Logfile Created on:Friday, April 22, 2005 9:17:10 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R39 15.04.2005
Internal build : 46
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 459480 Bytes
Total size : 1389159 Bytes
Signature data size : 1358772 Bytes
Reference data size : 29875 Bytes
Signatures total : 38701
Fingerprints total : 794
Fingerprints size : 29979 Bytes
Target categories : 15
Target families : 649
4-22-2005 9:13:04 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650
4-22-2005 9:14:34 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:29 %
Total physical memory:458224 kb
Available physical memory:128728 kb
Total page file size:1083028 kb
Available on page file:847692 kb
Total virtual memory:2097024 kb
Available virtual memory:2048844 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
4-22-2005 9:17:10 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 744
ThreadCreationTime : 4-22-2005 12:42:38 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 796
ThreadCreationTime : 4-22-2005 12:42:42 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 820
ThreadCreationTime : 4-22-2005 12:42:42 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 864
ThreadCreationTime : 4-22-2005 12:42:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 876
ThreadCreationTime : 4-22-2005 12:42:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1064
ThreadCreationTime : 4-22-2005 12:42:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1196
ThreadCreationTime : 4-22-2005 12:42:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1336
ThreadCreationTime : 4-22-2005 12:42:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1404
ThreadCreationTime : 4-22-2005 12:42:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1628
ThreadCreationTime : 4-22-2005 12:42:45 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:11 [ccsetmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 1660
ThreadCreationTime : 4-22-2005 12:42:45 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:12 [ccevtmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1708
ThreadCreationTime : 4-22-2005 12:42:45 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:13 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1884
ThreadCreationTime : 4-22-2005 12:42:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [packethsvc.exe]
ModuleName : C:\WINDOWS\System32\PackethSvc.exe
Command Line : C:\WINDOWS\System32\PackethSvc.exe
ProcessID : 196
ThreadCreationTime : 4-22-2005 12:43:54 PM
BasePriority : Normal
FileVersion : 6, 0, 0, 6
ProductVersion : 6, 0, 0, 6
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Virtual Adapter Service
InternalName : Virtual Adapter Service
LegalCopyright : Copyright © America Online, Inc. 1999 - 2001
OriginalFilename : PackethSvc.exe
#:15 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 216
ThreadCreationTime : 4-22-2005 12:43:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:16 [gearsec.exe]
ModuleName : C:\WINDOWS\System32\gearsec.exe
Command Line : C:\WINDOWS\System32\gearsec.exe
ProcessID : 240
ThreadCreationTime : 4-22-2005 12:43:54 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001-2003 GEAR Software
OriginalFilename : gearsec.exe
#:17 [navapsvc.exe]
ModuleName : c:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "c:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 272
ThreadCreationTime : 4-22-2005 12:43:54 PM
BasePriority : Normal
FileVersion : 10.00.13
ProductVersion : 10.00.13
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:18 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 332
ThreadCreationTime : 4-22-2005 12:43:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:19 [sdkhq.exe]
ModuleName : C:\WINDOWS\system32\sdkhq.exe
Command Line : "C:\WINDOWS\system32\sdkhq.exe" /r
ProcessID : 480
ThreadCreationTime : 4-22-2005 12:44:03 PM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : sdkhq.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
Warning! VX2 Object found in memory(C:\WINDOWS\system32\sdkhq.exe)
"C:\WINDOWS\system32\sdkhq.exe"Process terminated successfully
"C:\WINDOWS\system32\sdkhq.exe"Process terminated successfully
#:20 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe"
ProcessID : 944
ThreadCreationTime : 4-22-2005 12:44:03 PM
BasePriority : Normal
#:21 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 364
ThreadCreationTime : 4-22-2005 12:44:05 PM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
#:22 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 1488
ThreadCreationTime : 4-22-2005 12:44:05 PM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe
#:23 [hphmon05.exe]
ModuleName : C:\WINDOWS\System32\hphmon05.exe
Command Line : "C:\WINDOWS\System32\hphmon05.exe"
ProcessID : 1732
ThreadCreationTime : 4-22-2005 12:44:05 PM
BasePriority : Normal
FileVersion : 5,1,7
ProductVersion : 5,1,7
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
LegalCopyright : Copyright © 2003
OriginalFilename : HPHmon05.exe
#:24 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 1940
ThreadCreationTime : 4-22-2005 12:44:05 PM
BasePriority : High
#:25 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 1300
ThreadCreationTime : 4-22-2005 12:44:05 PM
BasePriority : Normal
FileVersion : 4.2.0.74
ProductVersion : 4.2.0.74
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iTunesHelper.exe
#:26 [vttimer.exe]
ModuleName : C:\WINDOWS\System32\VTTimer.exe
Command Line : "C:\WINDOWS\System32\VTTimer.exe"
ProcessID : 1468
ThreadCreationTime : 4-22-2005 12:44:06 PM
BasePriority : Normal
FileVersion : 1.100.2004.0115
ProductVersion : 1.100.2004.0115
ProductName : S3 Graphics, Inc. Utilities
CompanyName : S3 Graphics, Inc.
InternalName : S3Timer
LegalCopyright : Copyright © 2001-2004 S3 Graphics, Inc.
