Ad-Aware SE Build 1.04 Logfile Created on:Thursday, June 30, 2005 1:45:41 PM Using definitions file:SE1R52 30.06.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R52 30.06.2005 Internal build : 60 File location : C:\Program Files\Lavasoft\Ad-Aware SE Plus\defs.ref File size : 485588 Bytes Total size : 1468054 Bytes Signature data size : 1436270 Bytes Reference data size : 31272 Bytes Signatures total : 40920 Fingerprints size : 31888 Bytes Target categories : 15 Target families : 697 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium III Memory available:26 % Total physical memory:260528 kb Available physical memory:67232 kb Total page file size:444136 kb Available on page file:194828 kb Total virtual memory:2097024 kb Available virtual memory:2035872 kb OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Ignore spanned files when scanning cab archives Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Deactivate Ad-Watch during Ad-Aware scans Set : Block pop-ups aggressively Set : Automatically select problematic objects in results lists Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Show splash screen Set : Backup current definitions file before updating Set : Play sound at scan completion if scan locates critical objects 6-30-2005 1:45:41 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 576 ThreadCreationTime : 6-30-2005 1:14:02 PM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 624 ThreadCreationTime : 6-30-2005 1:14:05 PM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 648 ThreadCreationTime : 6-30-2005 1:14:06 PM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 692 ThreadCreationTime : 6-30-2005 1:14:07 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 704 ThreadCreationTime : 6-30-2005 1:14:07 PM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 868 ThreadCreationTime : 6-30-2005 1:14:08 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 968 ThreadCreationTime : 6-30-2005 1:14:08 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1056 ThreadCreationTime : 6-30-2005 1:14:09 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1072 ThreadCreationTime : 6-30-2005 1:14:09 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1384 ThreadCreationTime : 6-30-2005 1:14:10 PM BasePriority : Normal FileVersion : 6.00.2800.1221 (xpsp2.030511-1403) ProductVersion : 6.00.2800.1221 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:11 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1440 ThreadCreationTime : 6-30-2005 1:14:10 PM BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [vptray.exe] ModuleName : C:\Program Files\NavNT\vptray.exe Command Line : "C:\Program Files\NavNT\vptray.exe" ProcessID : 132 ThreadCreationTime : 6-30-2005 1:14:44 PM BasePriority : Normal FileVersion : 7.61.00.935 ProductVersion : 7.61.00.935 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus LegalCopyright : Copyright (C) Symantec Corporation 1991-2001 #:13 [atiptaxx.exe] ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ProcessID : 148 ThreadCreationTime : 6-30-2005 1:14:44 PM BasePriority : Normal FileVersion : 6.14.10.4019 ProductVersion : 6.14.10.4019 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright (C) 1998-2002 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:14 [directcd.exe] ModuleName : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe Command Line : "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" ProcessID : 204 ThreadCreationTime : 6-30-2005 1:14:44 PM BasePriority : Normal FileVersion : 5.1.0.209 ProductVersion : 5.1.0.209 ProductName : DirectCD CompanyName : Roxio FileDescription : DirectCD Application InternalName : DirectCD LegalCopyright : Copyright © 2001-2002, Roxio, Inc. OriginalFilename : Directcd.exe #:15 [rundll32.exe] ModuleName : C:\WINDOWS\System32\RUNDLL32.exe Command Line : "C:\WINDOWS\System32\RUNDLL32.exe" "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain ProcessID : 216 ThreadCreationTime : 6-30-2005 1:14:44 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : RUNDLL.EXE #:16 [winampa.exe] ModuleName : C:\Program Files\Winamp\winampa.exe Command Line : "C:\Program Files\Winamp\winampa.exe" ProcessID : 220 ThreadCreationTime : 6-30-2005 1:14:44 PM BasePriority : Normal #:17 [jusched.exe] ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ProcessID : 260 ThreadCreationTime : 6-30-2005 1:14:44 PM BasePriority : Normal #:18 [qttask.exe] ModuleName : C:\Program Files\QuickTime\qttask.exe Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime ProcessID : 304 ThreadCreationTime : 6-30-2005 1:14:44 PM BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:19 [mouse32a.exe] ModuleName : C:\Program Files\Browser MOUSE\mouse32a.exe Command Line : "C:\Program Files\Browser MOUSE\mouse32a.exe" ProcessID : 396 ThreadCreationTime : 6-30-2005 1:14:45 PM BasePriority : Normal FileVersion : 3.0.1.0 ProductVersion : 3.0.0.0 LegalCopyright : Copyright 2001 by LEE,WEI-BIN. #:20 [viewmgr.exe] ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" ProcessID : 412 ThreadCreationTime : 6-30-2005 1:14:45 PM BasePriority : Normal FileVersion : 2, 0, 0, 42 ProductVersion : 2, 0, 0, 42 ProductName : Viewpoint Manager CompanyName : Viewpoint Corporation FileDescription : ViewMgr