Ad-Aware SE Build 1.05
Logfile Created on:Monday, May 16, 2005 10:46:06 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R8 13.09.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:8):7 total references
Alexa(TAC index:5):8 total references
BlazeFind(TAC index:5):1 total references
ClearSearch(TAC index:7):5 total references
CoolWebSearch(TAC index:10):10 total references
Lycos Sidesearch(TAC index:7):5 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
SecondThought(TAC index:4):3 total references
SpywareNuker(TAC index:5):1 total references
TopMoxie(TAC index:3):4 total references
VX2(TAC index:10):6 total references
Win32.Revop.Trojan(TAC index:6):2 total references
WinAD(TAC index:7):1 total references
WinFavorites(TAC index:6):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-16-05 10:46:06 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293914787
Threads : 6
Priority : High
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright © Microsoft Corp. 1991-1999
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294951967
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright © Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292883343
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : MPREXE.EXE
#:4 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292880035
Threads : 1
Priority : Normal
FileVersion : 4.03.1998
ProductVersion : 4.03.1998
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : mmtask.tsk
#:5 [VSHWIN32.EXE]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\
ProcessID : 4292905711
Threads : 7
Priority : Normal
FileVersion : 4.0.3
ProductVersion : 4.0.3
ProductName : VShield
CompanyName : Network Associates Inc.
FileDescription : VShield
InternalName : VShield
LegalCopyright : Copyright © 1999 Network Associates Inc.
LegalTrademarks : VirusScan® is a registered trademark of Network Associates Inc. McAfee is a trademark of Network Associates Inc.
OriginalFilename : VSHWIN95.EXE
#:6 [HIDSERV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292948307
Threads : 1
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : HID Audio Service
InternalName : hidserv
LegalCopyright : Copyright © Microsoft Corp. 1998, 1999
OriginalFilename : HIDSERV.EXE
#:7 [VSSTAT.EXE]
FilePath : C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\
ProcessID : 4292898871
Threads : 3
Priority : Normal
FileVersion : 4.0.3
ProductVersion : 4.0.3
ProductName : McAfee VirusScan
CompanyName : Network Associates Inc
FileDescription : VShield Statistics
InternalName : VsStat.exe
LegalCopyright : Copyright © 1999 Network Associates Inc.
LegalTrademarks : VirusScan® is a registered trademark of Network Associates Inc. McAfee is a trademark of Network Associates Inc.
OriginalFilename : VSStat.exe
#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4292943227
Threads : 17
Priority : Normal
FileVersion : 4.72.3110.1
ProductVersion : 4.72.3110.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1997
OriginalFilename : EXPLORER.EXE
#:9 [TASKMON.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4292978523
Threads : 2
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Monitor
InternalName : TaskMon
LegalCopyright : Copyright © Microsoft Corp. 1998
OriginalFilename : TASKMON.EXE
#:10 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292972215
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright © Microsoft Corp. 1993-1998
OriginalFilename : SYSTRAY.EXE
#:11 [MMKEYBD.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4292988943
Threads : 5
Priority : Normal
FileVersion : 3.2.0
ProductVersion : 3.2.0
ProductName : One-touch Multimedia Keyboard
CompanyName : Netropa Corp.
FileDescription : One-touch Multimedia Keyboard
InternalName : MMKEYBD
LegalCopyright : Copyright © 1995-2000 Netropa Corp.
All Rights Reserved.
OriginalFilename : MMKEYBD.EXE
#:12 [REALPLAY.EXE]
FilePath : C:\PROGRAM FILES\REAL\REALPLAYER\
ProcessID : 4293029291
Threads : 2
Priority : Normal
FileVersion : 6.0.12.1040
ProductVersion : 6.0.12.1040
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE
#:13 [CONNECTIONMANAGER.EXE]
FilePath : C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\
ProcessID : 4293010331
Threads : 5
Priority : Normal
FileVersion : 2.0.1.3072
ProductVersion : 2.0.1.3072
ProductName : SBC Yahoo! Dial
CompanyName : SBC Yahoo!
FileDescription : SBC Yahoo! Connection Manager
InternalName : CONNECTIONMANAGER
LegalCopyright : Copyright © 2002 SBC Yahoo!
