[sidewinder]

I've got several problems happening on my computer, that I assume are related:
- startup is extremely slow
- my homepage is set to about:blank and is a search page
- add windows popup based when I type in urls
- I get a message ballon on my taskbar about spyware and a fake Microsoft Help window wil appear if you click it
- I get a message window that says that my firewall is disabled and potential information is being sent from my machine
- my computer freezes every so often when I'm on the internet

Here is m Ad-Aware log. Thank you in advance for any help you can give me.


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 12:31:56 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):18 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Tracking Cookie(TAC index:3):7 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:75 %
Total physical memory:1047824 kb
Available physical memory:777888 kb
Total page file size:2521480 kb
Available on page file:2367360 kb
Total virtual memory:2097024 kb
Available virtual memory:2049588 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-10-2005 12:31:56 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 776
ThreadCreationTime : 5-10-2005 4:30:13 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 852
ThreadCreationTime : 5-10-2005 4:30:18 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 876
ThreadCreationTime : 5-10-2005 4:30:19 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 920
ThreadCreationTime : 5-10-2005 4:30:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 932
ThreadCreationTime : 5-10-2005 4:30:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1116
ThreadCreationTime : 5-10-2005 4:30:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1236
ThreadCreationTime : 5-10-2005 4:30:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1368
ThreadCreationTime : 5-10-2005 4:30:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1384
ThreadCreationTime : 5-10-2005 4:30:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1688
ThreadCreationTime : 5-10-2005 4:30:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1804
ThreadCreationTime : 5-10-2005 4:30:21 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 676
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\CTsvcCDA.exe
Command Line : C:\WINDOWS\System32\CTsvcCDA.exe
ProcessID : 688
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:14 [mnmsrvc.exe]
ModuleName : C:\WINDOWS\System32\mnmsrvc.exe
Command Line : C:\WINDOWS\System32\mnmsrvc.exe
ProcessID : 740
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 4.4.3400
ProductVersion : 3.01
ProductName : Windows® NetMeeting®
CompanyName : Microsoft Corporation
FileDescription : NetMeeting Remote Desktop Sharing
InternalName : mnmsrvc
LegalCopyright : Copyright © Microsoft Corporation 1996-2001
LegalTrademarks : Microsoft® , Windows® and NetMeeting® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : mnmsrvc.dll

#:15 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 540
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 6.13.10.2942
ProductVersion : 6.13.10.2942
ProductName : NVIDIA Driver Helper Service, Version 29.42
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 29.42
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 148
ProcessID : 796
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:17 [teks_service.exe]
ModuleName : C:\Program Files\AlienAutopsy\TEKS_Service.exe
Command Line : "C:\Program Files\AlienAutopsy\TEKS_Service.exe"
ProcessID : 808
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : High
FileVersion : 3.22.31.0
ProductVersion : 3.22.53.0
ProductName : DynTek ProductivIT
CompanyName : DynTek, Inc.
FileDescription : DynTek ProductivIT Service
InternalName : pitservice
LegalCopyright : © 2000-2002 DynTek, Inc.
OriginalFilename : TEKS_Service.exe

#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 856
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:19 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1204
ThreadCreationTime : 5-10-2005 4:31:29 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:20 [ntyb32.exe]
ModuleName : C:\WINDOWS\ntyb32.exe
Command Line : "C:\WINDOWS\ntyb32.exe" /r
ProcessID : 2000
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : ntyb32.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\


Warning! VX2 Object found in memory(C:\WINDOWS\ntyb32.exe)

"C:\WINDOWS\ntyb32.exe"Process terminated successfully
"C:\WINDOWS\ntyb32.exe"Process terminated successfully

#:21 [test_bs.exe]
ModuleName : C:\Program Files\AlienAutopsy\Test_BS.exe
Command Line : "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
ProcessID : 200
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : High


#:22 [cthelper.exe]
ModuleName : C:\WINDOWS\System32\CTHELPER.EXE
Command Line : "C:\WINDOWS\System32\CTHELPER.EXE"
ProcessID : 208
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : cthelper
CompanyName : Creative Technology Ltd
FileDescription : cthelper
InternalName : cthelper
LegalCopyright : Copyright © 2002
OriginalFilename : cthelper.exe

