Followed the steps advised and here is the log file requested:
Ad-Aware SE Build 1.05
Logfile Created on:12 May 2005 09:10:17
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):27 total references
MRU List(TAC index:0):19 total references
Possible Browser Hijack attempt(TAC index:3):3 total references
Tracking Cookie(TAC index:3):4 total references
VX2(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 51
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663
12-05-2005 09:08:39 Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668
12-05-2005 09:08:52 Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:24 %
Total physical memory:122352 kb
Available physical memory:28704 kb
Total page file size:487600 kb
Available on page file:386480 kb
Total virtual memory:2097024 kb
Available virtual memory:2044020 kb
OS:Microsoft Windows 2000 Professional Service Pack 3 (Build 2195)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
12-05-2005 09:10:17 - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\GBaute\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\GBaute\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\office\9.0\excel\recent files
Description : list of recent files used by microsoft excel
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\office\9.0\publisher\recent file list
Description : list of recent files used by microsoft publisher
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1427113944-20727422-637696952-1613\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 148
ThreadCreationTime : 12-05-2005 07:54:57
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINNT\system32\csrss.exe
Command Line : C:\WINNT\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequest
ProcessID : 172
ThreadCreationTime : 12-05-2005 07:55:04
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINNT\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 192
ThreadCreationTime : 12-05-2005 07:55:06
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINNT\system32\services.exe
Command Line : C:\WINNT\system32\services.exe
ProcessID : 220
ThreadCreationTime : 12-05-2005 07:55:07
BasePriority : Normal
FileVersion : 5.00.2195.3940
ProductVersion : 5.00.2195.3940
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINNT\system32\lsass.exe
Command Line : C:\WINNT\system32\lsass.exe
ProcessID : 232
ThreadCreationTime : 12-05-2005 07:55:07
BasePriority : Normal
FileVersion : 5.00.2195.5430
ProductVersion : 5.00.2195.5430
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost -k rpcss
ProcessID : 400
ThreadCreationTime : 12-05-2005 07:55:11
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:7 [spoolsv.exe]
ModuleName : C:\WINNT\system32\spoolsv.exe
Command Line : C:\WINNT\system32\spoolsv.exe
ProcessID : 432
ThreadCreationTime : 12-05-2005 07:55:11
BasePriority : Normal
FileVersion : 5.00.2195.4299
ProductVersion : 5.00.2195.4299
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe
#:8 [svchost.exe]
ModuleName : C:\WINNT\System32\svchost.exe
Command Line : C:\WINNT\System32\svchost.exe -k netsvcs
ProcessID : 512
ThreadCreationTime : 12-05-2005 07:55:18
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:9 [nmssvc.exe]
ModuleName : C:\WINNT\System32\NMSSvc.exe
Command Line : C:\WINNT\System32\NMSSvc.exe
ProcessID : 536
ThreadCreationTime : 12-05-2005 07:55:18
BasePriority : Normal
FileVersion : 2.1.9.0
ProductVersion : 2.1.9.0
ProductName : NMS
CompanyName : Intel Corporation
FileDescription : NMS Module
InternalName : NMS Module
LegalCopyright : Copyright © 2000-2002 Intel Corp. All Rights Reserved
#:10 [regsvc.exe]
ModuleName : C:\WINNT\system32\regsvc.exe
Command Line : C:\WINNT\system32\regsvc.exe
ProcessID : 596
ThreadCreationTime : 12-05-2005 07:55:19
BasePriority : Normal
FileVersion : 5.00.2195.3649
ProductVersion : 5.00.2195.3649
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE
#:11 [mstask.exe]
ModuleName : C:\WINNT\system32\MSTask.exe
Command Line : C:\WINNT\system32\MSTask.exe
ProcessID : 620
ThreadCreationTime : 12-05-2005 07:55:19
BasePriority : Normal
FileVersion : 4.71.2195.1
ProductVersion : 4.71.2195.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe
#:12 [smagent.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
ProcessID : 656
ThreadCreationTime : 12-05-2005 07:55:20
BasePriority : Normal
FileVersion : 3, 2, 4, 0
ProductVersion : 3, 2, 4, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe
#:13 [winmgmt.exe]
ModuleName : C:\WINNT\System32\WBEM\WinMgmt.exe
Command Line : C:\WINNT\System32\WBEM\WinMgmt.exe
ProcessID : 700
ThreadCreationTime : 12-05-2005 07:55:20
BasePriority : Normal
FileVersion : 1.50.1085.0070
ProductVersion : 1.50.1085.0070
