CoolwwwSearch.olehelp along with WindowsSecurityEssentials

Status
Not open for further replies.
K

kkchen

New member
The coolwwsearch is the main problem as it slows down my google by a lot. The WindowsSecurityEssentials would be a problem except I can disable it with runanalyzer XD, but they are still problems and I would appreciate help.

(This is a correction of my last thread as I can't read directions)



DDS (Ver_10-11-10.01) - NTFSx86
Run by Administrator at 11:48:25.65 on Thu 11/25/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.866 [GMT -6:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\4t Tray Minimizer\4t-min.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\System32\mshta.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\ADMINI~1\AppData\Local\Temp\dwm.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Safer Networking\RunAlyzer\RunAlyzer.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\AppData\Roaming\Microsoft\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=127.0.0.1:50370
uWinlogon: Shell=explorer.exe,c:\users\administrator\appdata\roaming\microsoft\windows\shell.exe
uWindows: Load=c:\users\admini~1\appdata\local\temp\dwm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google

toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\administrator\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [svchost] c:\users\administrator\appdata\roaming\microsoft\svchost.exe
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\4ttray~1.lnk - c:\program files\4t tray minimizer\4t-min.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\administrator\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.jp/3drender/renderer/mabiweb.2010.05.24.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8F60EE6F-DC53-4F9C-9E66-84BD2A545805} - hxxp://hb.getamped.com/start/CsLauncher.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: avgrsstx.dll
SSODL: AudioProcessorClass - {9cd65c38-dbfb-483d-8a48-7f7b4716305b} - c:\program files\common files\audioprocessor\AudioProcessorClass.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\iun8biyt.default\
FF - prefs.js: network.proxy.ftp - 208.92.249.118
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 208.92.249.118
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 208.92.249.118
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 208.92.249.118
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 208.92.249.118
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\administrator\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\administrator\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\iun8biyt.default\extensions\{077a24e9-0db5-435f-9010-5261c53e5925}

\plugins\npmabiwebframe.dll
FF - plugin: c:\users\administrator\documents\sparkplay media\sparkplayer (beta)\npSparkPlayerNS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--

mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-27 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-27 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-27 243024]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
S2 nmqaq;Shell Security;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S2 zzmadfdbj;Microsoft Shell;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 21504]
S3 CEDRIVER55;CEDRIVER55;c:\program files\cheat engine\dbk32.sys [2010-2-13 60416]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe --> c:\program files\dragon

age\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 LiveTurbineMessageService;Turbine Message Service - Live;"c:\program files\turbine\turbine download manager\turbinemessageservice.exe" --> c:\program

files\turbine\turbine download manager\TurbineMessageService.exe [?]
S3 LiveTurbineNetworkService;Turbine Network Service - Live;"c:\program files\turbine\turbine download manager\turbinenetworkservice.exe" --> c:\program

files\turbine\turbine download manager\TurbineNetworkService.exe [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva344;XDva344;c:\windows\system32\XDva344.sys [2010-5-26 70600]

=============== Created Last 30 ================

2010-11-25 17:45:45 120832 ----a-w- c:\users\admini~1\appdata\roaming\microsoft\svchost.exe
2010-11-25 17:27:39 54016 ----a-w- c:\windows\system32\drivers\crxsj.sys
2010-11-25 17:18:23 548352 ----a-w- c:\users\admini~1\appdata\roaming\hotfix.exe
2010-11-21 21:55:20 -------- d-----w- c:\program files\Safer Networking
2010-11-19 04:51:24 123904 ----a-w- c:\users\admini~1\appdata\roaming\microsoft\svchos3t.exe
2010-11-14 23:56:16 -------- d-----w- c:\users\admini~1\appdata\roaming\Megaupload
2010-11-14 23:55:20 -------- d-----w- c:\program files\Megaupload
2010-11-12 00:20:54 -------- d-----w- c:\users\admini~1\appdata\local\Ironclad Games
2010-11-12 00:09:03 -------- d-----w- c:\program files\Stardock
2010-11-06 23:51:20 -------- d-----w- C:\Perfect World Entertainment
2010-11-02 03:02:00 -------- d-----w- C:\AeriaGames
2010-10-31 23:29:01 -------- d-----w- c:\users\admini~1\appdata\roaming\Vivox
2010-10-31 23:21:42 -------- d-----w- c:\users\admini~1\appdata\roaming\IMVU
2010-10-31 23:20:59 -------- d-----w- c:\users\admini~1\appdata\roaming\IMVUClient

==================== Find3M ====================

2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 11:48:36.87 ===============
 
Hello kkchen,

Your previous open topic was started November 21st, http://forums.spybot.info/showthread.php?t=60500

If you have waited four days or longer for assistance, please start a topic in this sub-forum and post with a link back to your topic in the Malware forum, so that we know who you are and your topic is not archived.
Click to expand...
The Waiting Room

It might be best if you do that and provide a link back to this new topic (which is now closed) also. :)

Best regards.
 
Status
Not open for further replies.
Back
Top