I have run Ad-aware and I had over 2000 objects found when i started! I have gotten rid most of them by running in safe mode per instructions found in other threads, right after running in safe mode I ran a full scan again in normal mode and the scan is below. Let me know what to do next. thanks
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, April 27, 2005 9:50:06 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):1 total references
CoolWebSearch(TAC index:10):14 total references
istbar(TAC index:7):25 total references
Rads01.Quadrogram(TAC index:6):32 total references
SCBAR(TAC index:3):1 total references
SecondThought(TAC index:4):6 total references
WhenU(TAC index:3):1 total references
VX2(TAC index:10):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4/27/2005 9:50:06 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 412
ThreadCreationTime : 4/28/2005 2:49:16 AM
BasePriority : Normal
#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 492
ThreadCreationTime : 4/28/2005 2:49:19 AM
BasePriority : High
#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 536
ThreadCreationTime : 4/28/2005 2:49:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoftr Windowsr Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 548
ThreadCreationTime : 4/28/2005 2:49:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoftr Windowsr Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 692
ThreadCreationTime : 4/28/2005 2:49:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoftr Windowsr Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 776
ThreadCreationTime : 4/28/2005 2:49:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoftr Windowsr Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1040
ThreadCreationTime : 4/28/2005 2:49:21 AM
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe
#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1064
ThreadCreationTime : 4/28/2005 2:49:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoftr Windowsr Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:9 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1148
ThreadCreationTime : 4/28/2005 2:49:21 AM
BasePriority : Normal
FileVersion : 8.18
ProductVersion : 8.18
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)
#:10 [javage32.exe]
FilePath : C:\WINDOWS\
ProcessID : 1228
ThreadCreationTime : 4/28/2005 2:49:21 AM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : javage32.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! VX2 Object found in memory(C:\WINDOWS\javage32.exe)
Warning! "C:\WINDOWS\javage32.exe"Process could not be terminated!
Warning! "C:\WINDOWS\javage32.exe"Process could not be terminated!
#:11 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1240
ThreadCreationTime : 4/28/2005 2:49:23 AM
BasePriority : Normal
FileVersion : 1.00.37
ProductVersion : 1.00.37
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:12 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1288
ThreadCreationTime : 4/28/2005 2:49:23 AM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:13 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1400
ThreadCreationTime : 4/28/2005 2:49:23 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoftr Windowsr Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:14 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1468
ThreadCreationTime : 4/28/2005 2:49:23 AM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright c 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe
#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1996
ThreadCreationTime : 4/28/2005 2:49:35 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoftr Windowsr Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [mhotkey.exe]
FilePath : C:\WINDOWS\
ProcessID : 196
ThreadCreationTime : 4/28/2005 2:49:37 AM
BasePriority : Normal
FileVersion : 2, 2, 2, 0
ProductVersion : 2, 2, 2, 0
ProductName : Chicony Multimedia Driver
CompanyName : Chicony
FileDescription : Chicony Multimedia Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2001 Chicony
OriginalFilename : mHotkey.res
#:17 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 204
ThreadCreationTime : 4/28/2005 2:49:37 AM
BasePriority : Normal
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:18 [hpqcmon.exe]
FilePath : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\
ProcessID : 224
ThreadCreationTime : 4/28/2005 2:49:37 AM
BasePriority : Normal
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE
#:19 [hpgs2wnd.exe]
FilePath : C:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 232
ThreadCreationTime : 4/28/2005 2:49:37 AM
BasePriority : Normal
FileVersion : 2,3,0,0\ 162
ProductVersion : 2,3,0,0\ 162
ProductName : Hewlett-Packard hpgs2wnd
CompanyName : Hewlett-Packard
FileDescription : hpgs2wnd
InternalName : hpgs2wnd
LegalCopyright : Copyright c 2001
OriginalFilename : hpgs2wnd.exe
#:20 [crpm.exe]
FilePath : C:\WINDOWS\
ProcessID : 336
ThreadCreationTime : 4/28/2005 2:49:37 AM
BasePriority : Normal
CoolWebSearch Object Recognized!
