Browser Hijack: I need expert help - Please!

Coolwebsearch, about:blank, esearch.cc and MSN have taken over my computer. I've run both Spy Sweeper and Ad-Aware 6.0 (most recently... for this posting) and haven't been able to eliminate these unwanted "hijackers." I need expert advice on how to effectively and completely eliminate these hijackers from my computer. Please help!! My HijackThis Log is posted below.

Logfile of HijackThis v1.97.7
Scan saved at 9:44:55 PM, on 7/6/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\BellSouth\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Documents and Settings\Marilyn\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = (value not set)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shorty - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\WINDOWS\win32app.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
O4 - Global Startup: Clean Temp Files.lnk = C:\WINDOWS\deltemp.bat
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: PDFtypewriter (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - http://support.fastaccess.com/sdccommon/download/tgctlpw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Express Viewer Control) - http://www.autodesk.com/global/expressviewer/installer/ExpressViewerSetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meeting.webex.com/client/latest/webex/ieatgpc.cab

Thanks for your help in advance. dk

 

Can anyone help me eliminate the "bad" files from my system. The 3 browser hijackers that I haven't been able to eliminate seem to be associated with CoolWebSearch and include: esearch.cc, about:blank and msn. I ran CWShredder 15901 today and it said my system was "clean." I also ran Ad-aware 6.0 and HijackThis 1.97.7 today. The logs for both are included below. I would very much appreciate your recommendations on next steps for "sanitizing" my system and preventing further intrusions. [GLOW]Frustrated in Atlanta![/GLOW]

Logfile of HijackThis v1.97.7
Scan saved at 6:37:36 PM, on 7/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\BellSouth\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Documents and Settings\Marilyn\Desktop\Tools\VIRUS CLEANING\HijackThis1977.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.yahoo.com\
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.yahoo.com\
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.esearch.cc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.esearch.cc/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = (value not set)
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shorty - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\WINDOWS\win32app.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F19E3AB4-63D3-4CFC-9AD4-A081AC0A9454} - C:\WINDOWS\System32\mpfbeg.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
O4 - Global Startup: Clean Temp Files.lnk = C:\WINDOWS\deltemp.bat
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: PDFtypewriter (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - http://support.fastaccess.com/sdccommon/download/tgctlpw.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Express Viewer Control) - http://www.autodesk.com/global/expressviewer/installer/ExpressViewerSetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meeting.webex.com/client/latest/webex/ieatgpc.cab


Lavasoft Ad-aware Plus Build 6.181
Logfile created on :Saturday, July 10, 2004 6:15:17 PM
Using reference-file :01R324 22.06.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


7-10-2004 6:15:17 PM - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 7-10-2004 8:25:55 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 8:25:57 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 8:25:57 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 8:25:58 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 7/10/2004 9:56:15 PM
Last modified : 8/23/2001 12:00:00 PM

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 8:25:58 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 7:41:26 AM
Last accessed : 7/10/2004 9:56:14 PM
Last modified : 8/29/2002 7:41:26 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 8:26:00 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 7/10/2004 9:56:15 PM
Last modified : 8/23/2001 12:00:00 PM

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 8:26:00 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 7/10/2004 9:56:15 PM
Last modified : 8/23/2001 12:00:00 PM

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 8:26:21 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 7/10/2004 9:56:15 PM
Last modified : 8/23/2001 12:00:00 PM

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 7-10-2004 8:26:21 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 7/10/2004 9:56:15 PM
Last modified : 8/23/2001 12:00:00 PM

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 7-10-2004 8:26:23 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 7:41:24 AM
Last accessed : 7/10/2004 10:06:14 PM
Last modified : 8/29/2002 7:41:24 AM

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 7-10-2004 8:26:24 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-114
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 7/10/2004 9:56:15 PM
Last modified : 8/23/2001 12:00:00 PM

