Any help with this would be much appreciated. Thanks in advance.
Here is my AdAware Post:
Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 09, 2005 3:02:35 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Claria(TAC index:7):18 total references
CoolWebSearch(TAC index:10):17 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:72 %
Total physical memory:982000 kb
Available physical memory:700936 kb
Total page file size:2373572 kb
Available on page file:2223060 kb
Total virtual memory:2097024 kb
Available virtual memory:2030420 kb
OS:Microsoft Windows XP Professional (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
5-9-2005 3:02:35 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 320
ThreadCreationTime : 5-9-2005 5:50:14 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\D:\WINNT\system32\csrss.exe
Command Line : D:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThre
ProcessID : 384
ThreadCreationTime : 5-9-2005 5:50:27 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\D:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 408
ThreadCreationTime : 5-9-2005 5:50:28 AM
BasePriority : High
#:4 [services.exe]
ModuleName : D:\WINNT\system32\services.exe
Command Line : D:\WINNT\system32\services.exe
ProcessID : 452
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : D:\WINNT\system32\lsass.exe
Command Line : D:\WINNT\system32\lsass.exe
ProcessID : 464
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : D:\WINNT\system32\svchost.exe
Command Line : D:\WINNT\system32\svchost -k rpcss
ProcessID : 632
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : D:\WINNT\System32\svchost.exe
Command Line : D:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 656
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : D:\WINNT\System32\svchost.exe
Command Line : D:\WINNT\System32\svchost.exe -k NetworkService
ProcessID : 736
ThreadCreationTime : 5-9-2005 5:50:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : D:\WINNT\System32\svchost.exe
Command Line : D:\WINNT\System32\svchost.exe -k LocalService
ProcessID : 820
ThreadCreationTime : 5-9-2005 5:50:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : D:\WINNT\system32\spoolsv.exe
Command Line : D:\WINNT\system32\spoolsv.exe
ProcessID : 896
ThreadCreationTime : 5-9-2005 5:50:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [ccevtmgr.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 928
ThreadCreationTime : 5-9-2005 5:50:30 AM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:12 [nisum.exe]
ModuleName : D:\Program Files\Norton Personal Firewall\NISUM.EXE
Command Line : "D:\Program Files\Norton Personal Firewall\NISUM.EXE"
ProcessID : 956
ThreadCreationTime : 5-9-2005 5:50:31 AM
BasePriority : Normal
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe
#:13 [explorer.exe]
ModuleName : D:\WINNT\Explorer.EXE
Command Line : D:\WINNT\Explorer.EXE
ProcessID : 1220
ThreadCreationTime : 5-9-2005 5:50:39 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:14 [ati2evxx.exe]
ModuleName : D:\WINNT\System32\Ati2evxx.exe
Command Line : D:\WINNT\System32\Ati2evxx.exe
ProcessID : 1356
ThreadCreationTime : 5-9-2005 5:50:48 AM
BasePriority : Normal
#:15 [ccpxysvc.exe]
ModuleName : D:\Program Files\Norton Personal Firewall\ccPxySvc.exe
Command Line : "D:\Program Files\Norton Personal Firewall\ccPxySvc.exe"
ProcessID : 1376
ThreadCreationTime : 5-9-2005 5:50:48 AM
BasePriority : Normal
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe
#:16 [wdfmgr.exe]
ModuleName : D:\WINNT\System32\wdfmgr.exe
Command Line : D:\WINNT\System32\wdfmgr.exe
ProcessID : 1468
ThreadCreationTime : 5-9-2005 5:50:48 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:17 [atiptaxx.exe]
ModuleName : D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 344
ThreadCreationTime : 5-9-2005 5:51:31 AM
BasePriority : Normal
FileVersion : 6.14.10.4035
ProductVersion : 6.14.10.4035
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:18 [ccapp.exe]
ModuleName : D:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 372
ThreadCreationTime : 5-9-2005 5:51:31 AM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:19 [wuauclt.exe]
ModuleName : D:\WINNT\System32\wuauclt.exe
Command Line : "D:\WINNT\System32\wuauclt.exe"
ProcessID : 2068
ThreadCreationTime : 5-9-2005 5:51:58 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:20 [winld32.exe]
ModuleName : D:\WINNT\winld32.exe
Command Line : D:\WINNT\winld32.exe
ProcessID : 3896
ThreadCreationTime : 5-9-2005 6:36:57 AM
BasePriority : Normal
#:21 [iexplore.exe]
ModuleName : D:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "D:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 2884
ThreadCreationTime : 5-9-2005 6:56:35 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:22 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3132
ThreadCreationTime : 5-9-2005 6:57:53 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Claria Object Recognized!