LegalTrademarks : Copyright © 2002 SBC Yahoo!
OriginalFilename : CONNECTIONMANAGER.EXE
#:14 [IPMON32.EXE]
FilePath : C:\PROGRAM FILES\SBC YAHOO!\CONNECTION MANAGER\IP INSIGHT\
ProcessID : 4293040495
Threads : 5
Priority : Normal
FileVersion : 5.5.33.226
ProductVersion : 5.5.33.226
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Monitor
InternalName : IPMON32
LegalCopyright : Copyright © 1996-2001 Visual Networks Technologies, Inc.
OriginalFilename : ipmon32.exe
#:15 [GCLIB.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4292955955
Threads : 2
Priority : Normal
#:16 [THGUARD.EXE]
FilePath : C:\PROGRAM FILES\TROJANHUNTER 4.2\
ProcessID : 4292985003
Threads : 3
Priority : Normal
FileVersion : 3.8.0.275
ProductVersion : 1.0.0.0
ProductName : TrojanHunter Guard
CompanyName : Mischel Internet Security
FileDescription : TrojanHunter Guard
LegalCopyright : Mischel Internet Security
LegalTrademarks : TrojanHunter is a trademark of Mischel Internet Security.
OriginalFilename : THGuard.exe
#:17 [AVGCC.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4293111979
Threads : 6
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:18 [AVGEMC.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4293141347
Threads : 7
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:19 [AVGAMSVR.EXE]
FilePath : C:\PROGRAM FILES\GRISOFT\AVG FREE\
ProcessID : 4293126399
Threads : 5
Priority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:20 [RunDLL.exe]
FilePath : C:\WINDOWS\
ProcessID : 4293122847
Threads : 1
Priority : Normal
FileVersion : 4.10.1998
ProductVersion : 4.10.1998
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1991-1998
OriginalFilename : RUNDLL.EXE
#:21 [WP.EXE]
FilePath : C:\
ProcessID : 4293090119
Threads : 2
Priority : Normal
#:22 [KEYBDMGR.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4293096695
Threads : 2
Priority : Normal
FileVersion : 3.0.0
ProductVersion : 3.0.0
ProductName : Keyboard Manager
CompanyName : Netropa Corp.
FileDescription : Keyboard Manager
InternalName : Keyboard Manager
LegalCopyright : Copyright © 1999, Netropa Corp.
OriginalFilename : KeybdMgr.exe
#:23 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293187567
Threads : 4
Priority : Normal
FileVersion : 5.00.1755.1
ProductVersion : 5.00.1755.1
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : wmiexe.exe
#:24 [OSD.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\
ProcessID : 4293210395
Threads : 2
Priority : Normal
FileVersion : 3.1.7
ProductVersion : 3.1.7
ProductName : OSD
CompanyName : Netropa Corp.
FileDescription : Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 1997-2000 Netropa Corp.
All Rights Reserved.
OriginalFilename : OSD.EXE
#:25 [MMUSBKB2.EXE]
FilePath : C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\
ProcessID : 4293069415
Threads : 2
Priority : Normal
FileVersion : 1.1
ProductVersion : 1.1
ProductName : USB Multimedia Keyboard Driver 2
CompanyName : Netropa Corporation
FileDescription : USB Multimedia Keyboard Driver 2
InternalName : mmusbkb2
LegalCopyright : Copyright © 1998-1999 Netropa Corporation
OriginalFilename : mmusbkb2.exe
#:26 [PSTORES.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293288291
Threads : 3
Priority : Normal
FileVersion : 5.00.1877.3
ProductVersion : 5.00.1877.3
ProductName : Microsoft® Windows NT® Operating System
CompanyName : Microsoft Corporation
FileDescription : Protected storage server
InternalName : Protected storage server
LegalCopyright : Copyright © Microsoft Corp. 1981-1998
OriginalFilename : Protected storage server
#:27 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293276515
Threads : 3
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright © Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE
#:28 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4293315647
Threads : 7
Priority : Normal
FileVersion : 4.10.2222
ProductVersion : 4.10.2222
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright © Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE
#:29 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4293377311
Threads : 3
Priority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuText
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon
Alexa Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\main
Value : HOMEOldSP
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : "HOMEOldSP"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : HOMEOldSP
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 10
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinFavorites Object Recognized!
