Ad-Aware SE Build 1.06r1 Logfile Created on:15 July 2005 19:55:02 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R53 07.07.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch(TAC index:10):23 total references MRU List(TAC index:0):10 total references Possible Browser Hijack attempt(TAC index:3):3 total references Tracking Cookie(TAC index:3):8 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 15-07-2005 19:55:02 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Srikrishna Korvi\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Srikrishna Korvi\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-44260347-2038924245-796930554-1005\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-44260347-2038924245-796930554-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-44260347-2038924245-796930554-1005\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-44260347-2038924245-796930554-1005\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-44260347-2038924245-796930554-1005\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 424 ThreadCreationTime : 15-07-2005 14:39:21 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 484 ThreadCreationTime : 15-07-2005 14:39:23 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 508 ThreadCreationTime : 15-07-2005 14:39:24 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 552 ThreadCreationTime : 15-07-2005 14:39:24 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 572 ThreadCreationTime : 15-07-2005 14:39:24 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 720 ThreadCreationTime : 15-07-2005 14:39:25 BasePriority : Normal FileVersion : 6.14.10.4111 ProductVersion : 6.14.10.4111 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 732 ThreadCreationTime : 15-07-2005 14:39:25 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 792 ThreadCreationTime : 15-07-2005 14:39:25 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 856 ThreadCreationTime : 15-07-2005 14:39:25 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 908 ThreadCreationTime : 15-07-2005 14:39:25 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1012 ThreadCreationTime : 15-07-2005 14:39:26 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1184 ThreadCreationTime : 15-07-2005 14:39:27 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1484 ThreadCreationTime : 15-07-2005 14:39:30 BasePriority : Normal FileVersion : 6.14.10.4111 ProductVersion : 6.14.10.4111 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:14 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1552 ThreadCreationTime : 15-07-2005 14:39:30 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:15 [msssrv.exe] FilePath : c:\progra~1\mcafee\MCAFEE~1\ ProcessID : 1728 ThreadCreationTime : 15-07-2005 14:39:37 BasePriority : Normal FileVersion : 1.10.158.0 ProductVersion : 1.10.158.0 ProductName : McAfee AntiSpyware CompanyName : McAfee, Inc. FileDescription : McAfee AntiSpyware RealTime Service InternalName : MssSrv.exe LegalCopyright : Copyright (c) 2005 McAfee, Inc. All Rights Reserved. OriginalFilename : MssSrv.exe #:16 [mcvsrte.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 1756 ThreadCreationTime : 15-07-2005 14:39:37 BasePriority : Normal FileVersion : 9, 1, 0, 8 ProductVersion : 9, 1, 0, 0 ProductName : McAfee VirusScan CompanyName : McAfee, Inc FileDescription : McAfee VirusScan Real-time Engine InternalName : mcvsrte LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved. OriginalFilename : mcvsrte.exe Comments : McAfee VirusScan Real-time Engine #:17 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1908 ThreadCreationTime : 15-07-2005 14:39:41 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:18 [mcshield.exe] FilePath : c:\PROGRA~1\mcafee.com\vso\ ProcessID : 124 ThreadCreationTime : 15-07-2005 14:39:44 BasePriority : High #:19 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 828 ThreadCreationTime : 15-07-2005 14:39:48 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:20 [mhotkey.exe] FilePath : C:\WINDOWS\ ProcessID : 996 ThreadCreationTime : 15-07-2005 14:40:25 BasePriority : Normal FileVersion : 2, 2, 2, 0 ProductVersion : 2, 2, 2, 0 ProductName : Chicony Multimedia Driver CompanyName : Chicony FileDescription : Chicony Multimedia Driver InternalName : Multimedia Hotkey Driver LegalCopyright : Copyright (c) 2001 Chicony OriginalFilename : mHotkey.res #:21 [soundman.exe] FilePath : C:\WINDOWS\ ProcessID : 1496 ThreadCreationTime : 15-07-2005 14:40:26 BasePriority : Normal FileVersion : 5.0 ProductVersion : 5.0 ProductName : Avance Sound Manager CompanyName : Avance Logic, Inc. FileDescription : Avance Sound Manager InternalName : ALSMTray LegalCopyright : Copyright (c) 2001 Avance Logic, Inc. OriginalFilename : ALSMTray.exe Comments : Avance AC97 Audio Sound Manager #:22 [mm_tray.exe] FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\ ProcessID : 1564 ThreadCreationTime : 15-07-2005 14:40:28 BasePriority : Normal FileVersion : 9.00.0128 ProductVersion : 9.00.0128 ProductName : Musicmatch Jukebox CompanyName : Musicmatch, Inc. FileDescription : mm_tray InternalName : mm_tray LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : mm_tray.exe #:23 [mmtask.exe] FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\ ProcessID : 1528 ThreadCreationTime : 15-07-2005 14:40:30 BasePriority : Normal FileVersion : 9.0.0.1 ProductVersion : 9.0.0.1 ProductName : Musicmatch Jukebox CompanyName : Musicmatch Inc. FileDescription : InternalName : mmtask.exe LegalCopyright : (c) Musicmatch Inc.. All rights reserved. OriginalFilename : mmtask.exe #:24 [mcvsshld.exe] FilePath : C:\PROGRA~1\mcafee.com\vso\ ProcessID : 2036 ThreadCreationTime : 15-07-2005 14:40:32 BasePriority : Normal FileVersion : 9, 1, 0, 6 ProductVersion : 9, 1, 0, 0 ProductName : McAfee VirusScan CompanyName : McAfee, Inc. FileDescription : McAfee VirusScan ActiveShield Resource InternalName : msvcshld LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved. OriginalFilename : mcvsshld.exe Comments : McAfee VirusScan ActiveShield Resource #:25 [mcagent.exe] FilePath : C:\PROGRA~1\mcafee.com\agent\ ProcessID : 1700 ThreadCreationTime : 15-07-2005 14:40:34 BasePriority : Normal FileVersion : 5, 1, 0, 2 ProductVersion : 5, 1, 0, 0 ProductName : McAfee SecurityCenter CompanyName : McAfee, Inc FileDescription : McAfee SecurityCenter Agent InternalName : mcagent LegalCopyright : Copyright © 2005 McAfee, Inc. OriginalFilename : mcagent.exe #:26 [msscli.exe] FilePath : C:\progra~1\mcafee\MCAFEE~1\ ProcessID : 1820 ThreadCreationTime : 15-07-2005 14:40:36 BasePriority : Normal FileVersion : 1.10.158.0 ProductVersion : 1.10.158.0 ProductName : McAfee AntiSpyware CompanyName : McAfee, Inc. FileDescription : McAfee AntiSpyware RealTime Client InternalName : MssCli.exe LegalCopyright : Copyright (c) 2005 McAfee, Inc. All Rights Reserved. OriginalFilename : MssCli.exe #:27 [cli.exe] FilePath : C:\Program Files\ATI Technologies\ATI.ACE\ ProcessID : 1840 ThreadCreationTime : 15-07-2005 14:40:39 BasePriority : Normal #:28 [j8fka5er.