#:12 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\
ThreadCreationTime : 7-10-2004 8:26:25 PM
BasePriority : Normal
FileSize : 73 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 6/16/2003 2:13:54 AM
Last accessed : 7/10/2004 9:26:20 PM
Last modified : 2/27/2002 3:27:58 PM

#:13 [hpztsb03.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ThreadCreationTime : 7-10-2004 8:26:25 PM
BasePriority : Normal
FileSize : 196 KB
FileVersion : 2,38,0,0
Copyright : Copyright (c) Hewlett-Packard Company 1999-2001
CompanyName : HP
ProductName : HP DeskJet
Created on : 6/16/2003 10:14:09 PM
Last accessed : 7/10/2004 9:26:21 PM
Last modified : 6/12/2001 9:13:05 AM

#:14 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ThreadCreationTime : 7-10-2004 8:26:25 PM
BasePriority : Normal
FileSize : 25 KB
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
Copyright : Copyright
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
OriginalFilename : REALPLAY.EXE
ProductName : RealPlayer (32-bit)
Created on : 6/18/2003 11:33:11 PM
Last accessed : 7/10/2004 9:32:50 PM
Last modified : 6/18/2003 11:33:11 PM

#:15 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ThreadCreationTime : 7-10-2004 8:26:25 PM
BasePriority : Normal
FileSize : 360 KB
Created on : 9/17/2003 3:19:16 AM
Last accessed : 7/10/2004 9:26:20 PM
Last modified : 9/11/2002 1:26:26 AM

#:16 [tgcmd.exe]
FilePath : C:\Program Files\Support.com\bin\
ThreadCreationTime : 7-10-2004 8:26:25 PM
BasePriority : Normal
FileSize : 1508 KB
FileVersion : 5,5,479,0
ProductVersion : 5,5,479,0
Copyright : Copyright 1997-2069 Support.com
CompanyName : Support.com, Inc.
FileDescription : Support.com Scheduler and Command Dispatcher
InternalName : TGCMD
OriginalFilename : TGCMD.EXE
ProductName : Support.com Scheduler and Command Dispatcher
Created on : 7/15/2002 5:48:32 PM
Last accessed : 7/10/2004 9:26:20 PM
Last modified : 7/15/2002 5:48:33 PM

#:17 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ThreadCreationTime : 7-10-2004 8:26:26 PM
BasePriority : Normal
FileSize : 96 KB
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
OriginalFilename : QTTask.exe
ProductName : QuickTime
Created on : 11/19/2003 10:04:28 PM
Last accessed : 7/10/2004 9:26:20 PM
Last modified : 5/29/2004 3:51:23 PM

#:18 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 7-10-2004 8:26:26 PM
BasePriority : Normal
FileSize : 1476 KB
FileVersion : 4.7.0041
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2001
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 6/16/2003 12:05:25 AM
Last accessed : 7/10/2004 9:26:20 PM
Last modified : 8/20/2002 7:08:38 PM

#:19 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 7-10-2004 8:26:32 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 6/16/2003 2:13:54 AM
Last accessed : 7/10/2004 9:55:44 PM
Last modified : 2/27/2002 3:29:26 PM

#:20 [cmanager.exe]
FilePath : C:\Program Files\BellSouth\Connection Manager\
ThreadCreationTime : 7-10-2004 8:26:34 PM
BasePriority : Normal
FileSize : 3976 KB
Created on : 9/17/2003 3:31:55 AM
Last accessed : 7/10/2004 9:25:55 PM
Last modified : 11/19/2002 5:53:28 PM

#:21 [ccd.exe]
FilePath : C:\PROGRA~1\BROADJ~1\CORREC~1\
ThreadCreationTime : 7-10-2004 8:27:15 PM
BasePriority : Normal
FileSize : 308 KB
Created on : 9/17/2003 3:31:36 AM
Last accessed : 7/10/2004 9:55:44 PM
Last modified : 8/16/2002 12:18:04 AM