InternalName : Viewpoint Manager LegalCopyright : Copyright © 2004 OriginalFilename : ViewMgr.exe Comments : Viewpoint Manager #:21 [winob32.exe] ModuleName : C:\WINDOWS\system32\winob32.exe Command Line : "C:\WINDOWS\system32\winob32.exe" ProcessID : 420 ThreadCreationTime : 6-30-2005 1:14:45 PM BasePriority : Normal #:22 [mixer.exe] ModuleName : C:\WINDOWS\Mixer.exe Command Line : "C:\WINDOWS\Mixer.exe" /startup ProcessID : 436 ThreadCreationTime : 6-30-2005 1:14:45 PM BasePriority : Normal FileVersion : 1.55 ProductVersion : 1.55 ProductName : Mixer CompanyName : C-Media Electronic Inc. (www.cmedia.com.tw) FileDescription : Mixer InternalName : Mixer LegalCopyright : Copyright (C) 1997-2002 LegalTrademarks : NONE OriginalFilename : Mixer.EXE Comments : Feng Min-Chih ([email protected]) #:23 [ad-watch.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" ProcessID : 464 ThreadCreationTime : 6-30-2005 1:14:45 PM BasePriority : High FileVersion : 3.1.2.17 ProductVersion : 3.2 ProductName : Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Watch System Protector InternalName : Ad-Watch.exe LegalCopyright : 1999-2004 Team Lavasoft OriginalFilename : Ad-Watch.exe #:24 [msmsgs.exe] ModuleName : C:\Program Files\Messenger\MSMSGS.EXE Command Line : "C:\Program Files\Messenger\MSMSGS.EXE" /background ProcessID : 480 ThreadCreationTime : 6-30-2005 1:14:45 PM BasePriority : Normal FileVersion : 4.7.2010 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 1997-2003 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:25 [mfindexer.exe] ModuleName : C:\Corel\Graphics8\Programs\MFIndexer.exe Command Line : "C:\Corel\Graphics8\Programs\MFIndexer.exe" ProcessID : 896 ThreadCreationTime : 6-30-2005 1:14:49 PM BasePriority : Normal FileVersion : 8.232 ProductVersion : 8.232 ProductName : CorelDRAW (TM) CompanyName : Corel Corporation FileDescription : Utility which indexes Corel Media Folders InternalName : Corel Media Indexer LegalCopyright : Copyright © 1988-1997 Corel Corporation. LegalTrademarks : CorelDRAW (TM) OriginalFilename : MFIndexer.exe #:26 [defwatch.exe] ModuleName : C:\Program Files\NavNT\defwatch.exe Command Line : "C:\Program Files\NavNT\defwatch.exe" ProcessID : 956 ThreadCreationTime : 6-30-2005 1:14:51 PM BasePriority : Normal FileVersion : 7.61.00.935 ProductVersion : 7.61.00.935 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Virus Definition Daemon InternalName : DefWatch LegalCopyright : Copyright © 1998 Symantec Corporation OriginalFilename : DefWatch.exe #:27 [nmssvc.exe] ModuleName : C:\WINDOWS\System32\NMSSvc.exe Command Line : C:\WINDOWS\System32\NMSSvc.exe ProcessID : 1036 ThreadCreationTime : 6-30-2005 1:14:51 PM BasePriority : Normal FileVersion : 2.0.24.3 ProductVersion : 2.0.24.3 ProductName : NMS CompanyName : Intel Corporation FileDescription : NMS Module InternalName : NMS Module LegalCopyright : Copyright © 2000-2001 Intel Corp. All Rights Reserved #:28 [rtvscan.exe] ModuleName : C:\Program Files\NavNT\rtvscan.exe Command Line : "C:\Program Files\NavNT\rtvscan.exe" ProcessID : 1128 ThreadCreationTime : 6-30-2005 1:14:51 PM BasePriority : Normal FileVersion : 7.61.00.935 ProductVersion : 7.61.00.935 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus LegalCopyright : Copyright (C) Symantec Corporation 1991-2001 #:29 [sysfs32.exe] ModuleName : C:\WINDOWS\system32\sysfs32.exe Command Line : C:\WINDOWS\system32\sysfs32.exe /s ProcessID : 1752 ThreadCreationTime : 6-30-2005 1:15:08 PM BasePriority : Normal VX2 Object Recognized! Type : Process Data : sysfs32.exe Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\system32\ Warning! VX2 Object found in memory(C:\WINDOWS\system32\sysfs32.exe) "C:\WINDOWS\system32\sysfs32.exe"Process terminated successfully "C:\WINDOWS\system32\sysfs32.exe"Process terminated successfully #:30 [msgsys.exe] ModuleName : C:\WINDOWS\System32\MsgSys.EXE Command Line : MsgSys.EXE ProcessID : 924 ThreadCreationTime : 6-30-2005 1:15:17 PM BasePriority : Normal FileVersion : 6.12.0.71 E ProductVersion : 6.12.0.71 ProductName : Intel Common Base Agent CompanyName : Intel® Corporation FileDescription : CBA -- Message System InternalName : MsgExe LegalCopyright : Copyright © 1997-2001 Intel® Corporation LegalTrademarks : LANDesk® is a registered trademark of Intel Corporation OriginalFilename : MsgSys.EXE #:31 [wuauclt.exe] ModuleName : C:\WINDOWS\System32\wuauclt.exe Command Line : "C:\WINDOWS\System32\wuauclt.exe" ProcessID : 3292 ThreadCreationTime : 6-30-2005 1:17:03 PM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:32 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 2532 ThreadCreationTime : 6-30-2005 3:26:40 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:33 [iexplore.exe] ModuleName : C:\Program Files\Internet Explorer\iexplore.exe Command Line : "C:\Program Files\Internet Explorer\iexplore.exe" -nohome ProcessID : 3508 ThreadCreationTime : 6-30-2005 4:35:19 PM BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : IEXPLORE.EXE #:34 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" ProcessID : 1508 ThreadCreationTime : 6-30-2005 5:40:13 PM BasePriority : Normal FileVersion : 6.2.0.199 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : CWS.FullSearch Rootkey : HKEY_CLASSES_ROOT Object : clsid\{cd7677de-dd7f-cc24-1d1e-fefe7d9b7aba} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\currentcontrolset\services\ 11fßä#·ºÄÖ`i CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : system\controlset001\services\ 11fßä#·ºÄÖ`i Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 5 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : File Data : A0001126.