Type : Process
Data : crpm.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! CoolWebSearch Object found in memory(C:\WINDOWS\crpm.exe)
"C:\WINDOWS\crpm.exe"Process terminated successfully
"C:\WINDOWS\crpm.exe"Process terminated successfully
#:21 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 472
ThreadCreationTime : 4/28/2005 2:49:38 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoftr Windowsr Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:22 [hpgs2wnf.exe]
FilePath : c:\Program Files\Hewlett-Packard\HP Share-to-Web\
ProcessID : 868
ThreadCreationTime : 4/28/2005 2:49:38 AM
BasePriority : Normal
FileVersion : 2, 6, 0, 162
ProductVersion : 2, 6, 0, 162
ProductName : hpgs2wnf Module
FileDescription : hpgs2wnf Module
InternalName : hpgs2wnf
LegalCopyright : Copyright 2001
OriginalFilename : hpgs2wnf.EXE
#:23 [bigfix.exe]
FilePath : C:\Program Files\BigFix\
ProcessID : 980
ThreadCreationTime : 4/28/2005 2:49:39 AM
BasePriority : Normal
FileVersion : 1, 7, 6, 0
ProductVersion : 1, 7, 6, 0
ProductName : BigFix
CompanyName : BigFix Inc.
FileDescription : BigFix Client Application
InternalName : BigFix
LegalCopyright : Copyright c 2002
OriginalFilename : BigFix.exe
#:24 [quickdcf.exe]
FilePath : C:\Program Files\FinePixViewer\
ProcessID : 1112
ThreadCreationTime : 4/28/2005 2:49:39 AM
BasePriority : Normal
FileVersion : 4, 0, 0, 0
ProductVersion : 4, 0, 0, 0
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2003 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe
#:25 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2056
ThreadCreationTime : 4/28/2005 2:49:51 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright c Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 3
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SCBAR Object Recognized!
Type : File
Data : A0087596.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
FileVersion : 1.0.0.2
ProductVersion : 1.0.0.2
180Solutions Object Recognized!
Type : File
Data : A0087597.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : version Application
FileDescription : version MFC Application
InternalName : version
LegalCopyright : Copyright © 2003
OriginalFilename : version.EXE
SecondThought Object Recognized!
Type : File
Data : A0087598.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
FileVersion : 8.0.7.1
ProductVersion : 8.0.7.1
ProductName : STC Application
FileDescription : Second Thought
InternalName : STC
LegalCopyright : Copyright © 2003
OriginalFilename : STC.exe
WhenU Object Recognized!
Type : File
Data : A0087599.exe
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
FileVersion : 1, 6, 1, 3
ProductVersion : 1, 6, 1, 3
ProductName : Save! Setup
CompanyName : WhenU.com, Inc.
FileDescription : Save! Setup
InternalName : SaveInst
LegalCopyright : Copyright 2000
OriginalFilename : SaveInst.exe
istbar Object Recognized!
Type : File
Data : A0087600.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087601.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087602.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087603.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087604.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087605.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087606.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087607.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087608.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087609.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
SecondThought Object Recognized!
Type : File
Data : A0087610.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087611.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087612.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087613.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087614.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087615.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087616.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087617.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087618.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087619.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087620.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087621.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087622.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087623.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087624.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087625.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087626.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087627.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
SecondThought Object Recognized!
Type : File
Data : A0087628.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
FileVersion : 8.0.7.7
ProductVersion : 8.0.7.7
InternalName : runpool.dll
OriginalFilename : runpool.dll
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087629.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087630.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087631.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087632.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087633.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087634.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087635.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087636.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087637.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
SecondThought Object Recognized!
Type : File
Data : A0087638.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : IdleUI Dynamic Link Library
FileDescription : IdleUI Dynamic Link Library
InternalName : IdleUI
LegalCopyright : Copyright © 2003
OriginalFilename : IdleUI.dll
istbar Object Recognized!
Type : File
Data : A0087639.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
SecondThought Object Recognized!
Type : File
Data : A0087640.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087641.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087642.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087643.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087644.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087645.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087646.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087647.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087648.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087649.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087650.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087651.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087652.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
SecondThought Object Recognized!
Type : File
Data : A0087653.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
FileVersion : 8.0.7.2
ProductVersion : 8.0.7.2
ProductName : Loader
FileDescription : Loader
InternalName : loader
LegalCopyright : Copyright © 2003
OriginalFilename : loader.exe
istbar Object Recognized!
Type : File
Data : A0087654.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087655.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087656.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087657.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087658.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
istbar Object Recognized!
Type : File
Data : A0087659.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087660.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0087661.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{6858ADA2-A446-4103-A4FD-946787D11A04}\RP508\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 69
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {0ABCE593-A2F9-DA6D-2B6D-D92E2B05E875}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 12
Objects found so far: 81
10:07:30 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:24.172
Objects scanned:112223
Objects identified:81
Objects ignored:0
New critical objects:81