brrlong: HJT log
 

ok i have this stupid coolwebsearch on my computer and i have the reinstaller as well becuase i always do ad-aware and hijakcthis and this is what i get
Logfile of HijackThis v1.97.7
Scan saved at 12:57:06 PM, on 6/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\lvhidsvc.exe
C:\WINDOWS\ntor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-aware.exe
C:\Documents and Settings\Owner\My Documents\My Downloaded stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vpvgu.dll/sp.html#96676
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://vpvgu.dll/index.html#96676
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://vpvgu.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vpvgu.dll/sp.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://vpvgu.dll/index.html#96676
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vpvgu.dll/sp.html#96676
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D77F0B5D-2B41-5F4F-CBB5-B4B130E5CFAF} - C:\WINDOWS\d3ob.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ntor.exe] C:\WINDOWS\ntor.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\W
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\System32\dxdllreg.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKLM\..\RunOnce: [apilw.exe] C:\WINDOWS\system32\apilw.exe
O4 - HKLM\..\RunOnce: [mfcgf.exe] C:\WINDOWS\system32\mfcgf.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: MktBrowser (HKLM)
O9 - Extra 'Tools' menuitem: MarketBrowser (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ICQ 4.0 (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/19a15506aa49186...zip/RdxIE2.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/p...ix/install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab

ad-aware search
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Friday, June 25, 2004 12:56:41 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R324 22.06.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


6-25-2004 12:56:41 PM - Scan started. (Smart mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 6-24-2004 11:03:16 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 6-24-2004 11:03:19 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-24-2004 11:03:19 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 1/10/2002 6:16:11 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 8/29/2002 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-24-2004 11:03:19 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 1/10/2002 7:01:22 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 8/29/2002 12:00:00 PM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-24-2004 11:03:20 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 1/10/2002 6:16:26 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 8/29/2002 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-24-2004 11:03:20 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 1/10/2002 6:16:26 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 8/29/2002 12:00:00 PM

#:7 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-24-2004 11:03:22 PM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 8.09
ProductVersion : 8.09
Copyright : (C) 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 12/3/2002 5:41:35 PM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 12/3/2002 5:41:35 PM

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-24-2004 11:03:22 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 1/10/2002 6:16:23 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 8/29/2002 12:00:00 PM

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-24-2004 11:03:33 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 1/10/2002 7:01:04 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 8/29/2002 12:00:00 PM

#:10 [cdac11ba.exe]
FilePath : C:\WINDOWS\System32\drivers\
ThreadCreationTime : 6-24-2004 11:03:33 PM
BasePriority : Normal
FileSize : 39 KB
FileVersion : 4.11.050
ProductVersion : 4.11.050 Windows NT 2001/07/12
Copyright : Copyright (c) Macrovision 1993-2001
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
OriginalFilename : CDANTSRV.EXE
ProductName : SafeCast Windows NT
Created on : 5/19/2004 4:39:19 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 5/19/2004 4:39:19 AM

#:11 [defwatch.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ThreadCreationTime : 6-24-2004 11:03:33 PM
BasePriority : Normal
FileSize : 32 KB
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
Copyright : Copyright
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
OriginalFilename : DefWatch.exe
ProductName : Norton AntiVirus
Created on : 1/14/2003 11:03:10 PM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 1/14/2003 11:03:10 PM

#:12 [rtvscan.exe]
FilePath : C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ThreadCreationTime : 6-24-2004 11:03:33 PM
BasePriority : Normal
FileSize : 568 KB
FileVersion : 8.00.01.425
ProductVersion : 8.00.01.425
Copyright : Copyright (C) Symantec Corporation 1991-2002
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
ProductName : Symantec AntiVirus
Created on : 1/14/2003 11:05:20 PM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 1/14/2003 11:05:20 PM

#:13 [wweb32.exe]
FilePath : C:\Program Files\WordWeb\
ThreadCreationTime : 6-24-2004 11:03:36 PM
BasePriority : Normal
FileSize : 18 KB
FileVersion : 2.2.0.0
ProductVersion : 2.2.0.0
Copyright : Antony Lewis 2003
CompanyName : Antony Lewis
FileDescription : WordWeb thesaurus/dictionary
ProductName : WordWeb
Created on : 3/9/2004 1:03:50 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 4/28/2003 1:55:13 AM

#:14 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-24-2004 11:03:37 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 1/10/2002 6:16:26 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 8/29/2002 12:00:00 PM

#:15 [lvhidsvc.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 6-24-2004 11:07:07 PM
BasePriority : Normal
FileSize : 30 KB
FileVersion : 2.3.0.19 (ROBIN.20030607)
ProductVersion : 2.3.0.19
Copyright : Copyright (c) Animation Technologies. All rights reserved.
CompanyName : Animation Technologies Inc.
FileDescription : Lifeview (R) TV Remote HID Service
InternalName : LVHIDSVC.EXE
OriginalFilename : LVHIDSVC.EXE
ProductName : Lifeview (R) TV Card
Created on : 7/8/2003 7:55:50 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 7/8/2003 7:55:50 AM

#:16 [ntor.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 6-25-2004 12:18:00 AM
BasePriority : Normal
FileSize : 29 KB
Created on : 6/22/2004 1:44:48 AM
Last accessed : 6/25/2004 5:48:13 PM
Last modified : 6/22/2004 1:44:49 AM

#:17 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 6-25-2004 5:53:43 PM
BasePriority : Normal
FileSize : 4768 KB
FileVersion : 6.2.0133
ProductVersion : Version 6.2
Copyright : Copyright (c) Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 4/19/2004 3:45:08 AM
Last accessed : 6/25/2004 5:50:14 PM
Last modified : 4/19/2004 3:45:08 AM