#:23 [point32.exe]
ModuleName : C:\Program Files\Microsoft Hardware\Mouse\point32.exe
Command Line : "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
ProcessID : 228
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal


#:24 [directcd.exe]
ModuleName : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Command Line : "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 236
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 5.1.1.210
ProductVersion : 5.1.1.210
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001-2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1772
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:26 [ntad.exe]
ModuleName : C:\WINDOWS\system32\ntad.exe
Command Line : "C:\WINDOWS\system32\ntad.exe"
ProcessID : 336
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal


#:27 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 304
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:28 [rcman.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe"
ProcessID : 1728
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 1.40.14
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : Remote Control Manager
InternalName : RcMan
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : RcMan.EXE

#:29 [getright.exe]
ModuleName : C:\Program Files\GetRight\getright.exe
Command Line : "C:\Program Files\GetRight\getright.exe"
ProcessID : 392
ThreadCreationTime : 5-10-2005 4:31:38 AM
BasePriority : Normal
FileVersion : 4.5e
ProductVersion : 4.5e
ProductName : GetRight
CompanyName : Headlight Software, Inc.
FileDescription : GetRight® www.getright.com
InternalName : GETRIGHT
LegalCopyright : Copyright © 2002 Headlight Software, Inc.
LegalTrademarks : GetRight is a registered trademark of Headlight Software
OriginalFilename : GETRIGHT.EXE
Comments : GetRight® was designed and developed by Michael J Burford.

#:30 [nkvmon.exe]
ModuleName : C:\Program Files\Nikon\NkView6\NkvMon.exe
Command Line : "C:\Program Files\Nikon\NkView6\NkvMon.exe"
ProcessID : 404
ThreadCreationTime : 5-10-2005 4:31:38 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 3000
ProductVersion : 6, 0
ProductName : Nikon Monitor
CompanyName : Nikon Corporation
FileDescription : Nikon Monitor
InternalName : NkvMon
LegalCopyright : Copyright © Nikon Corporation. 1998 - 2003
OriginalFilename : NkvMon.exe
Comments : Nikon Monitor

#:31 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 552
ThreadCreationTime : 5-10-2005 4:31:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [ymsgr_tray.exe]
ModuleName : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
Command Line : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe -ymsgr
ProcessID : 2076
ThreadCreationTime : 5-10-2005 4:31:43 AM
BasePriority : Normal


#:33 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2228
ThreadCreationTime : 5-10-2005 4:31:47 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:34 [eax.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe"
ProcessID : 2244
ThreadCreationTime : 5-10-2005 4:31:47 AM
BasePriority : Normal
FileVersion : 1.40.11
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd
FileDescription : EA Module Loader
InternalName : EAX
LegalCopyright : Copyright © 2000 Creative Technology Ltd.
OriginalFilename : EAX.EXE

#:35 [vrc.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe"
ProcessID : 2272
ThreadCreationTime : 5-10-2005 4:31:48 AM
BasePriority : Normal
FileVersion : 1.40.11
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : DesktopRC
InternalName : DesktopRC
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : DesktopRC.EXE

#:36 [rcenter.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe"
ProcessID : 2280
ThreadCreationTime : 5-10-2005 4:31:48 AM
BasePriority : Normal
FileVersion : 1.40.12
ProductVersion : 1.40.00
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : RCenter Application
InternalName : RCenter
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : RCenter.EXE

#:37 [mediadet.exe]
ModuleName : C:\Program Files\Creative\ShareDLL\MediaDet.exe
Command Line : "C:\Program Files\Creative\ShareDLL\MediaDet.exe" -Embedding
ProcessID : 2292
ThreadCreationTime : 5-10-2005 4:31:49 AM
BasePriority : Normal
FileVersion : 2.00.06.0
ProductVersion : 2.00
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : MediaDet
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : MediaDet.exe
Comments : Local Server

