Browser Hijack: I need expert help - Please!

Discussion in 'adware, spyware & hijack cleaning' started by dkuech, Jul 6, 2004.

Thread Status:
Not open for further replies.
  1. dkuech

    dkuech Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    2
    Coolwebsearch, about:blank, esearch.cc and MSN have taken over my computer. I've run both Spy Sweeper and Ad-Aware 6.0 (most recently... for this posting) and haven't been able to eliminate these unwanted "hijackers." I need expert advice on how to effectively and completely eliminate these hijackers from my computer. Please help!! My HijackThis Log is posted below.

    Logfile of HijackThis v1.97.7
    Scan saved at 9:44:55 PM, on 7/6/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\BellSouth\Connection Manager\CManager.exe
    C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
    C:\Documents and Settings\Marilyn\Desktop\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = (value not set)
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shorty - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\WINDOWS\win32app.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
    O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
    O4 - Global Startup: Clean Temp Files.lnk = C:\WINDOWS\deltemp.bat
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: PDFtypewriter (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - http://support.fastaccess.com/sdccommon/download/tgctlpw.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Express Viewer Control) - http://www.autodesk.com/global/expressviewer/installer/ExpressViewerSetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meeting.webex.com/client/latest/webex/ieatgpc.cab

    Thanks for your help in advance. dk
     
  2. dkuech

    dkuech Registered Member

    Joined:
    Jul 6, 2004
    Posts:
    2
    Can anyone help me eliminate the "bad" files from my system. The 3 browser hijackers that I haven't been able to eliminate seem to be associated with CoolWebSearch and include: esearch.cc, about:blank and msn. I ran CWShredder 15901 today and it said my system was "clean." I also ran Ad-aware 6.0 and HijackThis 1.97.7 today. The logs for both are included below. I would very much appreciate your recommendations on next steps for "sanitizing" my system and preventing further intrusions. [GLOW]Frustrated in Atlanta![/GLOW] :'(

    Logfile of HijackThis v1.97.7
    Scan saved at 6:37:36 PM, on 7/10/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\NORTON~1\navapw32.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\BroadJump\Client Foundation\CFD.exe
    C:\Program Files\Support.com\bin\tgcmd.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\BellSouth\Connection Manager\CManager.exe
    C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
    C:\Documents and Settings\Marilyn\Desktop\Tools\VIRUS CLEANING\HijackThis1977.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.yahoo.com\
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http:\\www.yahoo.com\
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.esearch.cc/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.esearch.cc/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = (value not set)
    R3 - Default URLSearchHook is missing
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shorty - {5C472352-90D0-4214-BF20-8E4A2B82F980} - C:\WINDOWS\win32app.dll
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {F19E3AB4-63D3-4CFC-9AD4-A081AC0A9454} - C:\WINDOWS\System32\mpfbeg.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
    O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
    O4 - Global Startup: Clean Temp Files.lnk = C:\WINDOWS\deltemp.bat
    O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: PDFtypewriter (HKLM)
    O9 - Extra button: Real.com (HKLM)
    O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
    O16 - DPF: {01118D00-3E00-11D2-8470-0060089874ED} (SupportSoft Password Reset Class) - http://support.fastaccess.com/sdccommon/download/tgctlpw.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
    O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Express Viewer Control) - http://www.autodesk.com/global/expressviewer/installer/ExpressViewerSetup.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://meeting.webex.com/client/latest/webex/ieatgpc.cab


    Lavasoft Ad-aware Plus Build 6.181
    Logfile created on :Saturday, July 10, 2004 6:15:17 PM
    Using reference-file :01R324 22.06.2004
    ______________________________________________________

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry


    7-10-2004 6:15:17 PM - Scan started. (Custom mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 7-10-2004 8:25:55 PM
    BasePriority : Normal


    #:2 [csrss.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 7-10-2004 8:25:57 PM
    BasePriority : Normal


    #:3 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 7-10-2004 8:25:57 PM
    BasePriority : High


