Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, April 27, 2005 10:31:58 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):3 total references
CoolWebSearch(TAC index:10):11 total references
Possible Browser Hijack attempt(TAC index:3):5 total references
Tracking Cookie(TAC index:3):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : D:\Program Files\lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:22 %
Total physical memory:261616 kb
Available physical memory:56348 kb
Total page file size:633668 kb
Available on page file:422412 kb
Total virtual memory:2097024 kb
Available virtual memory:2048080 kb
OS:Microsoft Windows XP Home Edition (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
4-27-2005 10:31:58 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 652
ThreadCreationTime : 4-27-2005 12:21:41 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 728
ThreadCreationTime : 4-27-2005 12:21:43 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 752
ThreadCreationTime : 4-27-2005 12:21:45 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 808
ThreadCreationTime : 4-27-2005 12:21:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 820
ThreadCreationTime : 4-27-2005 12:21:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 992
ThreadCreationTime : 4-27-2005 12:21:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1172
ThreadCreationTime : 4-27-2005 12:21:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1288
ThreadCreationTime : 4-27-2005 12:21:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1400
ThreadCreationTime : 4-27-2005 12:21:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1712
ThreadCreationTime : 4-27-2005 12:21:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1756
ThreadCreationTime : 4-27-2005 12:21:49 PM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1764
ThreadCreationTime : 4-27-2005 12:21:49 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [apoint.exe]
ModuleName : C:\Program Files\Apoint\Apoint.exe
Command Line : "C:\Program Files\Apoint\Apoint.exe"
ProcessID : 1940
ThreadCreationTime : 4-27-2005 12:21:50 PM
BasePriority : Normal
FileVersion : 5.5.5.109
ProductVersion : 5.5.5.109
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2001 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe
#:14 [qttask.exe]
ModuleName : C:\WINDOWS\system32\qttask.exe
Command Line : "C:\WINDOWS\system32\qttask.exe"
ProcessID : 888
ThreadCreationTime : 4-27-2005 12:21:51 PM
BasePriority : Normal
#:15 [atiptaxx.exe]
ModuleName : C:\WINDOWS\System32\Atiptaxx.exe
Command Line : "C:\WINDOWS\System32\Atiptaxx.exe"
ProcessID : 1036
ThreadCreationTime : 4-27-2005 12:21:51 PM
BasePriority : Normal
FileVersion : 6.13.2518
ProductVersion : 6.13.2518
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:16 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 1100
ThreadCreationTime : 4-27-2005 12:21:51 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:17 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1132
ThreadCreationTime : 4-27-2005 12:21:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:18 [zlclient.exe]
ModuleName : D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1144
ThreadCreationTime : 4-27-2005 12:21:51 PM
BasePriority : Normal
FileVersion : 5.1.033.000
ProductVersion : 5.1.033.000
ProductName : Zone Labs Client
CompanyName : Zone Labs Inc.
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : zlclient.exe
#:19 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\ati2evxx.exe
Command Line : C:\WINDOWS\System32\ati2evxx.exe
ProcessID : 1156
ThreadCreationTime : 4-27-2005 12:21:51 PM
BasePriority : Normal
#:20 [hpztsb09.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe"
ProcessID : 1204
ThreadCreationTime : 4-27-2005 12:21:52 PM
BasePriority : Normal
FileVersion : 2.236.4.0
ProductVersion : 2.236.4.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2003
#:21 [hpwuschd.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
ProcessID : 1248
ThreadCreationTime : 4-27-2005 12:21:52 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe
#:22 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 1264
ThreadCreationTime : 4-27-2005 12:21:52 PM
BasePriority : Normal
FileVersion : 2.1.1
ProductVersion : 2.1.1
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HPCmpMgr.exe
#:23 [hpotdd01.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe"
ProcessID : 1280
ThreadCreationTime : 4-27-2005 12:21:52 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Hewlett-Packard hpotdd01
CompanyName : Hewlett-Packard
FileDescription : hpotdd01
InternalName : hpotdd01
LegalCopyright : Copyright © 2002
OriginalFilename : hpotdd01.exe
#:24 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1352
ThreadCreationTime : 4-27-2005 12:21:52 PM
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:25 [taskpanl.exe]
ModuleName : C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
Command Line : "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
ProcessID : 1384
ThreadCreationTime : 4-27-2005 12:21:52 PM
BasePriority : Normal
FileVersion : 2005.1.47.0
ProductVersion : 2005.1.47.0
ProductName : EarthLink TotalAccess
CompanyName : EarthLink, Inc.
LegalCopyright : © EarthLink, Inc. All rights reserved.