#:38 [osdmenu.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE"
ProcessID : 2328
ThreadCreationTime : 5-10-2005 4:31:52 AM
BasePriority : Normal
FileVersion : 1.40.10
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : On Screen Display Menu
InternalName : OSDMenu
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : OSDMenu.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 5-7-2005 5:17:50 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-8-2005 6:00:36 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 8-19-2008 1:35:18 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@sextracker[2].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:[email protected]/
Expires : 5-9-2005 1:00:36 AM
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-9-2005 11:59:48 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-7-2010 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-8-2008 12:00:36 AM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : dddcc.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered: http://www.onlysex.ws/
Object : C:\Documents and Settings\Owner\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : C:\Documents and Settings\Owner\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\Documents and Settings\Owner\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {0E0ABE69-7345-8741-938E-5DCCA13C4284}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 30

12:39:57 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:00.985
Objects scanned:173759
Objects identified:30
Objects ignored:0
New critical objects:30

Edited by sidewinder, 09 May 2005 - 10:44 PM.

[Advertisements]

Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R43 06.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please firstly only remove Coolwebsearch

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy

[sidewinder]

Thank you for the help. I followed your instructions. Here's my new log. I notice that some CoolWeb stuff is still showing up on the log. Thank you again for looking.

--

Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 10:19:55 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):17 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Tracking Cookie(TAC index:3):5 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:72 %
Total physical memory:1047824 kb
Available physical memory:751924 kb
Total page file size:2521480 kb
Available on page file:2347740 kb
Total virtual memory:2097024 kb
Available virtual memory:2045124 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-10-2005 10:19:55 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 752
ThreadCreationTime : 5-11-2005 2:17:02 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 824
ThreadCreationTime : 5-11-2005 2:17:07 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 848
ThreadCreationTime : 5-11-2005 2:17:08 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 892
ThreadCreationTime : 5-11-2005 2:17:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 904
ThreadCreationTime : 5-11-2005 2:17:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1088
ThreadCreationTime : 5-11-2005 2:17:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1208
ThreadCreationTime : 5-11-2005 2:17:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1344
ThreadCreationTime : 5-11-2005 2:17:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1356
ThreadCreationTime : 5-11-2005 2:17:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1652
ThreadCreationTime : 5-11-2005 2:17:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1764
ThreadCreationTime : 5-11-2005 2:17:10 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 584
ThreadCreationTime : 5-11-2005 2:18:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\CTsvcCDA.exe
Command Line : C:\WINDOWS\System32\CTsvcCDA.exe
ProcessID : 596
ThreadCreationTime : 5-11-2005 2:18:17 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:14 [mnmsrvc.exe]
ModuleName : C:\WINDOWS\System32\mnmsrvc.exe
Command Line : C:\WINDOWS\System32\mnmsrvc.exe
ProcessID : 640
ThreadCreationTime : 5-11-2005 2:18:17 AM
BasePriority : Normal
FileVersion : 4.4.3400
ProductVersion : 3.01
ProductName : Windows® NetMeeting®
CompanyName : Microsoft Corporation
FileDescription : NetMeeting Remote Desktop Sharing
InternalName : mnmsrvc
LegalCopyright : Copyright © Microsoft Corporation 1996-2001
LegalTrademarks : Microsoft® , Windows® and NetMeeting® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : mnmsrvc.dll

#:15 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 664
ThreadCreationTime : 5-11-2005 2:18:17 AM
BasePriority : Normal
FileVersion : 6.13.10.2942
ProductVersion : 6.13.10.2942
ProductName : NVIDIA Driver Helper Service, Version 29.42
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 29.42
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:16 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 148
ProcessID : 672
ThreadCreationTime : 5-11-2005 2:18:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:17 [teks_service.exe]
ModuleName : C:\Program Files\AlienAutopsy\TEKS_Service.exe
Command Line : "C:\Program Files\AlienAutopsy\TEKS_Service.exe"
ProcessID : 704
ThreadCreationTime : 5-11-2005 2:18:17 AM
BasePriority : High
FileVersion : 3.22.31.0
ProductVersion : 3.22.53.0
ProductName : DynTek ProductivIT
CompanyName : DynTek, Inc.
FileDescription : DynTek ProductivIT Service
InternalName : pitservice
LegalCopyright : © 2000-2002 DynTek, Inc.
OriginalFilename : TEKS_Service.exe