    #:4 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-10-2004 8:25:58 PM
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 8/23/2001 12:00:00 PM
    Last accessed : 7/10/2004 9:56:15 PM
    Last modified : 8/23/2001 12:00:00 PM

    #:5 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-10-2004 8:25:58 PM
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 8/29/2002 7:41:26 AM
    Last accessed : 7/10/2004 9:56:14 PM
    Last modified : 8/29/2002 7:41:26 AM

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-10-2004 8:26:00 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/23/2001 12:00:00 PM
    Last accessed : 7/10/2004 9:56:15 PM
    Last modified : 8/23/2001 12:00:00 PM

    #:7 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 7-10-2004 8:26:00 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/23/2001 12:00:00 PM
    Last accessed : 7/10/2004 9:56:15 PM
    Last modified : 8/23/2001 12:00:00 PM

    #:8 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 7-10-2004 8:26:21 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/23/2001 12:00:00 PM
    Last accessed : 7/10/2004 9:56:15 PM
    Last modified : 8/23/2001 12:00:00 PM

    #:9 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 7-10-2004 8:26:21 PM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 8/23/2001 12:00:00 PM
    Last accessed : 7/10/2004 9:56:15 PM
    Last modified : 8/23/2001 12:00:00 PM

    #:10 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 7-10-2004 8:26:23 PM
    BasePriority : Normal
    FileSize : 980 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 8/29/2002 7:41:24 AM
    Last accessed : 7/10/2004 10:06:14 PM
    Last modified : 8/29/2002 7:41:24 AM

    #:11 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 7-10-2004 8:26:24 PM
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-114:cool:
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 8/23/2001 12:00:00 PM
    Last accessed : 7/10/2004 9:56:15 PM
    Last modified : 8/23/2001 12:00:00 PM

    #:12 [navapw32.exe]
    FilePath : C:\PROGRA~1\NORTON~1\
    ThreadCreationTime : 7-10-2004 8:26:25 PM
    BasePriority : Normal
    FileSize : 73 KB
    FileVersion : 8.07.17
    ProductVersion : 8.07.17
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Agent
    InternalName : NAVAPW32
    OriginalFilename : NAVAPW32.EXE
    ProductName : Norton AntiVirus
    Created on : 6/16/2003 2:13:54 AM
    Last accessed : 7/10/2004 9:26:20 PM
    Last modified : 2/27/2002 3:27:58 PM

    #:13 [hpztsb03.exe]
    FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
    ThreadCreationTime : 7-10-2004 8:26:25 PM
    BasePriority : Normal
    FileSize : 196 KB
    FileVersion : 2,38,0,0
    Copyright : Copyright (c) Hewlett-Packard Company 1999-2001
    CompanyName : HP
    ProductName : HP DeskJet
    Created on : 6/16/2003 10:14:09 PM
    Last accessed : 7/10/2004 9:26:21 PM
    Last modified : 6/12/2001 9:13:05 AM

    #:14 [realplay.exe]
    FilePath : C:\Program Files\Real\RealPlayer\
    ThreadCreationTime : 7-10-2004 8:26:25 PM
    BasePriority : Normal
    FileSize : 25 KB
    FileVersion : 6.0.9.584
    ProductVersion : 6.0.9.584
    Copyright : Copyright
    CompanyName : RealNetworks, Inc.
    FileDescription : RealPlayer
    InternalName : REALPLAY
    OriginalFilename : REALPLAY.EXE
    ProductName : RealPlayer (32-bit)
    Created on : 6/18/2003 11:33:11 PM
    Last accessed : 7/10/2004 9:32:50 PM
    Last modified : 6/18/2003 11:33:11 PM

    #:15 [cfd.exe]
    FilePath : C:\Program Files\BroadJump\Client Foundation\
    ThreadCreationTime : 7-10-2004 8:26:25 PM
    BasePriority : Normal
    FileSize : 360 KB
    Created on : 9/17/2003 3:19:16 AM
    Last accessed : 7/10/2004 9:26:20 PM
    Last modified : 9/11/2002 1:26:26 AM