Type : File
Data : A0011906.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : CMEIIAPI.DLL
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : CMEIIAPI.DLL
Claria Object Recognized!
Type : File
Data : A0011907.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GAppMgr.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GAppMgr.dll
Claria Object Recognized!
Type : File
Data : A0011908.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GController.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GController.dll
Claria Object Recognized!
Type : File
Data : A0011909.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GDlwdEng.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GDlwdEng.dll
Claria Object Recognized!
Type : File
Data : A0011910.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIocl.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GIocl.dll
Claria Object Recognized!
Type : File
Data : A0011911.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GIoclClient.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GIoclClient.dll
Claria Object Recognized!
Type : File
Data : A0011912.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GMTProxy.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GMTProxy.dll
Claria Object Recognized!
Type : File
Data : A0011913.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GObjs.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GObjs.dll
Claria Object Recognized!
Type : File
Data : A0011914.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStore.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GStore.dll
Claria Object Recognized!
Type : File
Data : A0011915.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GStoreServer.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GStoreServer.dll
Claria Object Recognized!
Type : File
Data : A0011916.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : CME
CompanyName : GAIN Publishing
FileDescription : CME II Client Application
InternalName : GTools.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GTools.dll
Claria Object Recognized!
Type : File
Data : A0011917.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGGCEngine Dynamic Link Library
InternalName : EGGCEngine dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGGCEngine dll
Claria Object Recognized!
Type : File
Data : A0011918.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : egIEClient Dynamic Link Library
InternalName : egIEClient.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : egIEClient.dll
Claria Object Recognized!
Type : File
Data : A0011919.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : EGIEProcess Dynamic Link Library
InternalName : EGIEProcess dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : EGIEProcess dll
Claria Object Recognized!
Type : File
Data : A0011920.exe
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : Gator Client Application
InternalName : Gator.exe
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : Gator.exe
Claria Object Recognized!
Type : File
Data : A0011921.dll
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Installer library
InternalName : GInstaller.dll
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GInstaller.dll
Claria Object Recognized!
Type : File
Data : A0011922.exe
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Application
InternalName : GMT.exe
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GMT.exe
Claria Object Recognized!
Type : File
Data : A0011923.exe
Category : Data Miner
Comment :
Object : D:\System Volume Information\_restore{B63AFDAA-8B84-41F1-A5E6-BB99EA10BC23}\RP41\
FileVersion : 7.0.3.5
ProductVersion : 7.0.3.5
ProductName : GAIN
CompanyName : GAIN Publishing
FileDescription : GAIN Uninstaller applet
InternalName : GUninstaller.exe
LegalCopyright : Copyright © 1999-2005 GAIN Publishing
OriginalFilename : GUninstaller.exe
CoolWebSearch Object Recognized!
Type : File
Data : xzfwm.dat
Category : Malware
Comment :
Object : D:\WINNT\system32\
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered: http://www.onlysex.ws/
Object : D:\Documents and Settings\Chris\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : D:\Documents and Settings\Chris\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : D:\Documents and Settings\Chris\Favorites\
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {E3C699F9-90A2-D81A-55A1-89536785E1F1}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 16
Objects found so far: 38
3:04:17 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:42.748
Objects scanned:120070
Objects identified:38
Objects ignored:0
New critical objects:38