#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 768
ThreadCreationTime : 5-11-2005 2:18:17 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:19 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1112
ThreadCreationTime : 5-11-2005 2:18:17 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:20 [ntyb32.exe]
ModuleName : C:\WINDOWS\ntyb32.exe
Command Line : "C:\WINDOWS\ntyb32.exe" /r
ProcessID : 1948
ThreadCreationTime : 5-11-2005 2:18:25 AM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : ntyb32.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\


Warning! VX2 Object found in memory(C:\WINDOWS\ntyb32.exe)

"C:\WINDOWS\ntyb32.exe"Process terminated successfully
"C:\WINDOWS\ntyb32.exe"Process terminated successfully

#:21 [test_bs.exe]
ModuleName : C:\Program Files\AlienAutopsy\Test_BS.exe
Command Line : "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
ProcessID : 2028
ThreadCreationTime : 5-11-2005 2:18:25 AM
BasePriority : High


#:22 [cthelper.exe]
ModuleName : C:\WINDOWS\System32\CTHELPER.EXE
Command Line : "C:\WINDOWS\System32\CTHELPER.EXE"
ProcessID : 2036
ThreadCreationTime : 5-11-2005 2:18:25 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : cthelper
CompanyName : Creative Technology Ltd
FileDescription : cthelper
InternalName : cthelper
LegalCopyright : Copyright © 2002
OriginalFilename : cthelper.exe

#:23 [point32.exe]
ModuleName : C:\Program Files\Microsoft Hardware\Mouse\point32.exe
Command Line : "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
ProcessID : 168
ThreadCreationTime : 5-11-2005 2:18:26 AM
BasePriority : Normal


#:24 [directcd.exe]
ModuleName : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Command Line : "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 176
ThreadCreationTime : 5-11-2005 2:18:26 AM
BasePriority : Normal
FileVersion : 5.1.1.210
ProductVersion : 5.1.1.210
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001-2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 192
ThreadCreationTime : 5-11-2005 2:18:26 AM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:26 [ntad.exe]
ModuleName : C:\WINDOWS\system32\ntad.exe
Command Line : "C:\WINDOWS\system32\ntad.exe"
ProcessID : 1732
ThreadCreationTime : 5-11-2005 2:18:26 AM
BasePriority : Normal


#:27 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1568
ThreadCreationTime : 5-11-2005 2:18:26 AM
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:28 [rcman.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe"
ProcessID : 1780
ThreadCreationTime : 5-11-2005 2:18:26 AM
BasePriority : Normal
FileVersion : 1.40.14
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : Remote Control Manager
InternalName : RcMan
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : RcMan.EXE

#:29 [getright.exe]
ModuleName : C:\Program Files\GetRight\getright.exe
Command Line : "C:\Program Files\GetRight\getright.exe"
ProcessID : 232
ThreadCreationTime : 5-11-2005 2:18:26 AM
BasePriority : Normal
FileVersion : 4.5e
ProductVersion : 4.5e
ProductName : GetRight
CompanyName : Headlight Software, Inc.
FileDescription : GetRight® www.getright.com
InternalName : GETRIGHT
LegalCopyright : Copyright © 2002 Headlight Software, Inc.
LegalTrademarks : GetRight is a registered trademark of Headlight Software
OriginalFilename : GETRIGHT.EXE
Comments : GetRight® was designed and developed by Michael J Burford.

