Also had a virtual maid toolbar come up at same time, but killed that with toolbarcop.
I'm getting two popups, one saying 'your pc is infected with spyware, click here etc.'
One is an annoying yellow triangle with "!" in the middle of it that states " System Alert: Exploit Detected. System has detechted 4 active exploits that may cause frequent application crashes, instability or low computer preformance. Click the icon to remove exploits. "
Attached screen grab of one..
Any help much appreciated, thanks
Derek
Ad-Aware SE Build 1.05
Logfile Created on:20 April 2005 12:12:17
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R39 15.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R39 15.04.2005
Internal build : 46
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 459480 Bytes
Total size : 1389159 Bytes
Signature data size : 1358772 Bytes
Reference data size : 29875 Bytes
Signatures total : 38701
Fingerprints total : 794
Fingerprints size : 29979 Bytes
Target categories : 15
Target families : 649
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:57 %
Total physical memory:785840 kb
Available physical memory:447656 kb
Total page file size:1923624 kb
Available on page file:1624116 kb
Total virtual memory:2097024 kb
Available virtual memory:2040216 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
20-04-2005 12:12:17 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 328
ThreadCreationTime : 20-04-2005 10:08:09
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 508
ThreadCreationTime : 20-04-2005 10:08:11
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 540
ThreadCreationTime : 20-04-2005 10:08:12
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 584
ThreadCreationTime : 20-04-2005 10:08:12
BasePriority : Normal
FileVersion : 5.1.2600.1224 (xpsp2.030516-0318)
ProductVersion : 5.1.2600.1224
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 596
ThreadCreationTime : 20-04-2005 10:08:12
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 768
ThreadCreationTime : 20-04-2005 10:08:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 820
ThreadCreationTime : 20-04-2005 10:08:13
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1028
ThreadCreationTime : 20-04-2005 10:08:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1056
ThreadCreationTime : 20-04-2005 10:08:14
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1220
ThreadCreationTime : 20-04-2005 10:08:15
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1332
ThreadCreationTime : 20-04-2005 10:08:16
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:12 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 1344
ThreadCreationTime : 20-04-2005 10:08:16
BasePriority : Normal
#:13 [avsynmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\avsynmgr.exe"
ProcessID : 1356
ThreadCreationTime : 20-04-2005 10:08:16
BasePriority : Normal
#:14 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1400
ThreadCreationTime : 20-04-2005 10:08:16
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:15 [vsstat.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsStat.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsStat.exe"
ProcessID : 440
ThreadCreationTime : 20-04-2005 10:09:21
BasePriority : Normal
#:16 [vshwin32.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Vshwin32.exe"
ProcessID : 452
ThreadCreationTime : 20-04-2005 10:09:21
BasePriority : Normal
#:17 [mcshield.exe]
ModuleName : C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
Command Line : "C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe"
ProcessID : 336
ThreadCreationTime : 20-04-2005 10:09:22
BasePriority : High
#:18 [webscanx.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Webscanx.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Webscanx.exe"
ProcessID : 700
ThreadCreationTime : 20-04-2005 10:09:23
BasePriority : Normal
#:19 [avconsol.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\Avconsol.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\Avconsol.exe"
ProcessID : 1420
ThreadCreationTime : 20-04-2005 10:09:27
BasePriority : Normal
#:20 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1540
ThreadCreationTime : 20-04-2005 10:10:47
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:21 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : ctfmon.exe
ProcessID : 1708
ThreadCreationTime : 20-04-2005 10:10:48
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:22 [dllhost.exe]
ModuleName : C:\WINDOWS\System32\DllHost.exe
Command Line : C:\WINDOWS\System32\DllHost.exe /Processid:{BAA8FB92-D1E7-4181-B0EE-94DA3329F7C0}
ProcessID : 1500
ThreadCreationTime : 20-04-2005 10:10:48
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe
#:23 [msole32.exe]
ModuleName : C:\WINDOWS\System32\msole32.exe
Command Line : "C:\WINDOWS\System32\msole32.exe"
ProcessID : 1760
ThreadCreationTime : 20-04-2005 10:10:50
BasePriority : Normal
#:24 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe"
ProcessID : 1892
ThreadCreationTime : 20-04-2005 10:10:51
BasePriority : Normal
#:25 [atiptaxx.exe]
ModuleName : C:\WINDOWS\System32\atiptaxx.exe
Command Line : "C:\WINDOWS\System32\atiptaxx.exe"
ProcessID : 1932
ThreadCreationTime : 20-04-2005 10:10:51
BasePriority : Normal
FileVersion : 6.13.10.2529
ProductVersion : 6.13.10.2529
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:26 [soundman.exe]
ModuleName : C:\WINDOWS\soundman.exe
Command Line : "C:\WINDOWS\soundman.exe"
ProcessID : 148
ThreadCreationTime : 20-04-2005 10:10:51
BasePriority : Normal
FileVersion : 4.1
ProductVersion : 4.1
ProductName : Avance Sound Effect Manager v.4.1
CompanyName : Avance Logic, Inc.
FileDescription : Avance Sound Effect Manager
InternalName : SoundMan
LegalCopyright : Copyright © 2000-2001 Avance Logic, Inc.