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP0\ CoolWebSearch Object Recognized! Type : File Data : A0001127.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP0\ CoolWebSearch Object Recognized! Type : File Data : A0001128.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP0\ CoolWebSearch Object Recognized! Type : File Data : A0001129.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP0\ CoolWebSearch Object Recognized! Type : File Data : A0001130.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP0\ CoolWebSearch Object Recognized! Type : File Data : A0001131.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP0\ CoolWebSearch Object Recognized! Type : File Data : A0001132.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP0\ CoolWebSearch Object Recognized! Type : File Data : A0001133.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP0\ CoolWebSearch Object Recognized! Type : File Data : A0003276.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP0\ CoolWebSearch Object Recognized! Type : File Data : A0003780.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{6AE7E744-70BD-45BB-9A10-585FF84279A2}\RP3\ CoolWebSearch Object Recognized! Type : File Data : bdhvx.dll Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : egezi.dat Category : Malware Comment : Object : C:\WINDOWS\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 Possible Browser Hijack attempt Object Recognized! Type : File Data : Only sex website.url Category : Misc Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\Documents and Settings\Dan Schnitzler\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Search the web.url Category : Misc Comment : Problematic URL discovered: http://www.lookfor.cc/ Object : C:\Documents and Settings\Dan Schnitzler\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seven days of free [bleep].url Category : Misc Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\Documents and Settings\Dan Schnitzler\Favorites\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search Value : SearchAssistant CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank CoolWebSearch Object Recognized! Type : File Data : wbemess.log Category : Malware Comment : Object : C:\WINDOWS\System32\wbem\logs\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 11 Objects found so far: 31 2:48:11 PM Scan Complete
[Referred]VX2 and Coolwebsearch
Started by
dipschnit
, Jun 30 2005 12:52 PM
#1
Posted 30 June 2005 - 12:52 PM
#2
Posted 30 June 2005 - 01:14 PM
Hello!
As you are an registered user of Ad-aware SE Plus - version,
you are entitled for free email- support offered by Lavasoft.
You might want to check out Lavasoft's website;
http://www.lavasoft.com/
However,
if you decide not to go with the official support,
you may also wait for Ad-aware Expert's of this forum to come and give you hand.
Though they will want you to upgrade your build of Ad-aware..
As the latest version is version 1.06.
Find that info from Lavasoft's website also.
Once you have upgraded your version,
you may post the new "Full System Scan" log to this topic for Ad-aware Expert's review.
- Rawe
As you are an registered user of Ad-aware SE Plus - version,
you are entitled for free email- support offered by Lavasoft.
You might want to check out Lavasoft's website;
http://www.lavasoft.com/
However,
if you decide not to go with the official support,
you may also wait for Ad-aware Expert's of this forum to come and give you hand.
Though they will want you to upgrade your build of Ad-aware..
As the latest version is version 1.06.
Find that info from Lavasoft's website also.
Once you have upgraded your version,
you may post the new "Full System Scan" log to this topic for Ad-aware Expert's review.
- Rawe
#3
Posted 30 June 2005 - 02:18 PM
I can't upgrade because I got this version free from a friend. I don't have number or email or any of the stuff I need in order to upgrade. Whenever I try to upgrade within the client it freezes up. Can I use these definitions? If not, that I can't be helped.
#4
Posted 30 June 2005 - 02:34 PM
Hi: dipschnit
Ad-aware SE even in it's current latest build is not capable of removing completely if at all CWS of that variant.
My suggestion would be to post a HijackThis Log right here in the next forum above reserved for just that purpose.
Thanks and rest assured you're issue can be safely resolved here at GeeksToGo
Ad-aware SE even in it's current latest build is not capable of removing completely if at all CWS of that variant.
My suggestion would be to post a HijackThis Log right here in the next forum above reserved for just that purpose.
Thanks and rest assured you're issue can be safely resolved here at GeeksToGo
#5
Guest_Andy_veal_*
Posted 30 June 2005 - 03:34 PM
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.
Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users