#:18 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 6-25-2004 5:55:25 PM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 1/10/2002 7:01:15 AM
Last accessed : 6/25/2004 5:55:25 PM
Last modified : 8/29/2002 12:00:00 PM

#:19 [apilw.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 6-25-2004 5:55:27 PM
BasePriority : Normal
FileSize : 9 KB
Created on : 6/19/2004 12:30:17 AM
Last accessed : 6/25/2004 5:55:27 PM
Last modified : 6/19/2004 12:30:17 AM
Warning! CoolWebSearch object found in memory(C:\WINDOWS\system32\apilw.exe)

CoolWebSearch Object recognized!
Type : Process
Data : apilw.exe
Object : C:\WINDOWS\system32\
FileSize : 9 KB
Created on : 6/19/2004 12:30:17 AM
Last accessed : 6/25/2004 5:55:27 PM
Last modified : 6/19/2004 12:30:17 AM


"apilw.exe"Process terminated successfully.

#:20 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ThreadCreationTime : 6-25-2004 5:56:35 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 6/22/2004 11:45:50 PM
Last accessed : 6/25/2004 5:47:48 PM
Last modified : 7/13/2003 2:00:20 AM

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://vpvgu.dll/index.html#96676"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://vpvgu.dll/index.html#96676"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Page.dll/index.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://vpvgu.dll/index.html#96676"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://vpvgu.dll/index.html#96676"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URL.dll/index.html

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://vpvgu.dll/index.html#96676"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "res://vpvgu.dll/index.html#96676"


CoolWebSearch Object recognized!
Type : RegValue
Data : c:\windows\system32\apilw.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : apilw.exe


CoolWebSearch Object recognized!
Type : RegValue
Data : c:\windows\system32\mfcgf.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : mfcgf.exe


CoolWebSearch Object recognized!
Type : File
Data : mfcgf.exe
Object : c:\windows\system32\
FileSize : 9 KB
Created on : 6/23/2004 1:38:12 AM
Last accessed : 6/25/2004 5:56:32 PM
Last modified : 6/23/2004 1:38:12 AM



CoolWebSearch Object recognized!
Type : RegValue
Data : c:\windows\netgs32.exe
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\RunOnce
Value : netgs32.exe


CoolWebSearch Object recognized!
Type : File
Data : netgs32.exe
Object : c:\windows\
FileSize : 9 KB
Created on : 6/8/2004 5:35:15 PM
Last accessed : 6/25/2004 5:58:03 PM
Last modified : 6/8/2004 5:35:15 PM



Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 6
Objects found so far: 9


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : owner@atdmt[2].txt
Object : C:\Documents and Settings\Owner\Cookies\

Created on : 6/25/2004 5:55:43 PM
Last accessed : 6/25/2004 5:55:43 PM
Last modified : 6/25/2004 5:55:43 PM



Tracking Cookie Object recognized!
Type : File
Data : owner@centrport[1].txt
Object : C:\Documents and Settings\Owner\Cookies\

Created on : 6/25/2004 5:55:42 PM
Last accessed : 6/25/2004 5:55:42 PM
Last modified : 6/25/2004 5:55:42 PM



Tracking Cookie Object recognized!
Type : File
Data : owner@doubleclick[1].txt
Object : C:\Documents and Settings\Owner\Cookies\

Created on : 6/25/2004 5:53:51 PM
Last accessed : 6/25/2004 5:53:51 PM
Last modified : 6/25/2004 5:53:51 PM



Tracking Cookie Object recognized!
Type : File
Data : owner@edge.ru4[1].txt
Object : C:\Documents and Settings\Owner\Cookies\

Created on : 6/25/2004 5:52:54 PM
Last accessed : 6/25/2004 5:52:54 PM
Last modified : 6/25/2004 5:52:54 PM



Tracking Cookie Object recognized!
Type : File
Data : owner@servedby.advertising[1].txt
Object : C:\Documents and Settings\Owner\Cookies\

Created on : 6/25/2004 5:52:53 PM
Last accessed : 6/25/2004 5:52:53 PM
Last modified : 6/25/2004 5:52:53 PM



Tracking Cookie Object recognized!
Type : File
Data : owner@valueclick[1].txt
Object : C:\Documents and Settings\Owner\Cookies\

Created on : 6/25/2004 5:55:42 PM
Last accessed : 6/25/2004 5:55:43 PM
Last modified : 6/25/2004 5:55:43 PM


¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯


Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 15


12:59:24 PM Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:02:42:312
Objects scanned :49958
Objects identified :15
Objects ignored :0
New objects :15


that is my hijackthis thing... and my adaware finds all kinds of coolwebsearch stuff and i delete it and it comes right back... what do i do.. i get pop ups now all the time becuase of this and my homepage is changed.. and i cant talk on AIM becuase it has messed that up as well please anyone help ive tried searching on different things to find stuff and nothign helps .... thanks
Bryan

thank you thank you thank you to anyone who can help me and i dont have to redue my whole computer!!! :cry:

Re: someone please help! :-(
 

First try to see if you can't download CWShredder, available here:
http://www.spywareinfo.com/~merijn/downloads.html

Try that, and see if it doesn't fix the issue. Then, I suggest you rerun Adaware or Spybot after running CWShredder.

Re: brrlong: HJT log
 

Once you have done what alc6379 has suggested, please reboot & check to see if the hijack has returned. If it has, post another log as there is a manual fix for this particular hijack.