Ad-Aware SE Build 1.05 Logfile Created on:Martes, 03 de Mayo de 2005 06:18:31 p.m. Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R42 28.04.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch(TAC index:10):24 total references MRU List(TAC index:0):34 total references Possible Browser Hijack attempt(TAC index:3):3 total references VX2(TAC index:10):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R42 28.04.2005 Internal build : 49 File location : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 466557 Bytes Total size : 1403889 Bytes Signature data size : 1373297 Bytes Reference data size : 30080 Bytes Signatures total : 39226 Fingerprints total : 836 Fingerprints size : 28245 Bytes Target categories : 15 Target families : 654 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Non Intel Memory available:20 % Total physical memory:261616 kb Available physical memory:50988 kb Total page file size:633512 kb Available on page file:432896 kb Total virtual memory:2097024 kb Available virtual memory:2046592 kb OS:Microsoft Windows XP Professional (Build 2600) Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 03-05-2005 06:18:31 p.m. - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 456 ThreadCreationTime : 03-05-2005 09:42:05 p.m. BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 512 ThreadCreationTime : 03-05-2005 09:42:06 p.m. BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 536 ThreadCreationTime : 03-05-2005 09:42:07 p.m. BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 580 ThreadCreationTime : 03-05-2005 09:42:07 p.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Aplicación de servicios y controlador InternalName : services.exe LegalCopyright : Copyright (C) Microsoft Corporation. Reservados todos los derechos. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 592 ThreadCreationTime : 03-05-2005 09:42:07 p.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 772 ThreadCreationTime : 03-05-2005 09:42:08 p.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 824 ThreadCreationTime : 03-05-2005 09:42:08 p.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 908 ThreadCreationTime : 03-05-2005 09:42:08 p.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 972 ThreadCreationTime : 03-05-2005 09:42:08 p.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [ccproxy.exe] FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\ ProcessID : 1104 ThreadCreationTime : 03-05-2005 09:42:09 p.m. BasePriority : Normal FileVersion : 103.0.4.3 ProductVersion : 103.0.4.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:11 [ccsetmgr.exe] FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\ ProcessID : 1172 ThreadCreationTime : 03-05-2005 09:42:09 p.m. BasePriority : Normal FileVersion : 103.0.4.3 ProductVersion : 103.0.4.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1228 ThreadCreationTime : 03-05-2005 09:42:09 p.m. BasePriority : Normal FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Explorador de Windows InternalName : explorer LegalCopyright : © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : EXPLORER.EXE #:13 [issvc.exe] FilePath : C:\Archivos de programa\Norton Personal Firewall\ ProcessID : 1260 ThreadCreationTime : 03-05-2005 09:42:10 p.m. BasePriority : Normal FileVersion : 8.0.2.5 ProductVersion : 8.0 ProductName : Norton Internet Security CompanyName : Symantec Corporation FileDescription : IS Service InternalName : ISSVC.exe LegalCopyright : Copyright (c) 2004 Symantec Corporation OriginalFilename : ISSVC.exe #:14 [sndsrvc.exe] FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\ ProcessID : 1272 ThreadCreationTime : 03-05-2005 09:42:10 p.m. BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:15 [spbbcsvc.exe] FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\SPBBC\ ProcessID : 1288 ThreadCreationTime : 03-05-2005 09:42:10 p.m. BasePriority : Normal FileVersion : 1,0,1,47 ProductVersion : 1,0,1,47 ProductName : SPBBC CompanyName : Symantec Corporation FileDescription : SPBBC Service InternalName : SPBBCSvc LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved. OriginalFilename : SPBBCSvc.exe #:16 [ccevtmgr.exe] FilePath : C:\Archivos de programa\Archivos comunes\Symantec Shared\ ProcessID : 1372 ThreadCreationTime : 03-05-2005 09:42:10 p.m. BasePriority : Normal FileVersion : 103.0.4.3 ProductVersion : 103.0.4.3 ProductName : Client and Host Security Platform CompanyName : Symantec Corporation FileDescription : Symantec Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:17 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1728 ThreadCreationTime : 03-05-2005 09:42:12 p.m. BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:18 [mdm.exe] FilePath : C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\ ProcessID : 1896 ThreadCreationTime : 03-05-2005 09:42:18 p.m. BasePriority : Normal FileVersion : 7.00.9064.9150 ProductVersion : 7.00.9064.9150 ProductName : Microsoft Development Environment CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000 OriginalFilename : mdm.exe #:19 [navapsvc.exe] FilePath : C:\Archivos de programa\Norton AntiVirus\ ProcessID : 1908 ThreadCreationTime : 03-05-2005 09:42:18 p.m. BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:20 [nprotect.exe] FilePath : C:\Archivos de programa\Norton AntiVirus\AdvTools\ ProcessID : 1924 ThreadCreationTime : 03-05-2005 09:42:18 p.m. BasePriority : Normal FileVersion : 16.00.0.22 ProductVersion : 16.00.0.22 ProductName : Norton Utilities CompanyName : Symantec Corporation FileDescription : Norton Protection Status InternalName : NPROTECT LegalCopyright : Copyright (C) 2003 Symantec Corporation LegalTrademarks : Norton Utilities OriginalFilename : NPROTECT.EXE #:21 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1948 ThreadCreationTime : 03-05-2005 09:42:18 p.m. BasePriority : Normal FileVersion : 6.13.10.2942 ProductVersion : 6.13.10.2942 ProductName : NVIDIA Driver Helper Service, Version 29.42 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 29.42 InternalName : NVSVC LegalCopyright : (c) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:22 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 192 ThreadCreationTime : 03-05-2005 09:42:19 p.m. BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:23 [savscan.exe] FilePath : C:\Archivos de programa\Norton AntiVirus\ ProcessID : 888 ThreadCreationTime : 03-05-2005 09:42:30 p.m. BasePriority : Normal ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright (c) 2004 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:24 [apifu.exe] FilePath : C:\WINDOWS\ ProcessID : 1004 ThreadCreationTime : 03-05-2005 09:42:31 p.m. BasePriority : Normal VX2 Object Recognized! Type : Process Data : apifu.exe Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\ Warning! VX2 Object found in memory(C:\WINDOWS\apifu.exe) "C:\WINDOWS\apifu.exe"Process terminated successfully "C:\WINDOWS\apifu.exe"Process terminated successfully #:25 [jusched.exe] FilePath : C:\Archivos de programa\Java\jre1.5.0_02\bin\ ProcessID : 1976 ThreadCreationTime : 03-05-2005 09:42:37 p.m. BasePriority : Normal #:26 [rundll32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1992 ThreadCreationTime : 03-05-2005 09:42:37 p.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Ejecutar un archivo DLL como una aplicación InternalName : rundll LegalCopyright : © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : RUNDLL.EXE #:27 [ntyi.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2160 ThreadCreationTime : 03-05-2005 09:42:40 p.m. BasePriority : Normal #:28 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2168 ThreadCreationTime : 03-05-2005 09:42:40 p.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:29 [skype.exe] FilePath : C:\Archivos de programa\Skype\Phone\ ProcessID : 2224 ThreadCreationTime : 03-05-2005 09:42:42 p.m. BasePriority : Normal #:30 [iexplore.exe] FilePath : C:\Archivos de programa\Internet Explorer\ ProcessID : 3984 ThreadCreationTime : 03-05-2005 10:58:14 p.m. BasePriority : Normal FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Reservados todos los derechos. OriginalFilename : IEXPLORE.EXE #:31 [ad-aware.exe] FilePath : C:\Archivos de programa\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2920 ThreadCreationTime : 03-05-2005 11:18:19 p.m. BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 2 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : File Data : aowyg.log Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : qglyv.log Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : rtonb.log Category : Malware Comment : Object : C:\WINDOWS\ Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 CoolWebSearch Object Recognized! Type : File Data : eehwy.dat Category : Malware Comment : Object : C:\WINDOWS\System32\ CoolWebSearch Object Recognized! Type : File Data : obhog.dat Category : Malware Comment : Object : C:\WINDOWS\System32\ CoolWebSearch Object Recognized! Type : File Data : pxdlr.log Category : Malware Comment : Object : C:\WINDOWS\System32\ Disk Scan Result for C:\WINDOWS\System32 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 8 Disk Scan Result for C:\DOCUME~1\Rodrigo\CONFIG~1\Temp\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 8 Possible Browser Hijack attempt Object Recognized! Type : File Data : Only sex website.url Category : Misc Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\Documents and Settings\Rodrigo\Favoritos\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Search the web.url Category : Misc Comment : Problematic URL discovered: http://www.lookfor.cc/ Object : C:\Documents and Settings\Rodrigo\Favoritos\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seven days of free porn.url Category : Misc Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\Documents and Settings\Rodrigo\Favoritos\ MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\ahead\nero - burning rom\recent file list Description : list of recently used files in nero burning rom MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\directinput\mostrecentapplication Description : most recent application to use microsoft directinput MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\mediaplayer\medialibraryui Description : last selected node in the microsoft windows media player media library MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-19\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-20\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\mediaplayer\preferences Description : last search path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\ntbackup\log files Description : list of recent logfiles in microsoft backup MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\office\10.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\office\10.0\powerpoint\recent file list Description : list of recent files used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\office\10.0\powerpoint\recent templates Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\office\10.0\powerpoint\recenttemplatelist Description : list of recent templates used by microsoft powerpoint MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1004336348-583907252-682003330-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks Value : {89F014C0-EC39-66DE-2373-1D4CCF27E2C8} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : UninstallString CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search Value : SearchAssistant CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 17 Objects found so far: 62 06:20:58 p.m. Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:02:27.703 Objects scanned:69099 Objects identified:28 Objects ignored:0 New critical objects:28