Author Topic: Can't get rid of coolwwwsearch (Read 1218 times)

donna4909 · « **Reply #20 on:** June 14, 2008, 06:15:20 PM »

SafeCast Shared Components wasn't in the add/remove programs list. Win32 BI Application says:
Error: could not locate the INF file 'C:\WINDOWS\INF\payload.inf'.

The only programs I need on startup are Outpost & Avira. System is still running sluggish. Has been since I installed Avira. I knew it would be though. That's why I uninstalled previous AV software. I had Panda at one point. I was hoping to just be able to run a firewall, but I guess I need both. Ah well...

Here's the new DSS log:

Deckard's System Scanner v20071014.68
Run by Owner on 2008-06-14 19:17:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]Total Physical Memory: 510 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:18 PM, on 6/14/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\Firewall\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Firewall\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /1
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213061818452
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Firewall\OUTPOS~1\outpost.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 4760 bytes

-- Files created between 2008-05-14 and 2008-06-14 -----------------------------

2008-06-14 19:09:18 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-06-14 04:19:02 0 d-------- C:\Program Files\Java
2008-06-14 04:18:27 0 d-------- C:\Program Files\Common Files\Java
2008-06-14 04:08:02 0 d-------- \_OTMoveIt
2008-06-12 17:29:23 0 d-------- C:\Program Files\Avira
2008-06-12 17:29:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-12 17:05:40 0 d--hs---- \RECYCLER
2008-06-12 16:18:01 0 d-------- \QooBox
2008-06-12 16:18:00 68096 --a------ C:\WINDOWS\zip.exe
2008-06-12 16:18:00 49152 --a------ C:\WINDOWS\VFind.exe
2008-06-12 16:18:00 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-06-12 16:18:00 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-06-12 16:18:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-06-12 16:18:00 98816 --a------ C:\WINDOWS\sed.exe
2008-06-12 16:18:00 80412 --a------ C:\WINDOWS\grep.exe
2008-06-12 16:18:00 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-06-12 15:55:14 534827008 --ahs---- \hiberfil.sys
2008-06-11 20:07:03 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-06-11 20:07:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-11 20:07:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-11 18:58:53 0 d-------- C:\WINDOWS\ERUNT
2008-06-11 18:58:17 0 d-------- \SDFix
2008-06-11 17:54:23 0 d-------- \Deckard
2008-06-11 16:26:23 0 d-------- C:\Program Files\InterMute
2008-06-11 15:48:47 0 d-------- C:\Documents and Settings\Owner\Application Data\Key Metric Software
2008-06-11 15:38:10 0 d-------- C:\Program Files\SpaceAnylizer
2008-06-11 15:38:10 0 d-------- C:\Program Files\Common Files\Key Metric Software
2008-06-11 15:38:08 0 d--h----- C:\Documents and Settings\All Users\Application Data\{2523FC71-7736-4A2A-B0C7-8D36B58E4800}
2008-06-11 00:48:52 0 d-------- C:\WINDOWS\System32\PreInstall
2008-06-11 00:48:44 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-11 00:29:34 0 d-------- C:\WINDOWS\System32\bits
2008-06-10 05:19:35 0 d-------- C:\Program Files\Common Files\Webroot Shared
2008-06-10 05:19:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-05-16 15:27:28 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-05-16 15:27:28 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-05-16 15:27:28 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-05-16 15:27:28 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-05-16 15:27:28 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-05-16 15:27:28 0 dr------- C:\Documents and Settings\Administrator\My Documents
2008-05-16 15:27:28 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-05-16 15:27:28 0 dr------- C:\Documents and Settings\Administrator\Favorites
2008-05-16 15:27:28 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-05-16 15:27:28 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-05-16 15:27:28 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-05-16 15:27:27 2097152 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT

