- startup is extremely slow
- my homepage is set to about:blank and is a search page
- add windows popup based when I type in urls
- I get a message ballon on my taskbar about spyware and a fake Microsoft Help window wil appear if you click it
- I get a message window that says that my firewall is disabled and potential information is being sent from my machine
- my computer freezes every so often when I'm on the internet
Here is m Ad-Aware log. Thank you in advance for any help you can give me.
Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 10, 2005 12:31:56 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):18 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Tracking Cookie(TAC index:3):7 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:75 %
Total physical memory:1047824 kb
Available physical memory:777888 kb
Total page file size:2521480 kb
Available on page file:2367360 kb
Total virtual memory:2097024 kb
Available virtual memory:2049588 kb
OS:Microsoft Windows XP Professional (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
5-10-2005 12:31:56 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 776
ThreadCreationTime : 5-10-2005 4:30:13 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 852
ThreadCreationTime : 5-10-2005 4:30:18 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 876
ThreadCreationTime : 5-10-2005 4:30:19 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 920
ThreadCreationTime : 5-10-2005 4:30:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 932
ThreadCreationTime : 5-10-2005 4:30:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1116
ThreadCreationTime : 5-10-2005 4:30:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1236
ThreadCreationTime : 5-10-2005 4:30:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1368
ThreadCreationTime : 5-10-2005 4:30:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1384
ThreadCreationTime : 5-10-2005 4:30:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1688
ThreadCreationTime : 5-10-2005 4:30:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1804
ThreadCreationTime : 5-10-2005 4:30:21 AM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 676
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:13 [ctsvccda.exe]
ModuleName : C:\WINDOWS\System32\CTsvcCDA.exe
Command Line : C:\WINDOWS\System32\CTsvcCDA.exe
ProcessID : 688
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:14 [mnmsrvc.exe]
ModuleName : C:\WINDOWS\System32\mnmsrvc.exe
Command Line : C:\WINDOWS\System32\mnmsrvc.exe
ProcessID : 740
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 4.4.3400
ProductVersion : 3.01
ProductName : Windows® NetMeeting®
CompanyName : Microsoft Corporation
FileDescription : NetMeeting Remote Desktop Sharing
InternalName : mnmsrvc
LegalCopyright : Copyright © Microsoft Corporation 1996-2001
LegalTrademarks : Microsoft® , Windows® and NetMeeting® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : mnmsrvc.dll
#:15 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 540
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 6.13.10.2942
ProductVersion : 6.13.10.2942
ProductName : NVIDIA Driver Helper Service, Version 29.42
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 29.42
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:16 [rundll32.exe]
ModuleName : C:\WINDOWS\System32\rundll32.exe
Command Line : "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 148
ProcessID : 796
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:17 [teks_service.exe]
ModuleName : C:\Program Files\AlienAutopsy\TEKS_Service.exe
Command Line : "C:\Program Files\AlienAutopsy\TEKS_Service.exe"
ProcessID : 808
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : High
FileVersion : 3.22.31.0
ProductVersion : 3.22.53.0
ProductName : DynTek ProductivIT
CompanyName : DynTek, Inc.
FileDescription : DynTek ProductivIT Service
InternalName : pitservice
LegalCopyright : © 2000-2002 DynTek, Inc.
OriginalFilename : TEKS_Service.exe
#:18 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 856
ThreadCreationTime : 5-10-2005 4:31:28 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:19 [mspmspsv.exe]
ModuleName : C:\WINDOWS\System32\MsPMSPSv.exe
Command Line : C:\WINDOWS\System32\MsPMSPSv.exe
ProcessID : 1204
ThreadCreationTime : 5-10-2005 4:31:29 AM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE
#:20 [ntyb32.exe]
ModuleName : C:\WINDOWS\ntyb32.exe
Command Line : "C:\WINDOWS\ntyb32.exe" /r
ProcessID : 2000
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : ntyb32.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! VX2 Object found in memory(C:\WINDOWS\ntyb32.exe)
"C:\WINDOWS\ntyb32.exe"Process terminated successfully
"C:\WINDOWS\ntyb32.exe"Process terminated successfully
#:21 [test_bs.exe]
ModuleName : C:\Program Files\AlienAutopsy\Test_BS.exe
Command Line : "C:\Program Files\AlienAutopsy\Test_BS.exe" -h
ProcessID : 200
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : High
#:22 [cthelper.exe]
ModuleName : C:\WINDOWS\System32\CTHELPER.EXE
Command Line : "C:\WINDOWS\System32\CTHELPER.EXE"
ProcessID : 208
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : cthelper
CompanyName : Creative Technology Ltd
FileDescription : cthelper
InternalName : cthelper
LegalCopyright : Copyright © 2002
OriginalFilename : cthelper.exe
#:23 [point32.exe]
ModuleName : C:\Program Files\Microsoft Hardware\Mouse\point32.exe
Command Line : "C:\Program Files\Microsoft Hardware\Mouse\point32.exe"
ProcessID : 228
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
#:24 [directcd.exe]
ModuleName : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Command Line : "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 236
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 5.1.1.210
ProductVersion : 5.1.1.210
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001-2002, Roxio, Inc.