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999
#:14 [svchost.exe]
ModuleName : C:\WINNT\system32\svchost.exe
Command Line : C:\WINNT\system32\svchost.exe -k wugroup
ProcessID : 724
ThreadCreationTime : 12-05-2005 07:55:22
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe
#:15 [explorer.exe]
ModuleName : C:\WINNT\explorer.exe
Command Line : "C:\WINNT\explorer.exe"
ProcessID : 848
ThreadCreationTime : 12-05-2005 08:02:33
BasePriority : Normal
FileVersion : 5.00.3502.5321
ProductVersion : 5.00.3502.5321
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE
#:16 [smssu.exe]
ModuleName : C:\WINNT\System32\SMSSU.EXE
Command Line : "C:\WINNT\System32\SMSSU.EXE" open
ProcessID : 824
ThreadCreationTime : 12-05-2005 08:02:33
BasePriority : Normal
#:17 [tmntsrv32.exe]
ModuleName : C:\WINNT\System32\Tmntsrv32.EXE
Command Line : "C:\WINNT\System32\Tmntsrv32.EXE" open
ProcessID : 876
ThreadCreationTime : 12-05-2005 08:02:33
BasePriority : Normal
#:18 [atlfg.exe]
ModuleName : C:\WINNT\system32\atlfg.exe
Command Line : "C:\WINNT\system32\atlfg.exe" /r
ProcessID : 1032
ThreadCreationTime : 12-05-2005 08:02:35
BasePriority : Normal
VX2 Object Recognized!
Type : Process
Data : atlfg.exe
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINNT\system32\
Warning! VX2 Object found in memory(C:\WINNT\system32\atlfg.exe)
Warning! "C:\WINNT\system32\atlfg.exe"Process could not be terminated!
"C:\WINNT\system32\atlfg.exe"Process terminated successfully
#:19 [ntfq32.exe]
ModuleName : C:\WINNT\system32\ntfq32.exe
Command Line : C:\WINNT\system32\ntfq32.exe
ProcessID : 1036
ThreadCreationTime : 12-05-2005 08:02:35
BasePriority : Normal
#:20 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 836
ThreadCreationTime : 12-05-2005 08:07:39
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 20
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}
Value :
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 25
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gbaute@atdmt[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:
[email protected]/
Expires : 10-05-2010 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gbaute@apmebf[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 09-05-2010 16:43:32
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gbaute@cgi-bin[1].txt
Category : Data Miner
Comment : Hits:53
Value : Cookie:
[email protected]/cgi-bin
Expires : 08-05-2015 16:01:52
LastSync : Hits:53
UseCount : 0
Hits : 53
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : gbaute@doubleclick[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:
[email protected]/
Expires : 09-05-2008 15:58:40
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 29
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : oosaq.log
Category : Malware
Comment :
Object : C:\WINNT\
CoolWebSearch Object Recognized!
Type : File
Data : bozkx.dat
Category : Malware
Comment :
Object : C:\WINNT\system32\
CoolWebSearch Object Recognized!
Type : File
Data : eoxki.log
Category : Malware
Comment :
Object : C:\WINNT\system32\
CoolWebSearch Object Recognized!
Type : File
Data : vnmgu.dat
Category : Malware
Comment :
Object : C:\WINNT\system32\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Only sex website.url
Category : Misc
Comment : Problematic URL discovered:
http://www.onlysex.ws/ Object : C:\Documents and Settings\GBaute\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Search the web.url
Category : Misc
Comment : Problematic URL discovered:
http://www.lookfor.cc/ Object : C:\Documents and Settings\GBaute\Favorites\
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Seven days of free [bleep].url
Category : Misc
Comment : Problematic URL discovered:
http://www.7days.ws/ Object : C:\Documents and Settings\GBaute\Favorites\
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {DD856B29-AAF7-7455-8E7B-7FE00B4D9DA7}
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : no
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no
CoolWebSearch Object Recognized!
Type : RegData
Data : about:blank
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Start Page
Data : about:blank
CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\GBaute\local settings\temporary internet files\msft\images-sprem
CoolWebSearch Object Recognized!
Type : File
Data : up.gif
Category : Malware
Comment :
Object : C:\Documents and Settings\GBaute\local settings\temporary internet files\msft\images-sprem\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 55
09:12:38 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:20.328
Objects scanned:52684
Objects identified:36
Objects ignored:0
New critical objects:36
Edited by GeoBaute, 12 May 2005 - 04:36 AM.