-- Find3M Report ---------------------------------------------------------------

2008-06-14 19:10:33 786432000 --ahs---- \pagefile.sys
2008-06-14 04:18:27 0 d-a------ C:\Program Files\Common Files
2008-06-13 19:31:19 0 d-------- C:\Program Files\Full Tilt Poker.Net
2008-06-12 17:46:59 0 d-------- C:\Documents and Settings\Owner\Application Data\ield
2008-06-11 16:11:17 0 d-------- C:\Program Files\hp
2008-06-11 15:21:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-11 02:12:07 0 d-------- C:\Program Files\Visual Labels
2008-06-11 02:12:07 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2008-06-10 16:57:37 0 d-------- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
2008-06-10 05:22:06 0 d-------- C:\Program Files\Winamp
2008-06-10 05:19:36 0 d-------- C:\Documents and Settings\Owner\Application Data\Webroot
2008-06-10 05:19:35 0 d-------- C:\Program Files\Webroot
2008-06-04 22:26:16 0 d-------- C:\Program Files\SoapMaker
2008-05-14 14:03:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-14 13:36:03 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-05-14 13:36:02 0 d-------- C:\Program Files\ACD Systems
2008-04-30 03:13:32 0 d-------- C:\Program Files\Common Files\Motive
2008-04-28 22:54:35 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Outpost Firewall"="C:\PROGRA~1\Firewall\OUTPOS~1\outpost.exe" [04/09/2004 05:18 PM]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [08/07/2001 08:36 PM]
"PS2"="C:\WINDOWS\system32\ps2.exe" [07/03/2001 06:13 PM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/12/2008 10:06 AM]
"Tweak UI"="TWEAKUI.CPL" [06/18/2000 02:03 PM C:\WINDOWS\SYSTEM32\TWEAKUI.CPL]
"S3TRAY2"="S3tray2.exe" [10/04/2001 03:06 PM C:\WINDOWS\SYSTEM32\S3tray2.exe]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [06/15/2001 07:34 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" []
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [05/07/1998 01:04 PM]
"FastUser"="C:\WINDOWS\System32\fast.exe" [10/08/2001 01:59 PM]
"CoolSwitch"="C:\WINDOWS\System32\taskswitch.exe" [10/08/2001 01:59 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" []
"Washer"="C:\Program Files\Washer\washer.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"IMEKRMIG6.1"=108209130520750479696720982160565757815579836
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoRecentDocsHistory"=01000000
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoSMHelp"=01000000
"NoLogoff"=0 (0x0)
"NoNetworkConnections"=01000000
"ClearRecentDocsOnExit"=1 (0x1)

-- End of Deckard's System Scanner: finished at 2008-06-14 19:18:43 ------------

guestolo · « **Reply #21 on:** June 15, 2008, 08:47:25 AM »

Open HijackThis>>Open The Misc tools section>>Open the Uninstall Manager
Left click to highlight Win32 BI Application on the left side
On the right side click the "Delete this entry"
Ok the prompt then close Hijackthis

Some entries in your Hijackthis log are created by Tweakui Powertoy for Windows XP
Do you actually use it?

Or you can remove it from Add and Remove Programs

If you decide to remove it, can you come back here and post a fresh hijackthis log please

In addition, can you let me know that last time you ran a Disk Defragmenter on this computer
Also, is this verion of Windows XP legit? I see that your way behind on Windows updates

donna4909 · « **Reply #22 on:** June 15, 2008, 03:04:17 PM »

Ok, I removed the Win 32 & uninstalled TweakUI. I hardly ever used it anyway. Rebooted, but it seems TweakUI is still installed.

Haven't defragged in a long time. Maybe a year or so. I'll set it up to defrag when we go out for dinner tonight.

Yes, my XP is a legitimate copy. I don't have the disc for it, but it came preinstalled on this computer (HP) when I bought it.

I'll go check Microsoft and see what updates I need to get.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:17 PM, on 6/15/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\Firewall\OUTPOS~1\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Firewall\OUTPOS~1\outpost.exe /waitservice
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - .DEFAULT User Startup: AutoPlay.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://setup.bellsouth.net/wizlet/PWReset/...aller_6-1-2.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1213061818452
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal â€“ Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Firewall\OUTPOS~1\outpost.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 4453 bytes

guestolo · « **Reply #23 on:** June 15, 2008, 03:34:20 PM »

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\System32\fast.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
There should be 2 entries related to Powertoys + Tweak UI in add and remove programs
They are
Powertoys For Windows XP
and
Tweakui Powertoy for Windows XP

Before you go visit Microsoft Windows updates
Can you post back,
We should make some room on your harddrive, it's running low on space
What is the size of the harddrive?
Open MyComputer>>Right click on C: drive and select Properties, should give you the info
Do you have a lot of pictures, songs, etc on this drive taking a lot of space up?

DON'T do the below yet
============================================================
I would opt to disable any power schemes and screen savers
Temporarily disable Avira by right clicking it's icon by the clock and Uncheck AntiVir Guard Enable
Then manually run the Disk defragmenter on your C: drive
Start>>all programs>>accessories>>system Tools>>Disk Defragmenter
Reboot afterwards

If you manually go to visit Windows updates
Run the Express scan, can you let me know if it first offers Service pack 2 before SP3
Can you refrain from installing SP3 for a bit till you get back to me please

Note: might be a good idea to temporarily disable Avira while installing Windows updates of this size
Same procedure, right click it's icon and Uncheck AntiVir Guard Enable
==============================================================
Additional NOTE: We still have some cleaning to do of the tools that we used
I'll post those steps next when you get back to me

donna4909 · « **Reply #24 on:** June 15, 2008, 09:11:47 PM »

I did uninstall the two tweak ui entries. But I still have a TweakUIXP icon in my control panel.