OriginalFilename : SoundMan.exe
Comments : Avance Sound Effect Control Panel
#:27 [syntplpr.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
ProcessID : 176
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
FileVersion : 5.7.1 02Aug01
ProductVersion : 5.7.1 02Aug01
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : TouchPad Driver Helper Application
InternalName : SynTPLpr
LegalCopyright : Copyright © Synaptics, Inc. 1996-2001
OriginalFilename : SynTPLpr.exe
#:28 [syntpenh.exe]
ModuleName : C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Command Line : "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
ProcessID : 160
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
FileVersion : 5.7.1 02Aug01
ProductVersion : 5.7.1 02Aug01
ProductName : Progressive Touch
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Scrolleroo
LegalCopyright : Copyright © Synaptics, Inc. 1996-2001
OriginalFilename : SynTPEnh.exe
#:29 [launchap.exe]
ModuleName : C:\Program Files\Launch Manager\LaunchAp.exe
Command Line : "C:\Program Files\Launch Manager\LaunchAp.exe"
ProcessID : 1928
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : LAUNCHAP Application
FileDescription : LAUNCHAP
InternalName : LAUNCHAP
LegalCopyright : Copyright 1999 - 2000
OriginalFilename : LAUNCHAP.EXE
#:30 [hotkeyapp.exe]
ModuleName : C:\Program Files\Launch Manager\HotkeyApp.exe
Command Line : "C:\Program Files\Launch Manager\HotkeyApp.exe"
ProcessID : 372
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
#:31 [ctrlvol.exe]
ModuleName : C:\Program Files\Launch Manager\CtrlVol.exe
Command Line : "C:\Program Files\Launch Manager\CtrlVol.exe"
ProcessID : 388
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
#:32 [wbutton.exe]
ModuleName : C:\Program Files\Launch Manager\Wbutton.exe
Command Line : "C:\Program Files\Launch Manager\Wbutton.exe"
ProcessID : 844
ThreadCreationTime : 20-04-2005 10:10:52
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : newapp Application
FileDescription : newapp MFC Application
InternalName : newapp
LegalCopyright : Copyright © 2001
OriginalFilename : newapp.EXE
#:33 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1784
ThreadCreationTime : 20-04-2005 10:10:53
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:34 [datalayer.exe]
ModuleName : C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
Command Line : "C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe"
ProcessID : 936
ThreadCreationTime : 20-04-2005 10:10:54
BasePriority : Normal
FileVersion : 5, 00, 00, 042
ProductVersion : 5,0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phone Ltd.
FileDescription : DataLayer Module
InternalName : Data Layer
LegalCopyright : Copyright © 2002-2003. Nokia. All rights reserved.
OriginalFilename : DataLayer.EXE
#:35 [ncltray.exe]
ModuleName : C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
Command Line : "C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe"
ProcessID : 1608
ThreadCreationTime : 20-04-2005 10:10:54
BasePriority : Normal
#:36 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1768
ThreadCreationTime : 20-04-2005 10:10:55
BasePriority : Normal
FileVersion : 0.1.0.3018
ProductVersion : 0.1.0.3018
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:37 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 992
ThreadCreationTime : 20-04-2005 10:10:55
BasePriority : Normal
#:38 [servicelayer.exe]
ModuleName : C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
Command Line : "C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe" -Embedding
ProcessID : 2060
ThreadCreationTime : 20-04-2005 10:10:56
BasePriority : Normal
FileVersion : 5.00.018
ProductVersion : 5.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia Corp.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002, 2003 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe
#:39 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 2284
ThreadCreationTime : 20-04-2005 10:10:59
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:40 [mozilla.exe]
ModuleName : C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
Command Line : "C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE" -turbo
ProcessID : 2384
ThreadCreationTime : 20-04-2005 10:11:01
BasePriority : Normal
#:41 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 2396
ThreadCreationTime : 20-04-2005 10:11:01
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:42 [wincinemamgr.exe]
ModuleName : C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
Command Line : "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
ProcessID : 2428
ThreadCreationTime : 20-04-2005 10:11:01
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright © 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE
#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 4080
ThreadCreationTime : 20-04-2005 11:10:00
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagesearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagesearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmaid.co...bar/index.html"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://searchmaid.co...bar/index.html"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URLsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URLsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainLocal Pagesearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Local Page
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainSearch Pagesearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainStart Pagesearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainSearch Barsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://searchmaid.co...bar/index.html"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://searchmaid.co...bar/index.html"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainDefault_Search_URLsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainDefault_Page_URLsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\MainLocal Pagesearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmaid.com/"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Main
Value : Local Page
Data : "http://www.searchmaid.com/"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\SearchSearchAssistantsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\SearchCustomizeSearchsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://www.searchmai...arch.php?qq=%s"
Possible Browser Hijack attempt : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\SearchURLsearchmaid.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://www.searchmai...arch.php?qq=%s"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-796845957-1580818891-1343024091-1005\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "http://www.searchmai...arch.php?qq=%s"
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 17
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
42 entries scanned.
New critical objects:0
Objects found so far: 17
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
12:26:12 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:55.121
Objects scanned:174469
Objects identified:17
Objects ignored:0
New critical objects:17