LegalTrademarks : S3 is a registered trademark of S3 Incorporated
#:27 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 1668
ThreadCreationTime : 4-22-2005 12:44:06 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:28 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 1948
ThreadCreationTime : 4-22-2005 12:44:06 PM
BasePriority : Normal
FileVersion : 4.2.0.74
ProductVersion : 4.2.0.74
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © Apple Computer, Inc. 2003
OriginalFilename : iPodService.exe
#:29 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 2056
ThreadCreationTime : 4-22-2005 12:44:06 PM
BasePriority : Normal
FileVersion : 1.2
ProductVersion : 1.2
ProductName : Realtek AC97 Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek AC97 Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2003 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
#:30 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\RUNDLL32.exe
Command Line : "C:\WINDOWS\System32\RUNDLL32.exe" "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
ProcessID : 2084
ThreadCreationTime : 4-22-2005 12:44:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:31 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2112
ThreadCreationTime : 4-22-2005 12:44:06 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:32 [apiuy.exe]
ModuleName : C:\WINDOWS\system32\apiuy.exe
Command Line : "C:\WINDOWS\system32\apiuy.exe"
ProcessID : 2136
ThreadCreationTime : 4-22-2005 12:44:06 PM
BasePriority : Normal
#:33 [weather.exe]
ModuleName : C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
Command Line : "C:\PROGRA~1\AWS\WEATHE~1\Weather.exe" 1
ProcessID : 2184
ThreadCreationTime : 4-22-2005 12:44:07 PM
BasePriority : Normal
FileVersion : 5, 3, 0, 8
ProductVersion : 5, 3, 0, 8
ProductName : AWS, Inc.WeatherBug
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
LegalCopyright : Copyright © 2001-2003
LegalTrademarks : WeatherBug, WeatherNet, WeatherNet+, InstaCAM
OriginalFilename : WeatherBug.exe
Comments : World Largest Weather Network
#:34 [reminder.exe]
ModuleName : C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe
Command Line : "C:\Program Files\U.S. Robotics\ControlCenter\Reminder.exe" /silent
ProcessID : 3468
ThreadCreationTime : 4-22-2005 12:44:11 PM
BasePriority : Normal
#:35 [popsub.exe]
ModuleName : C:\Program Files\InterMute\PopSubtract\PopSub.exe
Command Line : "C:\Program Files\InterMute\PopSubtract\PopSub.exe"
ProcessID : 3484
ThreadCreationTime : 4-22-2005 12:44:12 PM
BasePriority : Normal
FileVersion : 1, 3, 8, 0
ProductVersion : 1, 3, 8, 0
ProductName : PopSubtract
CompanyName : interMute, Inc.
FileDescription : PopSubtract Main Module
InternalName : PopSubtract
LegalCopyright : Copyright 2003 interMute, Inc.
OriginalFilename : PopSub.EXE
#:36 [spysub.exe]
ModuleName : C:\Program Files\InterMute\SpySubtract\spysub.exe
Command Line : "C:\Program Files\InterMute\SpySubtract\spysub.exe" -autostart
ProcessID : 3508
ThreadCreationTime : 4-22-2005 12:44:12 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 79
ProductVersion : 2.0
ProductName : SpySubtract
CompanyName : InterMute, Inc.
FileDescription : SpySubtract Program EXE
InternalName : SpySub.exe
LegalCopyright : Copyright © 2004 InterMute, Inc. All rights reserved.
OriginalFilename : SpySub.exe
#:37 [backweb-137903.exe]
ModuleName : C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
Command Line : "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" -startup
ProcessID : 3524
ThreadCreationTime : 4-22-2005 12:44:12 PM
BasePriority : Normal
#:38 [wmtray.exe]
ModuleName : C:\Program Files\wmconnect\wmtray.exe
Command Line : "C:\Program Files\wmconnect\wmtray.exe" -check
ProcessID : 3536
ThreadCreationTime : 4-22-2005 12:44:13 PM
BasePriority : Normal
FileVersion : 6.02.000
ProductVersion : 6.02.000
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Tray Icon
InternalName : WMTray
LegalCopyright : Copyright © America Online, Inc. 1999 - 2001
#:39 [spamsub.exe]
ModuleName : C:\Program Files\InterMute\SpamSubtract\SpamSub.exe
Command Line : "C:\Program Files\InterMute\SpamSubtract\SpamSub.exe"
ProcessID : 4060
ThreadCreationTime : 4-22-2005 12:44:16 PM
BasePriority : Normal
FileVersion : 1, 8, 2, 0
ProductVersion : 1, 8, 2, 0
ProductName : SpamSubtract
CompanyName : InterMute, Inc.
FileDescription : SpamSubtract Main Module
InternalName : SpamSubtract.exe
LegalCopyright : Copyright © 2004 InterMute, Inc.
OriginalFilename : SpamSubtract.exe
#:40 [wkcalrem.exe]
ModuleName : c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Command Line : "c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe"
ProcessID : 2300
ThreadCreationTime : 4-22-2005 12:54:44 PM
BasePriority : Normal
FileVersion : 7.02.0710.1
ProductVersion : 7.02.0710.1
ProductName : Microsoft® Works 7.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation. All rights reserved.
OriginalFilename : WKCALREM.EXE
#:41 [wwm.exe]
ModuleName : C:\Program Files\wmconnect\wwm.exe
Command Line : wwm.exe
ProcessID : 3664
ThreadCreationTime : 4-22-2005 1:02:25 PM
BasePriority : Normal
#:42 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1124
ThreadCreationTime : 4-22-2005 1:12:15 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : A0007290.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{70304573-AB33-4072-AA96-4495C42D15E3}\RP14\
CoolWebSearch Object Recognized!
Type : File
Data : jpuxk.txt
Category : Malware
Comment :
Object : C:\WINDOWS\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {98CC5AAE-235D-FAA5-55FF-15141C8ADB12}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : File
Data : 2.tmp
Category : Malware
Comment :
Object : C:\DOCUME~1\Owner\LOCALS~1\Temp\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 20
9:30:40 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:30.250
Objects scanned:157716
Objects identified:20
Objects ignored:0
New critical objects:20