The hard drive is 32GB. When I first posted, I was very low on HD space. Less than a gig. But I couldn't figure out what was taking up all my extra space. I finally found the hidden folder when I ran a HD space anylizer. Anyway, it had like 11 gig of movie and tv show exe files. No clue how they got there. I certainly didn't put them there. It looked to be just an empty shared folder (no icons showing), but in it's properties I could see the 11GB of space it was using, and during the AV scan I saw it go through all the filenames in that directory. I eventually just deleted the folder.

After deleting that folder, I had about 12 gig of space. After the AV proggy & scanners, I came down to 10 gig or so, but sufficient to dl the update. I just installed service pack 2. It has like 89 more downloads listed for me to get...

I really thought I already had SP2. I thought I installed it a long time ago, like shortly after it became available. I thought I'd had it already installed this whole time... I even bugged my hubby like 2 months ago to get it because I noticed he didn't have it updated on his computer. *lol*

So, I currently have 7.59 gig of HD space left. I do have some pics and songs on here, but not more than 3 or 4 gig combined. I also have a few larger programs that I use, and don't want to get rid of. A couple graphics programs, web page builders, and The Sims game. I've uninstalled pretty much every program I don't use at this point, and even some I didn't want to get rid of. But that was before I found the hidden folder, and I was so low on space I was getting errors. Had to do something.

guestolo · « **Reply #25 on:** June 15, 2008, 11:16:48 PM »

It's great to hear you cleared off some free space, you needed it

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Let's remove some of the tools that we used and make a bit more room
Optionally, you can hold onto MalwareByte's AntiMalware
Or uninstall it from Add and Remove programs
You may opt to hold onto it and update and run a quick scan occassionally, it's a small program
Don't reboot the computer yet if you choose to uninstall it

I would choose to hold onto Spybot Search and Destroy also
Check for Updates every couple of weeks and ensure to Immunize after every update if possible
Run a scan occasionally

You can manually delete ATF-Cleaner.exe or hold onto it, your option
It's a great little utility to help clean temp files, cookies, etc..

Include this next small program in your security, like Spybot's Immunization, it doesn't run in the background
using valuable resources
SpywareBlaster by JavaCool

After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

Hold onto Avira AntiVir, you are not well protected without appropriate AV software
Can you open Avira by double click it's icon by the clock
Left click on ADMINISTRATION on the left
Ensure QUARANTINE is selected, look on the right side pane
Select all objects and use the Trash icon to delete all objects

Look at the Scheduler under Administration, leave the Daily update selected
You may want to choose to Enable the Complete Scheduled scan
You can Edit the job from daily to weekly and choose what is the most appropriate time

Go to START>>RUN>>Copy and Paste the next command in bold

ComboFix /u

Then hit OK
This will uninstall Combofix and it's components

OTMoveit2.exe

Double-click OTMoveIt2.exe to run it.
Click the Cleanup! button
A list will be downloaded>>Allow it Internet access if prompted by your Firewall
Don't change anything in this list
Select Yes at the prompt
Wait for the confirmation box to open to reboot the computer
Don't mouseclick during the wait as you may cause the tool to stall
Select Yes to reboot Now

NOTE: This procedure will also delete OTMoveit.exe from desktop

Back to Windows updates and defragging
After XP Service Pack 2 is installed, but before SP3
I would opt to disable any power schemes and screen savers
Temporarily disable Avira by right clicking it's icon by the clock and Uncheck AntiVir Guard Enable
Then manually run the Disk defragmenter on your C: drive
Start>>all programs>>accessories>>system Tools>>Disk Defragmenter
Reboot afterwards

Let me know when you have that done
SOME Users with HP computers and non intel processors are having difficult times with Service Pack 3 for XP
Constant reboots and error messages
Before attempting to install it
Can you come back here and post a fresh hijackthis log
Let's ensure your computer is prepared

guestolo · « **Reply #26 on:** July 06, 2008, 08:15:05 PM »

I'll lock this topic as your problems appear resolved
Take care

TheTechGuide Forum

News:

Author Topic: Can't get rid of coolwwwsearch (Read 1218 times)

donna4909

Can't get rid of coolwwwsearch

guestolo

Can't get rid of coolwwwsearch

donna4909

Can't get rid of coolwwwsearch

guestolo

Can't get rid of coolwwwsearch

donna4909

Can't get rid of coolwwwsearch

guestolo

Can't get rid of coolwwwsearch

guestolo

Can't get rid of coolwwwsearch