#:22 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 7-10-2004 10:14:57 PM
BasePriority : Normal
FileSize : 671 KB
FileVersion : 6.0.1.182
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 2/4/2004 1:00:32 AM
Last accessed : 7/10/2004 10:14:57 PM
Last modified : 7/13/2003 3:01:14 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "file://C:\WINDOWS\TEMP\sp.html"

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "file://C:\WINDOWS\TEMP\sp.html"

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "file://C:\WINDOWS\TEMP\sp.html"
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "file://C:\WINDOWS\TEMP\sp.html"


Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 3
Objects found so far: 3


Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : marilyn@advertising[1].txt
Object : C:\Documents and Settings\Marilyn\Cookies\

Created on : 7/10/2004 9:43:59 PM
Last accessed : 7/10/2004 9:43:59 PM
Last modified : 7/10/2004 9:43:59 PM



Tracking Cookie Object recognized!
Type : File
Data : marilyn@atdmt[1].txt
Object : C:\Documents and Settings\Marilyn\Cookies\

Created on : 7/10/2004 9:59:42 PM
Last accessed : 7/10/2004 10:00:26 PM
Last modified : 7/10/2004 10:00:26 PM



Tracking Cookie Object recognized!
Type : File
Data : marilyn@fastclick[1].txt
Object : C:\Documents and Settings\Marilyn\Cookies\

Created on : 7/10/2004 9:59:41 PM
Last accessed : 7/10/2004 9:59:41 PM
Last modified : 7/10/2004 9:59:41 PM



Tracking Cookie Object recognized!
Type : File
Data : marilyn@gator[1].txt
Object : C:\Documents and Settings\Marilyn\Cookies\

Created on : 7/10/2004 9:43:59 PM
Last accessed : 7/10/2004 9:43:59 PM
Last modified : 7/10/2004 9:43:59 PM



Tracking Cookie Object recognized!
Type : File
Data : marilyn@qksrv[1].txt
Object : C:\Documents and Settings\Marilyn\Cookies\

Created on : 7/10/2004 9:43:59 PM
Last accessed : 7/10/2004 9:43:59 PM
Last modified : 7/10/2004 9:43:59 PM



Tracking Cookie Object recognized!
Type : File
Data : marilyn@servedby.advertising[1].txt
Object : C:\Documents and Settings\Marilyn\Cookies\

Created on : 7/10/2004 9:43:59 PM
Last accessed : 7/10/2004 9:43:59 PM
Last modified : 7/10/2004 9:43:59 PM



DealHelper Object recognized!
Type : File
Data : a0000038.dll
Object : C:\System Volume Information\_restore{F80B4496-A12B-4561-BDC2-71B6BB991823}\RP2\
FileSize : 8 KB
FileVersion : 254
ProductVersion : 254
Copyright : Copyright
CompanyName : Tarma Software Research Pty Ltd
FileDescription : Tarma Installer extension DLL
InternalName : _SETUP
OriginalFilename : _SETUP.DLL
ProductName : Tarma Installer
Created on : 5/15/2004 9:31:19 AM
Last accessed : 7/10/2004 10:22:30 PM
Last modified : 5/3/2004 8:21:23 PM



CoolWebSearch Object recognized!
Type : File
Data : a0000100.dll
Object : C:\System Volume Information\_restore{F80B4496-A12B-4561-BDC2-71B6BB991823}\RP4\
FileSize : 30 KB
Created on : 7/9/2004 9:42:14 AM
Last accessed : 7/10/2004 10:22:32 PM
Last modified : 7/9/2004 9:42:15 AM



CoolWebSearch Object recognized!
Type : File
Data : a0000108.dll
Object : C:\System Volume Information\_restore{F80B4496-A12B-4561-BDC2-71B6BB991823}\RP6\
FileSize : 30 KB
Created on : 7/9/2004 10:44:59 PM
Last accessed : 7/10/2004 10:22:34 PM
Last modified : 7/9/2004 10:44:59 PM



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 12


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
Value : ITBarLayout


Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 13


6:28:26 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:13:07:793
Objects scanned :87941
Objects identified :13
Objects ignored :0
New objects :13