Type : File
Data : jao.dll.tcf
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : jao Module
FileDescription : jao Module
InternalName : jao
LegalCopyright : Copyright 2004
OriginalFilename : jao.DLL
Win32.Revop.Trojan Object Recognized!
Type : File
Data : PVVOXD.exe.tcf
Category : Malware
Comment :
Object : c:\WINDOWS\SYSTEM\
FileVersion : 5.00.0002
ProductVersion : 5.00.0002
ProductName : mplayer
CompanyName : thunderdome
InternalName : actulice
OriginalFilename : actulice.exe
WinAD Object Recognized!
Type : File
Data : ide21201.vxd
Category : Data Miner
Comment :
Object : c:\WINDOWS\SYSTEM\
SpywareNuker Object Recognized!
Type : File
Data : SpywareNukerInstaller.exe
Category : Malware
Comment :
Object : c:\WINDOWS\Downloaded Program Files\
180Solutions Object Recognized!
Type : File
Data : ncmyb.dll.tcf
Category : Data Miner
Comment :
Object : c:\WINDOWS\
SecondThought Object Recognized!
Type : File
Data : install2.exe.tcf
Category : Data Miner
Comment :
Object : c:\WINDOWS\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : spawner.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : spawner.exe
VX2 Object Recognized!
Type : File
Data : 0021-bdl94126.EXE
Category : Data Miner
Comment :
Object : c:\WINDOWS\
Win32.Revop.Trojan Object Recognized!
Type : File
Data : shizzyp.exe.tcf
Category : Malware
Comment :
Object : c:\WINDOWS\
FileVersion : 5.00.0002
ProductVersion : 5.00.0002
ProductName : mplayer
CompanyName : thunderdome
InternalName : actulice
OriginalFilename : actulice.exe
BlazeFind Object Recognized!
Type : File
Data : Key2.txt
Category : Malware
Comment :
Object : c:\WINDOWS\
VX2 Object Recognized!
Type : File
Data : PREINSTT.EXE.tcf
Category : Data Miner
Comment :
Object : c:\WINDOWS\
VX2 Object Recognized!
Type : File
Data : TWAINTEC.DLL.tcf
Category : Data Miner
Comment :
Object : c:\WINDOWS\
FileVersion : 0, 1, 4, 30
ProductVersion : 0, 1, 4, 30
ProductName : twaintec
CompanyName : Twaintec
FileDescription : www.twain-tech.com
InternalName : twaintec
LegalCopyright : Copyright © 2003
OriginalFilename : twaintec.dll
Comments : www.Twain-Tech.com
180Solutions Object Recognized!
Type : File
Data : wbghcl.exe.tcf
Category : Data Miner
Comment :
Object : c:\WINDOWS\
VX2 Object Recognized!
Type : File
Data : pup.exe
Category : Data Miner
Comment :
Object : c:\Program Files\
ClearSearch Object Recognized!
Type : File
Data : CSIEINST.DLL
Category : Data Miner
Comment :
Object : c:\Program Files\Lycos\IEagent\
FileVersion : 1, 53, 0, 4
ProductVersion : 1, 53, 0, 4
ProductName : CSie
CompanyName : Clear Search
FileDescription : CSie
InternalName : CSie
LegalCopyright : Copyright © 2003, 2004
OriginalFilename : CSie.dll
Comments : build 53d, 04/14/2004
ClearSearch Object Recognized!
Type : File
Data : CSSSINST.DLL
Category : Data Miner
Comment :
Object : c:\Program Files\Lycos\IEagent\
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : CSss
CompanyName : Clear Search
FileDescription : CSss
InternalName : CSss
LegalCopyright : Copyright © 2003, 2004
OriginalFilename : CSss.dll
ClearSearch Object Recognized!
