Something has taken control of my desktop. The image shows a blue screen and the following text:
Security warning
A fatal error in IE has occured at 0028:C0011E36 in VXD VMM(01) + 00010E36. Error was caused by Trojan-Spy.HTML.Smitfraud.c
I found a website that perfectly described it, but no fix:
http://www.sophos.co...ojfakealea.html
I also have millions of pop-ups. Could these 2 be related as they started around the same time. Have run AD-Aware, Microsoft Anti-Spyware but to no avail.
Any help really appreciated.
Oski
Here's my AD AWARE Log:
Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 02, 2005 8:00:16 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SearchMaid(TAC index:7):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R39 15.04.2005
Internal build : 46
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 459480 Bytes
Total size : 1389159 Bytes
Signature data size : 1358772 Bytes
Reference data size : 29875 Bytes
Signatures total : 38701
Fingerprints total : 794
Fingerprints size : 29979 Bytes
Target categories : 15
Target families : 649
5-2-2005 7:32:09 PM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
5-2-2005 7:32:22 PM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:38 %
Total physical memory:392740 kb
Available physical memory:148612 kb
Total page file size:944560 kb
Available on page file:746324 kb
Total virtual memory:2097024 kb
Available virtual memory:2023040 kb
OS:Microsoft Windows 2000 Professional Service Pack 4 (Build 2195)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
5/2/2005 8:00:16 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 152
ThreadCreationTime : 5/3/2005 2:09:41 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThre
ProcessID : 176
ThreadCreationTime : 5/3/2005 2:09:52 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 172
ThreadCreationTime : 5/3/2005 2:09:53 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 224
ThreadCreationTime : 5/3/2005 2:09:54 AM
BasePriority : Normal
FileVersion : 5.00.2195.6700
ProductVersion : 5.00.2195.6700
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 236
ThreadCreationTime : 5/3/2005 2:09:54 AM
BasePriority : Normal
FileVersion : 5.00.2195.6902
ProductVersion : 5.00.2195.6902
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 416
ThreadCreationTime : 5/3/2005 2:09:57 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 440
ThreadCreationTime : 5/3/2005 2:09:57 AM
BasePriority : Normal
FileVersion : 5.00.2195.6659
ProductVersion : 5.00.2195.6659
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 500
ThreadCreationTime : 5/3/2005 2:09:57 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:9 [pcctlcom.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
ProcessID : 528
ThreadCreationTime : 5/3/2005 2:09:58 AM
BasePriority : Normal
FileVersion : 12.00.0.1244
ProductVersion : 12.00.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PcCtlCom Module
InternalName : PcCtlCom
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PcCtlCom.EXE
#:10 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 572
ThreadCreationTime : 5/3/2005 2:09:58 AM
BasePriority : Normal
FileVersion : 5.00.2195.6701
ProductVersion : 5.00.2195.6701
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 576
ThreadCreationTime : 5/3/2005 2:09:59 AM
BasePriority : Normal
FileVersion : 4.71.2195.6920
ProductVersion : 4.71.2195.6920
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:12 [tmntsrv.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
ProcessID : 620
ThreadCreationTime : 5/3/2005 2:09:59 AM
BasePriority : Normal
FileVersion : 12.00.0.1244
ProductVersion : 12.00.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : Tmntsrv.exe
#:13 [tmproxy.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
ProcessID : 676
ThreadCreationTime : 5/3/2005 2:09:59 AM
BasePriority : Normal
FileVersion : 1.0.0.1116
ProductVersion : 1.0.0
ProductName : Trend Micro Network Security Components 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmProxy.exe
InternalName : TmProxy.exe
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmProxy.exe
#:14 [vsmon.exe]
ModuleName : C:\WINNT\system32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 844
ThreadCreationTime : 5/3/2005 2:10:03 AM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe
#:15 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 868
ThreadCreationTime : 5/3/2005 2:10:06 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999
#:16 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 888
ThreadCreationTime : 5/3/2005 2:10:06 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:17 [tmpfw.exe]
ModuleName : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
Command Line : C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
ProcessID : 1076
ThreadCreationTime : 5/3/2005 2:10:12 AM
BasePriority : Normal
FileVersion : 2.0.0.1116
ProductVersion : 1.0.0
ProductName : Trend Network Security Component 1.0
CompanyName : Trend Micro Inc.