#:26 [apntex.exe]
ModuleName : C:\Program Files\Apoint\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 1536
ThreadCreationTime : 4-27-2005 12:21:53 PM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe
#:27 [airplus.exe]
ModuleName : C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
Command Line : "C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe"
ProcessID : 1560
ThreadCreationTime : 4-27-2005 12:21:53 PM
BasePriority : Normal
FileVersion : 2, 3, 0, 0
ProductVersion : 2, 3, 0, 0
ProductName : D-Link AirPlus
CompanyName : D-Link
FileDescription : WLAN Adapter Utility
InternalName : WLANMON
LegalCopyright : Copyright © 2002
OriginalFilename : AIRPLUS.EXE
#:28 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 212
ThreadCreationTime : 4-27-2005 12:21:56 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:29 [tgcmd.exe]
ModuleName : c:\progra~1\Support.com\client\bin\tgcmd.exe
Command Line : "c:\progra~1\Support.com\client\bin\tgcmd.exe" /server
ProcessID : 256
ThreadCreationTime : 4-27-2005 12:21:56 PM
BasePriority : Normal
FileVersion : 5,0,307,0
ProductVersion : 5,0,307,0
ProductName : tgcmd Module
CompanyName : Support.com, Inc.
FileDescription : tgcmd Module
InternalName : TGCMD
LegalCopyright : Copyright 1997-2069 Support.com
OriginalFilename : TGCMD.DLL
#:30 [vsmon.exe]
ModuleName : C:\WINDOWS\system32\ZONELABS\vsmon.exe
Command Line : n/a
ProcessID : 1444
ThreadCreationTime : 4-27-2005 12:22:00 PM
BasePriority : Normal
FileVersion : 5.1.033.000
ProductVersion : 5.1.033.000
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2004, Zone Labs Inc.
OriginalFilename : vsmon.exe
#:31 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 3964
ThreadCreationTime : 4-27-2005 12:23:13 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:32 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 3288
ThreadCreationTime : 4-27-2005 12:26:11 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:33 [hpzstc09.exe]
ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC09.exe
Command Line : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC09.exe -f"hp deskjet 3500 series" -m"hp deskjet 3500 series"
ProcessID : 2160
ThreadCreationTime : 4-27-2005 1:06:12 PM
BasePriority : Normal
FileVersion : 2.236.4.0
ProductVersion : 2.236.4.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2003
#:34 [ad-aware.exe]
ModuleName : D:\Program Files\lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "D:\Program Files\lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3564
ThreadCreationTime : 4-27-2005 2:27:44 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-436374069-1682526488-1060284298-1004\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagelookfor.cc
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://lookfor.cc/sp....php?pin=28129"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://lookfor.cc/sp....php?pin=28129"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagelookfor.cc
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://lookfor.cc?pin=28129"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "http://lookfor.cc?pin=28129"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barlookfor.cc
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://lookfor.cc/sp....php?pin=28129"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://lookfor.cc/sp....php?pin=28129"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URLlookfor.cc
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://lookfor.cc/sp....php?pin=28129"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "http://lookfor.cc/sp....php?pin=28129"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URLlookfor.cc
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://lookfor.cc?pin=28129"
Category : Data Miner
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "http://lookfor.cc?pin=28129"
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 8
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : val@doubleclick[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 12-31-2030 8:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4-26-2009 8:55:28 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : val@2o7[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 4-24-2010 4:11:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 11
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : msxmidi.exe
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : msits[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Val\Local Settings\Temporary Internet Files\Content.IE5\ACY6WDBI\
CoolWebSearch Object Recognized!
Type : File
Data : start[1].exe
Category : Malware
Comment :
Object : C:\Documents and Settings\Val\Local Settings\Temporary Internet Files\Content.IE5\ACY6WDBI\
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : val@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Val\Cookies\val@2o7[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : val@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Val\Cookies\val@doubleclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Val\Cookies\[email protected][1].txt
CoolWebSearch Object Recognized!
Type : File
Data : suwnbrit.exe
Category : Malware
Comment :
Object : C:\Program Files\Internet Explorer\
CoolWebSearch Object Recognized!
Type : File
Data : oivotxrb.exe
Category : Malware
Comment :
Object : C:\Program Files\Internet Explorer\
CoolWebSearch Object Recognized!
Type : File
Data : chtsxzyc.exe
Category : Malware
Comment :
Object : C:\Program Files\Internet Explorer\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 25
10:38:09 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:11.584
Objects scanned:99002
Objects identified:25
Objects ignored:0
New critical objects:25