Ad-Aware SE Build 1.06r1 Logfile Created on:14 July 2005 21:47:45 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R54 14.07.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch(TAC index:10):10 total references Possible Browser Hijack attempt(TAC index:3):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 14/07/2005 21:47:45 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 464 ThreadCreationTime : 13/07/2005 16:17:53 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 520 ThreadCreationTime : 13/07/2005 16:17:59 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 544 ThreadCreationTime : 13/07/2005 16:18:00 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 588 ThreadCreationTime : 13/07/2005 16:18:01 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 600 ThreadCreationTime : 13/07/2005 16:18:01 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 748 ThreadCreationTime : 13/07/2005 16:18:02 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 808 ThreadCreationTime : 13/07/2005 16:18:02 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 848 ThreadCreationTime : 13/07/2005 16:18:02 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 968 ThreadCreationTime : 13/07/2005 16:18:03 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 996 ThreadCreationTime : 13/07/2005 16:18:03 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1100 ThreadCreationTime : 13/07/2005 16:18:04 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [nhksrv.exe] FilePath : C:\Program Files\Office keyboard utility\1.2\ ProcessID : 1212 ThreadCreationTime : 13/07/2005 16:18:04 BasePriority : Normal #:13 [ccsetmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1232 ThreadCreationTime : 13/07/2005 16:18:04 BasePriority : Normal FileVersion : 103.0.3.8 ProductVersion : 103.0.3.8 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:14 [sagent2.exe] FilePath : C:\Program Files\Common Files\EPSON\EBAPI\ ProcessID : 1268 ThreadCreationTime : 13/07/2005 16:18:05 BasePriority : Normal FileVersion : 2, 3, 0, 0 ProductVersion : 1, 0, 0, 0 ProductName : EPSON Bidirectional Printer CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Printer Status Agent InternalName : SAgent2 LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2000-2001 OriginalFilename : SAgent2.exe #:15 [ewidoctrl.exe] FilePath : C:\Program Files\ewido\security suite\ ProcessID : 1288 ThreadCreationTime : 13/07/2005 16:18:05 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : ewido control CompanyName : ewido networks FileDescription : ewido control InternalName : ewido control LegalCopyright : Copyright © 2004 OriginalFilename : ewidoctrl.exe #:16 [ewidoguard.exe] FilePath : C:\Program Files\ewido\security suite\ ProcessID : 1300 ThreadCreationTime : 13/07/2005 16:18:05 BasePriority : Normal FileVersion : 3, 0, 0, 1 ProductVersion : 3, 0, 0, 1 ProductName : guard CompanyName : ewido networks FileDescription : guard InternalName : guard LegalCopyright : Copyright © 2004 OriginalFilename : guard.exe #:17 [navapsvc.exe] FilePath : C:\Program Files\Norton AntiVirus\ ProcessID : 1356 ThreadCreationTime : 13/07/2005 16:18:05 BasePriority : Normal FileVersion : 11.0.2.4 ProductVersion : 11.0.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:18 [npfmntor.exe] FilePath : C:\Program Files\Norton AntiVirus\IWP\ ProcessID : 1424 ThreadCreationTime : 13/07/2005 16:18:05 BasePriority : Normal FileVersion : 11.0.2.4 ProductVersion : 11.0.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Firewall Install Monitor InternalName : NPFMonitor LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved. OriginalFilename : NPFMonitor.EXE #:19 [sndsrvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1560 ThreadCreationTime : 13/07/2005 16:18:07 BasePriority : Normal FileVersion : 5.4.3.11 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:20 [spbbcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\ ProcessID : 1616 ThreadCreationTime : 13/07/2005 16:18:08 BasePriority : Normal FileVersion : 1,0,1,47 ProductVersion : 1,0,1,47 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:21 [symlcsvc.