Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 22, 2005 10:40:06 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring(TAC index:6):7 total references
CoolWebSearch(TAC index:10):20 total references
Coulomb Dialer(TAC index:5):1 total references
Lycos Sidesearch(TAC index:7):9 total references
SahAgent(TAC index:9):2 total references
Tracking Cookie(TAC index:3):3 total references
WindUpdates(TAC index:8):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Obtain command line of scanned processes
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
4-22-2005 10:40:06 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 388
ThreadCreationTime : 4-23-2005 1:36:44 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 436
ThreadCreationTime : 4-23-2005 1:36:45 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 460
ThreadCreationTime : 4-23-2005 1:36:46 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 504
ThreadCreationTime : 4-23-2005 1:36:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 516
ThreadCreationTime : 4-23-2005 1:36:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 680
ThreadCreationTime : 4-23-2005 1:36:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 704
ThreadCreationTime : 4-23-2005 1:36:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 820
ThreadCreationTime : 4-23-2005 1:36:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1036
ThreadCreationTime : 4-23-2005 1:36:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:10 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1076
ThreadCreationTime : 4-23-2005 1:36:49 AM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\explorer.exe
Command Line : "C:\WINDOWS\explorer.exe"
ProcessID : 1096
ThreadCreationTime : 4-23-2005 1:36:50 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [taskmgru.exe]
ModuleName : C:\WINDOWS\System32\TASKMGRU.EXE
Command Line : "C:\WINDOWS\System32\TASKMGRU.EXE" open
ProcessID : 1268
ThreadCreationTime : 4-23-2005 1:36:51 AM
BasePriority : Normal
#:13 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1288
ThreadCreationTime : 4-23-2005 1:36:51 AM
BasePriority : Normal
#:14 [msimn32.exe]
ModuleName : C:\WINDOWS\System32\MSIMN32.EXE
Command Line : "C:\WINDOWS\System32\MSIMN32.EXE" open
ProcessID : 1300
ThreadCreationTime : 4-23-2005 1:36:51 AM
BasePriority : Normal
#:15 [cisvc.exe]
ModuleName : C:\WINDOWS\System32\cisvc.exe
Command Line : C:\WINDOWS\System32\cisvc.exe
ProcessID : 1320
ThreadCreationTime : 4-23-2005 1:36:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe
#:16 [kodakccs.exe]
ModuleName : C:\WINDOWS\system32\drivers\KodakCCS.exe
Command Line : C:\WINDOWS\system32\drivers\KodakCCS.exe
ProcessID : 1380
ThreadCreationTime : 4-23-2005 1:36:51 AM
BasePriority : Normal
FileVersion : 1.1.4700.0
ProductVersion : 4.3.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe
#:17 [mscmtsrvc.exe]
ModuleName : C:\WINDOWS\system32\msCMTSrvc.exe
Command Line : C:\WINDOWS\system32\msCMTSrvc.exe
ProcessID : 1408
ThreadCreationTime : 4-23-2005 1:36:51 AM
BasePriority : Normal
#:18 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1436
ThreadCreationTime : 4-23-2005 1:36:51 AM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:19 [scsiaccess.exe]
ModuleName : C:\WINDOWS\System32\ScsiAccess.EXE
Command Line : C:\WINDOWS\System32\ScsiAccess.EXE
ProcessID : 1500
ThreadCreationTime : 4-23-2005 1:36:51 AM
BasePriority : Normal
#:20 [mediaacck.exe]
ModuleName : C:\Program Files\Media Access\MediaAccK.exe
Command Line : "C:\Program Files\Media Access\MediaAccK.exe"
ProcessID : 1688
ThreadCreationTime : 4-23-2005 1:36:52 AM
BasePriority : Normal
#:21 [aujebs.exe]
ModuleName : C:\WINDOWS\system\aujebs.exe
Command Line : "C:\WINDOWS\system\aujebs.exe"
ProcessID : 1708
ThreadCreationTime : 4-23-2005 1:36:52 AM
BasePriority : Normal
#:22 [taskmgru.exe]
ModuleName : C:\WINDOWS\System32\TASKMGRU.EXE
Command Line : "C:\WINDOWS\System32\TASKMGRU.EXE"
ProcessID : 1724
ThreadCreationTime : 4-23-2005 1:36:52 AM
BasePriority : Normal
#:23 [msimn32.exe]
ModuleName : C:\WINDOWS\System32\MSIMN32.EXE
Command Line : "C:\WINDOWS\System32\MSIMN32.EXE"
ProcessID : 1780
ThreadCreationTime : 4-23-2005 1:36:52 AM
BasePriority : Normal
#:24 [mediaaccess.exe]
ModuleName : C:\Program Files\Media Access\MediaAccess.exe
Command Line : "C:\Program Files\Media Access\MediaAccess.exe"
ProcessID : 1804
ThreadCreationTime : 4-23-2005 1:36:52 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE
#:25 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 1376
ThreadCreationTime : 4-23-2005 1:37:56 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:26 [cidaemon.exe]