FileDescription : TmPfw
InternalName : TmPfw
LegalCopyright : Copyright © 2001-2004 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : TmPfw.exe
#:18 [explorer.exe]
ModuleName : C:\WINNT\Explorer.EXE
Command Line : C:\WINNT\Explorer.EXE
ProcessID : 1348
ThreadCreationTime : 5/3/2005 2:10:22 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:19 [msole32.exe]
ModuleName : C:\WINNT\system32\msole32.exe
Command Line : "C:\WINNT\system32\msole32.exe"
ProcessID : 1464
ThreadCreationTime : 5/3/2005 2:10:30 AM
BasePriority : Normal
#:20 [popuper.exe]
ModuleName : C:\WINNT\popuper.exe
Command Line : "C:\WINNT\popuper.exe"
ProcessID : 1472
ThreadCreationTime : 5/3/2005 2:10:30 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 217
ProductVersion : 1, 0, 0, 217
ProductName : Popuper Application
FileDescription : Popuper Application
InternalName : Popuper
LegalCopyright : Copyright © 2005
OriginalFilename : Popuper.exe
#:21 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 1488
ThreadCreationTime : 5/3/2005 2:10:30 AM
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe
#:22 [intmonp.exe]
ModuleName : C:\WINNT\system32\intmonp.exe
Command Line : intmonp.exe
ProcessID : 1564
ThreadCreationTime : 5/3/2005 2:10:35 AM
BasePriority : Normal
#:23 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1544
ThreadCreationTime : 5/3/2005 2:10:36 AM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe
#:24 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
ProcessID : 1572
ThreadCreationTime : 5/3/2005 2:10:37 AM
BasePriority : Normal
FileVersion : 12.00.0.1244
ProductVersion : 12.00.0
ProductName : Trend Micro Internet Security
CompanyName : Trend Micro Incorporated.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 1995-2004 Trend Micro Incorporated. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Incorporated.
OriginalFilename : PCCGuide
#:25 [e_s0bic1.exe]
ModuleName : C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
Command Line : "C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
ProcessID : 1580
ThreadCreationTime : 5/3/2005 2:10:37 AM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0BIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S0BIC1.EXE
#:26 [e_s0bic1.exe]
ModuleName : C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE
Command Line : "C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE" /P32 "EPSON Stylus C62 Series (Copy 2)" /O6 "USB001" /M "Stylus C62"
ProcessID : 1588
ThreadCreationTime : 5/3/2005 2:10:37 AM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0BIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S0BIC1.EXE
#:27 [psfree.exe]
ModuleName : C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
Command Line : "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
ProcessID : 1604
ThreadCreationTime : 5/3/2005 2:10:38 AM
BasePriority : Normal
FileVersion : 3, 1, 0, 1010
ProductVersion : 1, 0, 0, 1
ProductName : Pop-Up Stopper Free Edition
CompanyName : Panicware, Inc.
FileDescription : Pop-Up Stopper Free Edition
InternalName : Pop-Up Stopper Free Edition
LegalCopyright : Copyright © 2002-2003
OriginalFilename : PSFree.exe
#:28 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 1652
ThreadCreationTime : 5/3/2005 2:10:42 AM
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe
#:29 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k BITSgroup
ProcessID : 1860
ThreadCreationTime : 5/3/2005 2:11:01 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:30 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1692
ThreadCreationTime : 5/3/2005 2:12:31 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:31 [winword.exe]
ModuleName : C:\Program Files\Microsoft Office\Office\WINWORD.EXE
Command Line : "C:\Program Files\Microsoft Office\Office\WINWORD.EXE"
ProcessID : 1920
ThreadCreationTime : 5/3/2005 2:15:51 AM
BasePriority : Normal
#:32 [wuauclt.exe]
ModuleName : C:\WINNT\system32\wuauclt.exe
Command Line : "C:\WINNT\system32\wuauclt.exe"
ProcessID : 1772
ThreadCreationTime : 5/3/2005 2:17:09 AM
BasePriority : Normal
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:33 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1748
ThreadCreationTime : 5/3/2005 2:31:42 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SearchMaid Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\virtual maidvirtual maid
SearchMaid Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1677128483-854245398-1000\software\virtual maid
SearchMaid Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "{77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C}"
Rootkey : HKEY_USERS
Object : S-1-5-21-343818398-1677128483-854245398-1000\software\microsoft\internet explorer\toolbar\webbrowser
Value : {77B2F8DE-CB3F-4B6B-839B-807DD1ADBA1C}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
42 entries scanned.
New critical objects:0
Objects found so far: 3
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SearchMaid Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\policies\explorer\run
Value : notepad2.exe
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 4
8:03:04 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:48.542
Objects scanned:47613
Objects identified:4
Objects ignored:0
New critical objects:4