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1828 ThreadCreationTime : 15-07-2005 14:40:41 BasePriority : Normal FileVersion : 4, 0, 3, 2 ProductVersion : 4, 0, 3, 2 #:29 [mcvsescn.exe] FilePath : c:\progra~1\mcafee.com\vso\ ProcessID : 1684 ThreadCreationTime : 15-07-2005 14:40:47 BasePriority : Normal FileVersion : 9, 1, 0, 4 ProductVersion : 9, 1, 0, 0 ProductName : McAfee VirusScan CompanyName : McAfee, Inc. FileDescription : McAfee VirusScan E-mail Scan Module InternalName : mcvsescn LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved. OriginalFilename : mcvsescn.EXE Comments : McAfee VirusScan E-mail Scan Module #:30 [applb.exe] FilePath : C:\WINDOWS\ ProcessID : 184 ThreadCreationTime : 15-07-2005 14:40:48 BasePriority : Normal #:31 [cli.exe] FilePath : C:\Program Files\ATI Technologies\ATI.ACE\ ProcessID : 1148 ThreadCreationTime : 15-07-2005 14:40:56 BasePriority : Normal #:32 [lgsyncmanager.exe] FilePath : C:\Program Files\LG PC Suite\LG PC Sync\ ProcessID : 1348 ThreadCreationTime : 15-07-2005 14:41:00 BasePriority : Normal FileVersion : 1, 0, 2, 0 ProductVersion : 1, 0, 2, 0 ProductName : LG SyncManager Application CompanyName : LG Electronics Inc. FileDescription : LG SyncManager InternalName : LGSyncManager LegalCopyright : Copyright (C) 2002 LG Electronics Inc. OriginalFilename : LGSyncManager.exe #:33 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 668 ThreadCreationTime : 15-07-2005 18:53:34 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 10 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 11 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 11 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : srikrishna korvi@atdmt[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:srikrishna korvi@atdmt.com/ Expires : 13-07-2010 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : srikrishna korvi@tripod[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:srikrishna korvi@tripod.com/ Expires : 14-07-2006 20:41:26 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : srikrishna korvi@247realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:srikrishna korvi@247realmedia.com/ Expires : 01-01-2011 01:00:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : srikrishna korvi@bs.serving-sys[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:3 Value : Cookie:srikrishna korvi@bs.serving-sys.com/ Expires : 01-01-2038 06:00:00 LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking Cookie Object Recognized! Type : IECache Entry Data : srikrishna korvi@realmedia[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:srikrishna korvi@realmedia.com/ Expires : 01-01-2021 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : srikrishna korvi@doubleclick[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:6 Value : Cookie:srikrishna korvi@doubleclick.net/ Expires : 13-07-2008 17:45:46 LastSync : Hits:6 UseCount : 0 Hits : 6 Tracking Cookie Object Recognized! Type : IECache Entry Data : srikrishna korvi@mediaplex[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:srikrishna korvi@mediaplex.com/ Expires : 22-06-2009 01:00:00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking Cookie Object Recognized! Type : IECache Entry Data : srikrishna korvi@serving-sys[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:27 Value : Cookie:srikrishna korvi@serving-sys.com/ Expires : 01-01-2038 06:00:00 LastSync : Hits:27 UseCount : 0 Hits : 27 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 8 Objects found so far: 19 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 19 Deep scanning and examining files (E:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 19 Possible Browser Hijack attempt Object Recognized! Type : File Data : Only sex website.url TAC Rating : 3 Category : Misc Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\Documents and Settings\Srikrishna Korvi\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Search the web.url TAC Rating : 3 Category : Misc Comment : Problematic URL discovered: http://www.lookfor.cc/ Object : C:\Documents and Settings\Srikrishna Korvi\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seven days of free porn.url TAC Rating : 3 Category : Misc Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\Documents and Settings\Srikrishna Korvi\Favorites\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i Value : Start CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i Value : ErrorControl CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i Value : ImagePath CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i Value : ObjectName CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i Value : FailureActions CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set CoolWebSearch Object Recognized! Type : RegData Data : no TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank CoolWebSearch Object Recognized! Type : RegData Data : no TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank CoolWebSearch Object Recognized! Type : File Data : wbemess.log TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\system32\wbem\logs\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 22 Objects found so far: 44 20:25:50 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:30:48.531 Objects scanned:195267 Objects identified:34 Objects ignored:0 New critical objects:34