ModuleName : C:\WINDOWS\System32\cidaemon.exe
Command Line : cidaemon.exe DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 1320l
ProcessID : 2180
ThreadCreationTime : 4-23-2005 1:44:34 AM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
#:27 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1112
ThreadCreationTime : 4-23-2005 2:28:18 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:28 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1048
ThreadCreationTime : 4-23-2005 2:34:02 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{5297e905-1dfb-4a9c-9871-a4f95fd58945}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj.1
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : toolband.toolbandobj
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{95b92d92-8b7d-4a19-a3f1-43113b4dbcaf}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0e1230f8-ea50-42a9-983c-d22abc2eed3b}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
Value :
Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a951af0-53f8-4803-a565-0e1dee4b11f5}
Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a951af0-53f8-4803-a565-0e1dee4b11f5}
Value :
Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{af286cea-635d-40c5-a891-b40a0f520539}
Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{af286cea-635d-40c5-a891-b40a0f520539}
Value :
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\toolbar
Value : {0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 19
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\System32\erjeqska.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{8DE91FEE-BB4A-D9B1-0C01-F88408AF77F6}
ClickSpring Object Recognized!
Type : File
Data : erjeqska.dll
Category : Malware
Comment :
Object : c:\windows\system32\
ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\System32\erjeqska.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{B8C42FEE-9679-EC85-2131-C8A9389F5AC6}
ClickSpring Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : C:\WINDOWS\System32\erjeqska.dll
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{BDC42FEA-960C-9BF5-2133-CEA94C9F5ACF}
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 23
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-23-2005 9:26:10 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 4-21-2010 10:11:18 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@trafficmp[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 4-22-2006 10:18:44 PM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 26
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ClickSpring Object Recognized!
Type : File
Data : wtta.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Application Data\
ClickSpring Object Recognized!
Type : File
Data : !update.exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Owner\Local Settings\Temp\
SahAgent Object Recognized!
Type : File
Data : A0012791.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP31\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
SahAgent Object Recognized!
Type : File
Data : A0012792.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP31\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
WindUpdates Object Recognized!
Type : File
Data : A0015415.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{FDF7E1BD-3514-4652-A0DC-09D8FF2520E1}\RP54\
WindUpdates Object Recognized!
Type : File
Data : ide21201.vxd
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
Coulomb Dialer Object Recognized!
Type : File
Data : Groove.x32
Category : Dialer
Comment :
Object : C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\download\TheGrooveAlliance\3DGrooveXtrav18\
FileVersion : 1, 8, 0, 0
ProductVersion : 1, 8, 0, 0
ProductName : GROOVE
FileDescription : GROOVE
InternalName : GROOVE
LegalCopyright : Copyright 2001
OriginalFilename : GROOVE.x32
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 33
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_zesoft
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : File
Data : hosts
Category : Malware
Comment :
Object : C:\WINDOWS\
Lycos Sidesearch Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : DisplayName
Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : UninstallString
Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : NoModify
Lycos Sidesearch Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sep
Value : NoRepair
ClickSpring Object Recognized!
Type : File
Data : crash.txt
Category : Malware
Comment :
Object : c:\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 44
10:56:18 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:16:12.312
Objects scanned:107806
Objects identified:44
Objects ignored:0
New critical objects:44