OriginalFilename : Directcd.exe
#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1772
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:26 [ntad.exe]
ModuleName : C:\WINDOWS\system32\ntad.exe
Command Line : "C:\WINDOWS\system32\ntad.exe"
ProcessID : 336
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
#:27 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 304
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 4.0.0155
ProductVersion : Version 4.0
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger Client
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:28 [rcman.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\Rcman.exe"
ProcessID : 1728
ThreadCreationTime : 5-10-2005 4:31:37 AM
BasePriority : Normal
FileVersion : 1.40.14
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : Remote Control Manager
InternalName : RcMan
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : RcMan.EXE
#:29 [getright.exe]
ModuleName : C:\Program Files\GetRight\getright.exe
Command Line : "C:\Program Files\GetRight\getright.exe"
ProcessID : 392
ThreadCreationTime : 5-10-2005 4:31:38 AM
BasePriority : Normal
FileVersion : 4.5e
ProductVersion : 4.5e
ProductName : GetRight
CompanyName : Headlight Software, Inc.
FileDescription : GetRight® www.getright.com
InternalName : GETRIGHT
LegalCopyright : Copyright © 2002 Headlight Software, Inc.
LegalTrademarks : GetRight is a registered trademark of Headlight Software
OriginalFilename : GETRIGHT.EXE
Comments : GetRight® was designed and developed by Michael J Burford.
#:30 [nkvmon.exe]
ModuleName : C:\Program Files\Nikon\NkView6\NkvMon.exe
Command Line : "C:\Program Files\Nikon\NkView6\NkvMon.exe"
ProcessID : 404
ThreadCreationTime : 5-10-2005 4:31:38 AM
BasePriority : Normal
FileVersion : 6, 0, 0, 3000
ProductVersion : 6, 0
ProductName : Nikon Monitor
CompanyName : Nikon Corporation
FileDescription : Nikon Monitor
InternalName : NkvMon
LegalCopyright : Copyright © Nikon Corporation. 1998 - 2003
OriginalFilename : NkvMon.exe
Comments : Nikon Monitor
#:31 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 552
ThreadCreationTime : 5-10-2005 4:31:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:32 [ymsgr_tray.exe]
ModuleName : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
Command Line : C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe -ymsgr
ProcessID : 2076
ThreadCreationTime : 5-10-2005 4:31:43 AM
BasePriority : Normal
#:33 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2228
ThreadCreationTime : 5-10-2005 4:31:47 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:34 [eax.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\EAX.exe"
ProcessID : 2244
ThreadCreationTime : 5-10-2005 4:31:47 AM
BasePriority : Normal
FileVersion : 1.40.11
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd
FileDescription : EA Module Loader
InternalName : EAX
LegalCopyright : Copyright © 2000 Creative Technology Ltd.
OriginalFilename : EAX.EXE
#:35 [vrc.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\VRC.exe"
ProcessID : 2272
ThreadCreationTime : 5-10-2005 4:31:48 AM
BasePriority : Normal
FileVersion : 1.40.11
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : DesktopRC
InternalName : DesktopRC
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : DesktopRC.EXE
#:36 [rcenter.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Center\RCenter.exe"
ProcessID : 2280
ThreadCreationTime : 5-10-2005 4:31:48 AM
BasePriority : Normal
FileVersion : 1.40.12
ProductVersion : 1.40.00
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : RCenter Application
InternalName : RCenter
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : RCenter.EXE
#:37 [mediadet.exe]
ModuleName : C:\Program Files\Creative\ShareDLL\MediaDet.exe
Command Line : "C:\Program Files\Creative\ShareDLL\MediaDet.exe" -Embedding
ProcessID : 2292
ThreadCreationTime : 5-10-2005 4:31:49 AM
BasePriority : Normal
FileVersion : 2.00.06.0
ProductVersion : 2.00
ProductName : Creative Disc Detector
CompanyName : Creative Technology Ltd.
FileDescription : Disc Detector
InternalName : MediaDet
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : MediaDet.exe
Comments : Local Server
#:38 [osdmenu.exe]
ModuleName : C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE
Command Line : "C:\Program Files\Creative\SBAudigy\RemoteCenter\Rc\OSDMenu.EXE"
ProcessID : 2328
ThreadCreationTime : 5-10-2005 4:31:52 AM
BasePriority : Normal
FileVersion : 1.40.10
ProductVersion : 1.40
ProductName : Creative RemoteCenter
CompanyName : Creative Technology Ltd.
FileDescription : On Screen Display Menu
InternalName : OSDMenu
LegalCopyright : Copyright © 2001 Creative Technology Ltd.
OriginalFilename : OSDMenu.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 5-7-2005 5:17:50 PM
LastSync : Hits:8
UseCount : 0
Hits : 8
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-8-2005 6:00:36 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:[email protected]/
Expires : 8-19-2008 1:35:18 PM
LastSync : Hits:6
UseCount : 0
Hits : 6
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@sextracker[2].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:[email protected]/
Expires : 5-9-2005 1:00:36 AM
LastSync : Hits:18
UseCount : 0
Hits : 18
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-9-2005 11:59:48 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 5-7-2010 8:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:[email protected]/
Expires : 5-8-2008 12:00:36 AM
LastSync : Hits:5
UseCount : 0
Hits : 5
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 9
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : dddcc.txt
Category : Malware
Comment :
Object : C:\WINDOWS\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered: http://www.onlysex.ws/
Object : C:\Documents and Settings\Owner\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered: http://www.lookfor.cc/
Object : C:\Documents and Settings\Owner\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered: http://www.7days.ws/
Object : C:\Documents and Settings\Owner\Favorites\
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {0E0ABE69-7345-8741-938E-5DCCA13C4284}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 30
12:39:57 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:00.985
Objects scanned:173759
Objects identified:30
Objects ignored:0
New critical objects:30
Edited by sidewinder, 09 May 2005 - 10:44 PM.