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ ProcessID : 1648 ThreadCreationTime : 13/07/2005 16:18:08 BasePriority : Normal FileVersion : 1, 8, 54, 478 ProductVersion : 1, 8, 54, 478 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright (C) 2003 OriginalFilename : symlcsvc.exe #:22 [ccevtmgr.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 1688 ThreadCreationTime : 13/07/2005 16:18:08 BasePriority : Normal FileVersion : 103.0.3.8 ProductVersion : 103.0.3.8 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:23 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 276 ThreadCreationTime : 13/07/2005 16:18:24 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:24 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 924 ThreadCreationTime : 13/07/2005 16:18:29 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:25 [officekb.exe] FilePath : C:\Program Files\Office keyboard utility\1.2\ ProcessID : 2072 ThreadCreationTime : 13/07/2005 16:18:47 BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : OfficeKb Application FileDescription : OfficeKb MFC Application InternalName : OfficeKb LegalCopyright : Copyright (C) 2002 OriginalFilename : OfficeKb.EXE #:26 [mouse32a.exe] FilePath : C:\Program Files\Browser mouse\1.2\ ProcessID : 2080 ThreadCreationTime : 13/07/2005 16:18:51 BasePriority : Normal FileVersion : 3.0.1.0 ProductVersion : 3.0.0.0 LegalCopyright : Copyright 2001 by LEE,WEI-BIN. #:27 [prodsl.exe] FilePath : C:\Program Files\INTEL\DSLSetup\ ProcessID : 2108 ThreadCreationTime : 13/07/2005 16:18:55 BasePriority : Normal FileVersion : 3.00.02.34 ProductVersion : 1.8.0.0 (TIC 7109) ProductName : Intel(R) AnyPoint(R) Modem CompanyName : Intel Corporation FileDescription : Intel(R) AnyPoint(R) Connection Manager InternalName : ProDsl.exe LegalCopyright : Copyright (c) 2002 Intel Corp. All Rights Reserved. LegalTrademarks : Intel(R) OriginalFilename : ProDsl.exe Comments : Management application for DSL #:28 [mmkeyb.exe] FilePath : C:\Program Files\Office keyboard utility\1.2\ ProcessID : 2128 ThreadCreationTime : 13/07/2005 16:18:58 BasePriority : High FileVersion : 1.00 ProductVersion : 1.00 ProductName : Netropa Hot Key CompanyName : Netropa Corp. FileDescription : Netropa(tm) Hot Key InternalName : Netropa Hot Key LegalCopyright : Copyright © 2000 Netropa Corp. OriginalFilename : nhk.exe #:29 [jusched.exe] FilePath : C:\Program Files\Java\jre1.5.0_02\bin\ ProcessID : 2168 ThreadCreationTime : 13/07/2005 16:19:00 BasePriority : Normal #:30 [javaw.exe] FilePath : C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\ ProcessID : 2260 ThreadCreationTime : 13/07/2005 16:19:04 BasePriority : Normal #:31 [onetouch.exe] FilePath : C:\PROGRA~1\Maxtor\OneTouch\Utils\ ProcessID : 2284 ThreadCreationTime : 13/07/2005 16:19:05 BasePriority : Normal FileVersion : 3, 0, 0, 0 ProductVersion : 3, 0, 0, 0 ProductName : Maxtor OneTouch II CompanyName : Maxtor Corporation FileDescription : Maxtor OneTouch Detection InternalName : OneTouch LegalCopyright : Copyright © 2004 OriginalFilename : OneTouch.EXE #:32 [traymon.exe] FilePath : C:\Program Files\Office keyboard utility\1.2\ ProcessID : 2320 ThreadCreationTime : 13/07/2005 16:19:07 BasePriority : Normal #:33 [osd.exe] FilePath : C:\Program Files\Office keyboard utility\1.2\ ProcessID : 2396 ThreadCreationTime : 13/07/2005 16:19:14 BasePriority : Normal FileVersion : 2.02 ProductVersion : 2.02 ProductName : Onscreen Display CompanyName : Netropa Corp. FileDescription : Netropa(r) Onscreen Display InternalName : OSD LegalCopyright : Copyright © 1997-2001 Netropa Corp. OriginalFilename : osd.exe #:34 [ccapp.exe] FilePath : C:\Program Files\Common Files\Symantec Shared\ ProcessID : 2404 ThreadCreationTime : 13/07/2005 16:19:14 BasePriority : Normal FileVersion : 103.0.3.8 ProductVersion : 103.0.3.8 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:35 [mxoaldr.exe] FilePath : C:\WINDOWS\ ProcessID : 2516 ThreadCreationTime : 13/07/2005 16:19:22 BasePriority : Normal FileVersion : 6.01.1000.0 ProductVersion : 6.01.1000.0 ProductName : Cypress USB Mass Storage Adapter CompanyName : Cypress Semiconductor FileDescription : Cypress USB Mass Storage Driver Background Application InternalName : MXOBG.EXE LegalCopyright : Copyright (C) 