *Logical Disk Manager dmserver - on demand *DNS Client Dnscache running auto *Error Reporting Service ERSvc running auto *Event Log Eventlog running auto *COM+ Event System EventSystem running on demand *Fast User Switching Compatibility FastUserSwitchingCom running on demand *Help and Support helpsvc running auto *Human Interface Device Access HidServ - disabled *HTTP SSL HTTPFilter - on demand *IMAPI CD-Burning COM Service ImapiService - on demand *Kodak Camera Connection Software KodakCCS running auto *Server lanmanserver running auto *Workstation lanmanworkstation running auto *TCP/IP NetBIOS Helper LmHosts running auto *Messenger Messenger - disabled *NetMeeting Remote Desktop Sharing mnmsrvc - on demand *Distributed Transaction Coordinator MSDTC - on demand *Windows Installer MSIServer - on demand *Norton AntiVirus Auto-Protect Service navapsvc running on demand *Network DDE NetDDE - disabled *Network DDE DSDM NetDDEdsdm - disabled *Net Logon Netlogon - on demand *Network Connections Netman running on demand *Network Location Awareness (NLA) Nla running on demand *Norton AntiVirus Firewall Monitor Service NPFMntor running auto *NT LM Security Support Provider NtLmSsp - on demand *Removable Storage NtmsSvc - on demand *NVIDIA Display Driver Service NVSvc running auto *Plug and Play PlugPlay running auto *Pml Driver HPH11 Pml Driver HPH11 running on demand *IPSEC Services PolicyAgent running auto *Protected Storage ProtectedStorage running auto *Remote Access Auto Connection Manager RasAuto - on demand *Remote Access Connection Manager RasMan running on demand *Remote Desktop Help Session Manager RDSessMgr - on demand *Routing and Remote Access RemoteAccess - disabled *Remote Procedure Call (RPC) Locator RpcLocator - on demand *Remote Procedure Call (RPC) RpcSs running auto *QoS RSVP RSVP - on demand *Security Accounts Manager SamSs running auto *SAVScan SAVScan - on demand *ScriptBlocking Service SBService - auto *Smart Card SCardSvr - on demand *Task Scheduler Schedule running auto *Secondary Logon seclogon running auto *System Event Notification SENS running auto *Windows Firewall/Internet Connection Sharing (I SharedAccess running auto `CS) *Shell Hardware Detection ShellHWDetection running auto *Symantec Network Drivers Service SNDSrvc running auto *SoundMAX Agent Service SoundMAX Agent Servi running auto *Symantec SPBBCSvc SPBBCSvc running auto *Print Spooler Spooler running auto *System Restore Service srservice running auto *SSDP Discovery Service SSDPSRV running on demand *Windows Image Acquisition (WIA) stisvc - on demand *MS Software Shadow Copy Provider SwPrv - on demand *Symantec Core LC Symantec Core LC running auto *Performance Logs and Alerts SysmonLog - on demand *Telephony TapiSrv running on demand *Terminal Services TermService running on demand *Themes Themes running auto *Distributed Link Tracking Client TrkWks running auto *Windows User Mode Driver Framework UMWdf running auto *Universal Plug and Play Device Host upnphost - on demand *Uninterruptible Power Supply UPS - on demand *TrueVector Internet Monitor vsmon - auto *Volume Shadow Copy VSS - on demand *Windows Time W32Time running auto *WebClient WebClient running auto *Windows Management Instrumentation winmgmt running auto *Portable Media Serial Number Service WmdmPmSN - on demand *WMI Performance Adapter WmiApSrv - on demand *Security Center wscsvc running auto *Automatic Updates wuauserv running auto *Wireless Zero Configuration WZCSVC running auto *Network Provisioning Service xmlprov - on demand 翠pplication specific Posted by: southernlady Your StartDreck file is clean. I just do not see anything here. Download and run [URL=http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en]Microsoft簧 Windows AntiSpyware (Beta)[/URL] and see if it comes up with the same result as Spybot cause once in a while Spybot comes up with a false positive. Also did AdAware with the VX2 cleaner come up with the same result as Spybot? Liz Posted by: MADWAD SouternLady, i`ve already downloaded microsoft anti-spyware and have run a full scan, it found a good bit of adware those other programs missed. I guess it must be a false positve but when i try to delete them it says"could be running in memory". What does that mean? No ,adaware and vx2 cleaner do not find the coolwww.search.aff.winshow and coolwww.search.008k. WEIRD STUFF HEY? anyways thanks for helping me out it must be nothing (or at least nothing important!) Thanks LIZ Posted by: southernlady You're welcome and if something does pop up, let me know and I'll reopen the thread. Liz vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited. PPC Management vB Easy Archive Final - Created by Xenon |