#:30 [nkvmon.exe]
ModuleName : C:\Program Files\Nikon\NkView6\NkvMon.exe
Command Line : "C:\Program Files\Nikon\NkView6\NkvMon.exe"
ProcessID : 320
ThreadCreationTime : 5-11-2005 2:18:26 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 3000
ProductVersion : 6, 0
ProductName : Nikon Monitor
CompanyName : Nikon Corporation
FileDescription : Nikon Monitor
InternalName : NkvMon
LegalCopyright : Copyright © Nikon Corporation. 1998 - 2003
OriginalFilename : NkvMon.exe
Comments : Nikon Monitor

#:31 [cteaxspl.exe]
ModuleName : C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE
Command Line : "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
ProcessID : 344
ThreadCreationTime : 5-11-2005 2:18:27 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 1, 1, 0, 1
ProductName : CTEaxSpl
CompanyName : Creative Technology Ltd.
FileDescription : Startup Splash
InternalName : CTEaxSpl
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : CTEaxSpl.EXE
Comments : Startup Splash

#:32 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1328
ThreadCreationTime : 5-11-2005 2:18:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:33 [ymsgr_tray.exe]
ModuleName : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
Command Line : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe -ymsgr
ProcessID : 2064
ThreadCreationTime : 5-11-2005 2:18:32 AM
BasePriority : Normal


#:34 [eax.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe"
ProcessID : 2208
ThreadCreationTime : 5-11-2005 2:18:36 AM
BasePriority : Normal
FileVersion : 1.40.11
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd
FileDescription : EA Module Loader
InternalName : EAX
LegalCopyright : Copyright © 2000 Creative Technology Ltd.
OriginalFilename : EAX.EXE

#:35 [vrc.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe"
ProcessID : 2236
ThreadCreationTime : 5-11-2005 2:18:43 AM
BasePriority : Normal
FileVersion : 1.40.11
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : DesktopRC
InternalName : DesktopRC
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : DesktopRC.EXE

#:36 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2248
ThreadCreationTime : 5-11-2005 2:18:44 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:37 [rcenter.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe"
ProcessID : 2260
ThreadCreationTime : 5-11-2005 2:18:45 AM
BasePriority : Normal
FileVersion : 1.40.12
ProductVersion : 1.40.00
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : RCenter Application
InternalName : RCenter
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : RCenter.EXE

#:38 [mediadet.exe]
ModuleName : C:\Program Files\Creative\ShareDLL\MediaDet.exe
Command Line : "C:\Program Files\Creative\ShareDLL\MediaDet.exe" -Embedding
ProcessID : 2272
ThreadCreationTime : 5-11-2005 2:18:46 AM
BasePriority : Normal
FileVersion : 2.00.06.0
ProductVersion : 2.00
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : MediaDet
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : MediaDet.exe
Comments : Local Server

#:39 [osdmenu.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE"
ProcessID : 2324
ThreadCreationTime : 5-11-2005 2:18:52 AM
BasePriority : Normal
FileVersion : 1.40.10
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : On Screen Display Menu
InternalName : OSDMenu
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : OSDMenu.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\[email protected][2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@sextracker[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@sextracker[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 6



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : rcdji.dat
Category : Malware
Comment :
Object : C:\WINDOWS\system32\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered: http://www.onlysex.ws/
Object : C:\Documents and Settings\Owner\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : C:\Documents and Settings\Owner\Favorites\



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\Documents and Settings\Owner\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {0E0ABE69-7345-8741-938E-5DCCA13C4284}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 27

10:32:31 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:35.641
Objects scanned:165899
Objects identified:27
Objects ignored:0
New critical objects:27

[sidewinder]

I went back and followed your instructions again. The same result, CWS reappears after I reboot from Safemode. I used CCleaner to clean out all of my temporary files, as well as I manually went to each directory to make sure that nothing was present before running Ad-Aware.

I've deleted CWS through Ad-Aware in both SafeMode and in regular mode. Afterwards, I've ran a Ad-Aware search and it's gone. As soon as I reboot the machine, it's back again.

In desperation, I had Ad-Aware delete all critical items that it found and then rebooted. After another Ad-Aware scan, it was back again.

Here's my latest scan.