1998-2003 Cypress Semiconductor OriginalFilename : MXOBG.EXE #:36 [retroexpress.exe] FilePath : C:\PROGRA~1\Dantz\RETROS~1\ ProcessID : 2716 ThreadCreationTime : 13/07/2005 16:19:47 BasePriority : Normal #:37 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2792 ThreadCreationTime : 13/07/2005 16:19:50 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:38 [msnmsgr.exe] FilePath : C:\Program Files\MSN Messenger\ ProcessID : 2840 ThreadCreationTime : 13/07/2005 16:19:53 BasePriority : Normal FileVersion : 7.0.0813 ProductVersion : 7.0.0813 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:39 [voipvoice integration.exe] FilePath : C:\Program Files\PDT\VoIPVoice Integrations\ ProcessID : 2872 ThreadCreationTime : 13/07/2005 16:19:59 BasePriority : Normal FileVersion : 1, 0, 6, 1 ProductVersion : 1, 0, 6, 1 ProductName : Skype VoIPVoice integration FileDescription : Skype VoIPVoice integration InternalName : SkypeClient LegalCopyright : (c) Copyright 2004 OriginalFilename : SkypeClient.exe #:40 [wcescomm.exe] FilePath : C:\Program Files\Microsoft ActiveSync\ ProcessID : 2920 ThreadCreationTime : 13/07/2005 16:20:02 BasePriority : Normal FileVersion : 3.7.1.4034 ProductVersion : 3.7.4034 ProductName : Microsoft ActiveSync CompanyName : Microsoft Corporation FileDescription : ActiveSync Connection Manager InternalName : wcescomm LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved. LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. OriginalFilename : WCESCOMM.EXE #:41 [skype.exe] FilePath : C:\Program Files\Skype\Phone\ ProcessID : 2968 ThreadCreationTime : 13/07/2005 16:20:12 BasePriority : Normal #:42 [lgsyncmanager.exe] FilePath : C:\Program Files\LG PC Suite\LG PC Sync\ ProcessID : 2984 ThreadCreationTime : 13/07/2005 16:20:14 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : LG SyncManager Application CompanyName : LG Electronics Inc. FileDescription : LG SyncManager InternalName : LGSyncManager LegalCopyright : Copyright (C) 2002 LG Electronics Inc. OriginalFilename : LGSyncManager.exe #:43 [wzqkpick.exe] FilePath : C:\Program Files\WinZip\ ProcessID : 3004 ThreadCreationTime : 13/07/2005 16:20:16 BasePriority : Normal FileVersion : 1.0 (32-bit) ProductVersion : 8.1 (4319) ProductName : WinZip CompanyName : WinZip Computing, Inc. FileDescription : WinZip Executable InternalName : WZQKPICK.EXE LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2001 - All Rights Reserved LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc OriginalFilename : WZQKPICK.EXE Comments : StringFileInfo: U.S. English #:44 [sgmain.exe] FilePath : C:\Program Files\SpywareGuard\ ProcessID : 3012 ThreadCreationTime : 13/07/2005 16:20:18 BasePriority : Normal FileVersion : 2.02.0001 ProductVersion : 2.02.0001 ProductName : SpywareGuard FileDescription : SpywareGuard InternalName : sgmain LegalCopyright : Copyright (C) 2002-2003 Javacool Software LLC OriginalFilename : sgmain.exe Comments : SpywareGuard #:45 [sgbhp.exe] FilePath : C:\Program Files\SpywareGuard\ ProcessID : 3048 ThreadCreationTime : 13/07/2005 16:20:36 BasePriority : Normal FileVersion : 2.02.0001 ProductVersion : 2.02.0001 ProductName : SG Browser Hijacking Protection FileDescription : SG Browser Hijacking Protection InternalName : sgbhp LegalCopyright : Copyright (C) 2002-2003 Javacool Software LLC. OriginalFilename : sgbhp.exe Comments : SG Browser Hijacking Protection #:46 [retrorun.exe] FilePath : C:\PROGRA~1\Dantz\RETROS~1\ ProcessID : 3716 ThreadCreationTime : 13/07/2005 16:23:00 BasePriority : Normal FileVersion : 1.0.196 ProductVersion : 1.0 ProductName : Retrospect CompanyName : Dantz Development Corporation FileDescription : Retrospect InternalName : LegalCopyright : Copyright Dantz 1989-2004 LegalTrademarks : Dantz® Retrospect® OriginalFilename : retrorun.exe #:47 [dllhost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1996 ThreadCreationTime : 13/07/2005 16:25:18 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : COM Surrogate InternalName : dllhost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : dllhost.exe #:48 [msdtc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 508 ThreadCreationTime : 13/07/2005 16:25:32 BasePriority : Normal