    #:16 [tgcmd.exe]
    FilePath : C:\Program Files\Support.com\bin\
    ThreadCreationTime : 7-10-2004 8:26:25 PM
    BasePriority : Normal
    FileSize : 1508 KB
    FileVersion : 5,5,479,0
    ProductVersion : 5,5,479,0
    Copyright : Copyright 1997-2069 Support.com
    CompanyName : Support.com, Inc.
    FileDescription : Support.com Scheduler and Command Dispatcher
    InternalName : TGCMD
    OriginalFilename : TGCMD.EXE
    ProductName : Support.com Scheduler and Command Dispatcher
    Created on : 7/15/2002 5:48:32 PM
    Last accessed : 7/10/2004 9:26:20 PM
    Last modified : 7/15/2002 5:48:33 PM

    #:17 [qttask.exe]
    FilePath : C:\Program Files\QuickTime\
    ThreadCreationTime : 7-10-2004 8:26:26 PM
    BasePriority : Normal
    FileSize : 96 KB
    FileVersion : 6.5.1
    ProductVersion : QuickTime 6.5.1
    CompanyName : Apple Computer, Inc.
    InternalName : QuickTime Task
    OriginalFilename : QTTask.exe
    ProductName : QuickTime
    Created on : 11/19/2003 10:04:28 PM
    Last accessed : 7/10/2004 9:26:20 PM
    Last modified : 5/29/2004 3:51:23 PM

    #:18 [msmsgs.exe]
    FilePath : C:\Program Files\Messenger\
    ThreadCreationTime : 7-10-2004 8:26:26 PM
    BasePriority : Normal
    FileSize : 1476 KB
    FileVersion : 4.7.0041
    ProductVersion : Version 4.7
    Copyright : Copyright (c) Microsoft Corporation 1997-2001
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msmsgs
    OriginalFilename : msmsgs.exe
    ProductName : Messenger
    Created on : 6/16/2003 12:05:25 AM
    Last accessed : 7/10/2004 9:26:20 PM
    Last modified : 8/20/2002 7:08:38 PM

    #:19 [navapsvc.exe]
    FilePath : C:\Program Files\Norton AntiVirus\
    ThreadCreationTime : 7-10-2004 8:26:32 PM
    BasePriority : Normal
    FileSize : 113 KB
    FileVersion : 8.07.17
    ProductVersion : 8.07.17
    Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Service
    InternalName : NAVAPSVC
    OriginalFilename : NAVAPSVC.EXE
    ProductName : Norton AntiVirus
    Created on : 6/16/2003 2:13:54 AM
    Last accessed : 7/10/2004 9:55:44 PM
    Last modified : 2/27/2002 3:29:26 PM

    #:20 [cmanager.exe]
    FilePath : C:\Program Files\BellSouth\Connection Manager\
    ThreadCreationTime : 7-10-2004 8:26:34 PM
    BasePriority : Normal
    FileSize : 3976 KB
    Created on : 9/17/2003 3:31:55 AM
    Last accessed : 7/10/2004 9:25:55 PM
    Last modified : 11/19/2002 5:53:28 PM

    #:21 [ccd.exe]
    FilePath : C:\PROGRA~1\BROADJ~1\CORREC~1\
    ThreadCreationTime : 7-10-2004 8:27:15 PM
    BasePriority : Normal
    FileSize : 308 KB
    Created on : 9/17/2003 3:31:36 AM
    Last accessed : 7/10/2004 9:55:44 PM
    Last modified : 8/16/2002 12:18:04 AM

    #:22 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 7-10-2004 10:14:57 PM
    BasePriority : Normal
    FileSize : 671 KB
    FileVersion : 6.0.1.182
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 2/4/2004 1:00:32 AM
    Last accessed : 7/10/2004 10:14:57 PM
    Last modified : 7/13/2003 3:01:14 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\Main
    Value : Search Page
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\Main
    Value : Search Bar
    Data : "file://C:\WINDOWS\TEMP\sp.html"

    Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

    Possible Browser Hijack attempt Object recognized!
    Type : RegData
    Data : "file://C:\WINDOWS\TEMP\sp.html"
    Rootkey : HKEY_USERS
    Object : .Default\Software\Microsoft\Internet Explorer\Search
    Value : SearchAssistant
    Data : "file://C:\WINDOWS\TEMP\sp.html"


    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 3
    Objects found so far: 3


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Tracking Cookie Object recognized!
    Type : File
    Data : marilyn@advertising[1].txt
    Object : C:\Documents and Settings\Marilyn\Cookies\

    Created on : 7/10/2004 9:43:59 PM
    Last accessed : 7/10/2004 9:43:59 PM
    Last modified : 7/10/2004 9:43:59 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : marilyn@atdmt[1].txt
    Object : C:\Documents and Settings\Marilyn\Cookies\

    Created on : 7/10/2004 9:59:42 PM
    Last accessed : 7/10/2004 10:00:26 PM
    Last modified : 7/10/2004 10:00:26 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : marilyn@fastclick[1].txt
    Object : C:\Documents and Settings\Marilyn\Cookies\

    Created on : 7/10/2004 9:59:41 PM
    Last accessed : 7/10/2004 9:59:41 PM
    Last modified : 7/10/2004 9:59:41 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : marilyn@gator[1].txt
    Object : C:\Documents and Settings\Marilyn\Cookies\

    Created on : 7/10/2004 9:43:59 PM
    Last accessed : 7/10/2004 9:43:59 PM
    Last modified : 7/10/2004 9:43:59 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : marilyn@qksrv[1].txt
    Object : C:\Documents and Settings\Marilyn\Cookies\

    Created on : 7/10/2004 9:43:59 PM
    Last accessed : 7/10/2004 9:43:59 PM
    Last modified : 7/10/2004 9:43:59 PM



    Tracking Cookie Object recognized!
    Type : File
    Data : marilyn@servedby.advertising[1].txt
    Object : C:\Documents and Settings\Marilyn\Cookies\

    Created on : 7/10/2004 9:43:59 PM
    Last accessed : 7/10/2004 9:43:59 PM
    Last modified : 7/10/2004 9:43:59 PM



    DealHelper Object recognized!
    Type : File
    Data : a0000038.dll
    Object : C:\System Volume Information\_restore{F80B4496-A12B-4561-BDC2-71B6BB991823}\RP2\
    FileSize : 8 KB
    FileVersion : 254
    ProductVersion : 254
    Copyright : Copyright
    CompanyName : Tarma Software Research Pty Ltd
    FileDescription : Tarma Installer extension DLL
    InternalName : _SETUP
    OriginalFilename : _SETUP.DLL
    ProductName : Tarma Installer
    Created on : 5/15/2004 9:31:19 AM
    Last accessed : 7/10/2004 10:22:30 PM
    Last modified : 5/3/2004 8:21:23 PM



    CoolWebSearch Object recognized!
    Type : File
    Data : a0000100.dll
    Object : C:\System Volume Information\_restore{F80B4496-A12B-4561-BDC2-71B6BB991823}\RP4\
    FileSize : 30 KB
    Created on : 7/9/2004 9:42:14 AM
    Last accessed : 7/10/2004 10:22:32 PM
    Last modified : 7/9/2004 9:42:15 AM



    CoolWebSearch Object recognized!
    Type : File
    Data : a0000108.dll
    Object : C:\System Volume Information\_restore{F80B4496-A12B-4561-BDC2-71B6BB991823}\RP6\
    FileSize : 30 KB
    Created on : 7/9/2004 10:44:59 PM
    Last accessed : 7/10/2004 10:22:34 PM
    Last modified : 7/9/2004 10:44:59 PM



    Disk scan result for C:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 12


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    CoolWebSearch Object recognized!
    Type : RegValue
    Data :
    Rootkey : HKEY_CURRENT_USER
    Object : Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    Value : ITBarLayout


    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 1
    Objects found so far: 13


    6:28:26 PM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:13:07:793
    Objects scanned :87941
    Objects identified :13
    Objects ignored :0
    New objects :13
     
Thread Status:
Not open for further replies.