---------
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 11:28:09 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):17 total references
VX2(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:77 %
Total physical memory:1047824 kb
Available physical memory:805772 kb
Total page file size:2521480 kb
Available on page file:2397352 kb
Total virtual memory:2097024 kb
Available virtual memory:2049588 kb
OS:Microsoft Windows XP Professional (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


5-11-2005 11:28:09 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 772
ThreadCreationTime : 5-12-2005 3:27:16 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 848
ThreadCreationTime : 5-12-2005 3:27:22 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 872
ThreadCreationTime : 5-12-2005 3:27:22 AM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 916
ThreadCreationTime : 5-12-2005 3:27:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 928
ThreadCreationTime : 5-12-2005 3:27:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1112
ThreadCreationTime : 5-12-2005 3:27:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1232
ThreadCreationTime : 5-12-2005 3:27:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1308
ThreadCreationTime : 5-12-2005 3:27:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1328
ThreadCreationTime : 5-12-2005 3:27:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1668
ThreadCreationTime : 5-12-2005 3:27:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1744
ThreadCreationTime : 5-12-2005 3:27:24 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [test_bs.exe]
ModuleName : C:\Program Files\AlienAutopsy\Test_BS.exe
Command Line : "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
ProcessID : 424
ThreadCreationTime : 5-12-2005 3:27:44 AM
BasePriority : High


#:13 [cthelper.exe]
ModuleName : C:\WINDOWS\System32\CTHELPER.EXE
Command Line : "C:\WINDOWS\System32\CTHELPER.EXE"
ProcessID : 432
ThreadCreationTime : 5-12-2005 3:27:44 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : cthelper
CompanyName : Creative Technology Ltd
FileDescription : cthelper
InternalName : cthelper
LegalCopyright : Copyright © 2002
OriginalFilename : cthelper.exe

#:14 [point32.exe]
ModuleName : C:\Program Files\Microsoft Hardware\Mouse\point32.exe
Command Line : "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
ProcessID : 468
ThreadCreationTime : 5-12-2005 3:27:44 AM
BasePriority : Normal


#:15 [directcd.exe]
ModuleName : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Command Line : "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 480
ThreadCreationTime : 5-12-2005 3:27:44 AM
BasePriority : Normal
FileVersion : 5.1.1.210
ProductVersion : 5.1.1.210
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001-2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:16 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 496
ThreadCreationTime : 5-12-2005 3:27:44 AM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:17 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 556
ThreadCreationTime : 5-12-2005 3:27:45 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:18 [ntad.exe]
ModuleName : C:\WINDOWS\system32\ntad.exe
Command Line : "C:\WINDOWS\system32\ntad.exe"
ProcessID : 576
ThreadCreationTime : 5-12-2005 3:27:45 AM
BasePriority : Normal


#:19 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 588
ThreadCreationTime : 5-12-2005 3:27:45 AM
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:20 [rcman.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe"
ProcessID : 636
ThreadCreationTime : 5-12-2005 3:27:45 AM
BasePriority : Normal
FileVersion : 1.40.14
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : Remote Control Manager
InternalName : RcMan
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : RcMan.EXE

#:21 [d3tz32.exe]
ModuleName : C:\WINDOWS\system32\d3tz32.exe
Command Line : C:\WINDOWS\system32\d3tz32.exe
ProcessID : 684
ThreadCreationTime : 5-12-2005 3:27:46 AM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : d3tz32.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\


Warning! VX2 Object found in memory(C:\WINDOWS\system32\d3tz32.exe)

"C:\WINDOWS\system32\d3tz32.exe"Process terminated successfully
"C:\WINDOWS\system32\d3tz32.exe"Process terminated successfully

#:22 [getright.exe]
ModuleName : C:\Program Files\GetRight\getright.exe
Command Line : "C:\Program Files\GetRight\getright.exe"
ProcessID : 696
ThreadCreationTime : 5-12-2005 3:27:46 AM
BasePriority : Normal
FileVersion : 4.5e
ProductVersion : 4.5e
ProductName : GetRight
CompanyName : Headlight Software, Inc.
FileDescription : GetRight® www.getright.com
InternalName : GETRIGHT
LegalCopyright : Copyright © 2002 Headlight Software, Inc.
LegalTrademarks : GetRight is a registered trademark of Headlight Software
OriginalFilename : GETRIGHT.EXE
Comments : GetRight® was designed and developed by Michael J Burford.