FileVersion : 2001.12.4414.258 ProductVersion : 03.01.00.4414 ProductName : Microsoft Distributed Transaction Coordinator CompanyName : Microsoft Corporation FileDescription : MS DTC console program InternalName : MSDTC.EXE LegalCopyright : Copyright (C) Microsoft Corp. 1995-1998 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation #:49 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 376 ThreadCreationTime : 14/07/2005 07:13:15 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:50 [smc.exe] FilePath : C:\Program Files\Sygate\SPF\ ProcessID : 1952 ThreadCreationTime : 14/07/2005 07:16:34 BasePriority : Normal FileVersion : 5.5.00.2710 ProductVersion : 5.5.00.2710 ProductName : Sygate® Security Agent and Personal Firewall CompanyName : Sygate Technologies, Inc. FileDescription : Sygate Agent Firewall InternalName : Smc LegalCopyright : Copyright © 1999 - 2004 Sygate Technologies, Inc. All rights reserved. OriginalFilename : Smc.EXE #:51 [iexplore.exe] FilePath : C:\Program Files\Internet Explorer\ ProcessID : 964 ThreadCreationTime : 14/07/2005 07:31:55 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:52 [firefox.exe] FilePath : C:\PROGRA~1\MOZILL~1\ ProcessID : 3764 ThreadCreationTime : 14/07/2005 09:56:27 BasePriority : Normal #:53 [ntvdm.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 800 ThreadCreationTime : 14/07/2005 11:06:18 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : NTVDM.EXE InternalName : NTVDM.EXE LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : NTVDM.EXE #:54 [msmsgs.exe] FilePath : C:\Program Files\Messenger\ ProcessID : 4076 ThreadCreationTime : 14/07/2005 12:29:54 BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:55 [outlook.exe] FilePath : C:\PROGRA~1\MICROS~2\OFFICE11\ ProcessID : 2380 ThreadCreationTime : 14/07/2005 12:31:20 BasePriority : Normal #:56 [acrord32.exe] FilePath : C:\Program Files\Adobe\Acrobat 7.0\Reader\ ProcessID : 2944 ThreadCreationTime : 14/07/2005 13:18:32 BasePriority : Normal FileVersion : 7.0.1.2005030700 ProductVersion : 7.0.1.2005030700 ProductName : Adobe Reader CompanyName : Adobe Systems Incorporated FileDescription : Adobe Reader 7.0 LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved. OriginalFilename : AcroRd32.exe #:57 [ad-aware.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ProcessID : 2728 ThreadCreationTime : 14/07/2005 20:47:19 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:58 [hh.exe] FilePath : C:\WINDOWS\ ProcessID : 3848 ThreadCreationTime : 14/07/2005 20:47:24 BasePriority : Normal FileVersion : 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) ProductVersion : 5.2.3790.2453 ProductName : HTML Help CompanyName : Microsoft Corporation FileDescription : Microsoft® HTML Help Executable InternalName : HH 1.41 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : HH.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{67b783a0-0876-af58-6ca0-ff8f5e684815} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Possible Browser Hijack attempt Object Recognized! Type : File Data : Only sex website.url TAC Rating : 10 Category : Misc Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\Documents and Settings\rob\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Search the web.url TAC Rating : 10 Category : Misc Comment : Problematic URL discovered: http://www.lookfor.cc/ Object : C:\Documents and Settings\rob\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seven days of free porn.url TAC Rating : 10 Category : Misc Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\Documents and Settings\rob\Favorites\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{591f8490-4ba2-c35a-96ea-80cb51f233c5} CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows nt\currentversion\windows Value : run CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst CoolWebSearch Object Recognized! Type : RegData Data : no TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : no TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 9 Objects found so far: 13 22:35:43 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:47:57.878 Objects scanned:441003 Objects identified:13 Objects ignored:0 New critical objects:13