Type : File
Data : CSBIINST.DLL
Category : Data Miner
Comment :
Object : c:\Program Files\Lycos\IEagent\
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 3
ProductName : CSbi
CompanyName : Clear Search
FileDescription : CSbi
InternalName : CSbi
LegalCopyright : Copyright © 2003, 2004
OriginalFilename : CSbi.dll
Lycos Sidesearch Object Recognized!
Type : File
Data : sidesearch1400.dll.tcf
Category : Misc
Comment :
Object : c:\Program Files\Lycos\Sidesearch\
FileVersion : 1.4.0.0
ProductVersion : 1.4.0.0
ProductName : Lycos Sidesearch Client
CompanyName : Lycos, Inc.
FileDescription : Lycos Sidesearch Client
InternalName : Lycos Sidesearch Client
LegalCopyright : Copyright © 2004
OriginalFilename : sidesearch.dll
ClearSearch Object Recognized!
Type : File
Data : ClrSchUninstall_78_86.exe.tcf
Category : Data Miner
Comment :
Object : c:\Program Files\Lycos\Sidesearch\
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : Clear Search Uninstaller
FileDescription : Clear Search Uninstaller
InternalName : Clear Search Uninstaller
LegalCopyright : Copyright © 2003
OriginalFilename : ClrSchUninstall.EXE
TopMoxie Object Recognized!
Type : File
Data : WebRebates.exe.tcf
Category : Data Miner
Comment :
Object : c:\Program Files\WebRebates\
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 29
Possible Browser Hijack attempt Object Recognized!
Type : File
Data : Free AOL and Unlimited Internet.url
Category : Misc
Comment : Problematic URL discovered: http://free.aol.com/...ndex.adp?139343
Object : C:\WINDOWS\Favorites\Links\
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain
Value : CLSID
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Use Custom Search URL
180Solutions Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
180Solutions Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\explorer bars\{30d02401-6a81-11d0-8274-00c04fd5ae38}
Value : BarSize
180Solutions Object Recognized!
Type : File
Data : fiz1
Category : Data Miner
Comment :
Object : C:\WINDOWS\
180Solutions Object Recognized!
Type : File
Data : kyf.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\
180Solutions Object Recognized!
Type : File
Data : msbb.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\
FileVersion : 5, 6, 0, 15
ProductVersion : 5, 6, 0, 15
ProductName : Search Assistant
CompanyName : 180Solutions, Inc.
FileDescription : Search Assistant
LegalCopyright : Copyright © 2004, 180Solutions Inc.
SecondThought Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : c:\\temporary
SecondThought Object Recognized!
Type : File
Data : stcterms.html
Category : Data Miner
Comment :
Object : c:\temporary\
VX2 Object Recognized!
Type : File
Data : TWTINI.INF
Category : Malware
Comment :
Object : C:\WINDOWS\inf\
VX2 Object Recognized!
Type : File
Data : TWAINTEC.INI
Category : Malware
Comment :
Object : C:\WINDOWS\
ClearSearch Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\urlsearchhooks
Value : {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
Lycos Sidesearch Object Recognized!
Type : Folder
Category : Misc
Comment :
Object : C:\Program Files\lycos\Sidesearch
Lycos Sidesearch Object Recognized!
Type : File
Data : offline.htm
Category : Misc
Comment :
Object : C:\Program Files\lycos\sidesearch\
Lycos Sidesearch Object Recognized!
Type : File
Data : results-lycos-logo.gif
Category : Misc
Comment :
Object : C:\Program Files\lycos\sidesearch\
Lycos Sidesearch Object Recognized!
Type : File
Data : Uninst.exe
Category : Misc
Comment :
Object : C:\Program Files\lycos\sidesearch\
TopMoxie Object Recognized!
Type : Folder
Category : Data Miner
Comment :
Object : C:\Program Files\WebRebates
TopMoxie Object Recognized!
Type : File
Data : AutoTrack_README1.txt
Category : Data Miner
Comment :
Object : C:\Program Files\webrebates\
TopMoxie Object Recognized!
Type : File
Data : WebRebates.inf
Category : Data Miner
Comment :
Object : C:\Program Files\webrebates\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 25
Objects found so far: 55
11:04:27 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:20.870
Objects scanned:88625
Objects identified:55
Objects ignored:0
New critical objects:55