#:23 [nkvmon.exe]
ModuleName : C:\Program Files\Nikon\NkView6\NkvMon.exe
Command Line : "C:\Program Files\Nikon\NkView6\NkvMon.exe"
ProcessID : 704
ThreadCreationTime : 5-12-2005 3:27:46 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 3000
ProductVersion : 6, 0
ProductName : Nikon Monitor
CompanyName : Nikon Corporation
FileDescription : Nikon Monitor
InternalName : NkvMon
LegalCopyright : Copyright © Nikon Corporation. 1998 - 2003
OriginalFilename : NkvMon.exe
Comments : Nikon Monitor

#:24 [ymsgr_tray.exe]
ModuleName : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
Command Line : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe -ymsgr
ProcessID : 1052
ThreadCreationTime : 5-12-2005 3:27:49 AM
BasePriority : Normal


#:25 [neter.exe]
ModuleName : C:\WINDOWS\neter.exe
Command Line : C:\WINDOWS\neter.exe
ProcessID : 1200
ThreadCreationTime : 5-12-2005 3:27:50 AM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : neter.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\


Warning! VX2 Object found in memory(C:\WINDOWS\neter.exe)

"C:\WINDOWS\neter.exe"Process terminated successfully
"C:\WINDOWS\neter.exe"Process terminated successfully

#:26 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1452
ThreadCreationTime : 5-12-2005 3:28:00 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : ckwne.txt
Category : Malware
Comment :
Object : C:\WINDOWS\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {0E0ABE69-7345-8741-938E-5DCCA13C4284}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 20

11:35:41 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:32.249
Objects scanned:165245
Objects identified:20
Objects ignored:0
New critical objects:20

[sidewinder]

Sorry I haven't replied sooner, I didn't get a notification of a response for some reason.

Here's a recap of the issues I'm currently having:
- startup is extremely slow (at least four times what it was before infection)
- on startup, an IE window is launched (it was opening a dialup connection box, but now it doesn't seem to)
- my homepage is changed to an about:blank. Try as I may, I can't change it. It was opening to a search page, but after running several SpyWare Seeking programs, it's now just a blank page
- my computer performance overall seems to be slower
- usually have I've been connected to the web for a few minutes and have several browser windows open, my entire computer "freezes" and requires me to hit the reset button
- I keep getting a fage popup balloon from the task bar saying that I may have SpyWare on my system. There is also an icon there that looks like a shield with an X in it
- I get a message panel that comes up occasionally telling me that my firewall may not be configured correctly.


Here's my current HackThis log. Thank you in advance for any help you can give me:

Logfile of HijackThis v1.99.1
Scan saved at 3:33:54 PM, on 5/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AlienAutopsy\TEKS_Service.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\ntyp32.exe
C:\Program Files\AlienAutopsy\Test_BS.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\ipwd32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe
C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe
C:\Program Files\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe
C:\Program Files\Creative\ShareDLL\MediaDet.exe
C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE
C:\Documents and Settings\Owner\Desktop\New Folder (3)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gfctx.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfctx.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\gfctx.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\gfctx.dll/sp.html#55135
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\gfctx.dll/sp.html#55135
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gfctx.dll/sp.html#55135
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\gfctx.dll/sp.html#55135
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\wbiz3txj.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0E0ABE69-7345-8741-938E-5DCCA13C4284} - C:\WINDOWS\system32\d3zr32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AlienAutopsy] "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ipwd32.exe] C:\WINDOWS\ipwd32.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKLM\..\RunOnce: [ntyp32.exe] C:\WINDOWS\ntyp32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Liatro SWF Decoder Catch - C:\Program Files\Liatro\Liatro SWF Decoder 4.5\swfcatch.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atlua.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Ipswitch WS_FTP Queue (ftpqueue) - Ipswitch, Inc., 81 Hartwell Ave, Lexington MA 02421 - C:\Program Files\WS_FTP\ftpsched.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProductivIT Service (ProductivITService) - DynTek, Inc. - C:\Program Files\AlienAutopsy\TEKS_Service.exe