Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Stuborn CoolWebSearch!

Started by John0 , Oct 08 2005 03:42 AM

  • Please log in to reply

#16
John0
Posted 17 October 2005 - 03:19 PM

John0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi,

Ran through the procedure followed by AdAw, and... bang! They're back!!! :)

Sheez! They're stubborn little monkeys!!!

I had also ran AdAw after the procedure before this last one and as suspected, CWS showed up... so i wasn't too surprised to see it again!!!

What to do, what to do? :tazz:

Here's the AdAw report from this round... cheers,


Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, October 18, 2005 6:52:48 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R70 12.10.2005
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª

References detected during the scan:
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
CoolWebSearch(TAC index:10):2 total references
MRU List(TAC index:0):2 total references
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R70 12.10.2005
Internal build : 82
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 532922 Bytes
Total size : 1597866 Bytes
Signature data size : 1564479 Bytes
Reference data size : 32875 Bytes
Signatures total : 44398
CSI Fingerprints total : 1051
CSI data size : 37487 Bytes
Target categories : 15
Target families : 759


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:26 %
Total physical memory:260592 kb
Available physical memory:65532 kb
Total page file size:640692 kb
Available on page file:448028 kb
Total virtual memory:2097024 kb
Available virtual memory:2047976 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-18-2005 6:52:48 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\The Hales Family\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-3937924714-1621694151-1641993356-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 516
ThreadCreationTime : 10-17-2005 8:47:44 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 584
ThreadCreationTime : 10-17-2005 8:47:47 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 608
ThreadCreationTime : 10-17-2005 8:47:48 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 652
ThreadCreationTime : 10-17-2005 8:47:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 664
ThreadCreationTime : 10-17-2005 8:47:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 816
ThreadCreationTime : 10-17-2005 8:47:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 892
ThreadCreationTime : 10-17-2005 8:47:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 984
ThreadCreationTime : 10-17-2005 8:47:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1028
ThreadCreationTime : 10-17-2005 8:47:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1116
ThreadCreationTime : 10-17-2005 8:47:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1364
ThreadCreationTime : 10-17-2005 8:47:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2008
ThreadCreationTime : 10-17-2005 8:47:57 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [hkcmd.exe]
ModuleName : C:\WINDOWS\System32\hkcmd.exe
Command Line : "C:\WINDOWS\System32\hkcmd.exe"
ProcessID : 192
ThreadCreationTime : 10-17-2005 8:47:58 PM
BasePriority : Normal
FileVersion : 3,0,0,2023
ProductVersion : 7,0,0,2023
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:14 [tbpt.exe]
ModuleName : C:\program files\Telstra\Signup\tbpt.exe
Command Line : "C:\program files\Telstra\Signup\tbpt.exe"
ProcessID : 200
ThreadCreationTime : 10-17-2005 8:47:58 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 00, 6, 1
ProductName : Telstra Big Pond Launcher
CompanyName : Telstra Big Pond
FileDescription : Telstra Home Page Launcher
InternalName : Telstra Web Comp
LegalCopyright : Copyright © 2000
LegalTrademarks : HyperDyne Æ
OriginalFilename : tbpt.exe
Comments : [email protected]

#:15 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 208
ThreadCreationTime : 10-17-2005 8:47:58 PM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:16 [gcasserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ProcessID : 244
ThreadCreationTime : 10-17-2005 8:47:58 PM
BasePriority : Idle
FileVersion : 1.00.0615
ProductVersion : 1.00.0615
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : MicrosoftÆ and WindowsÆ are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:17 [ccsetmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
ProcessID : 444
ThreadCreationTime : 10-17-2005 8:47:59 PM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:18 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 492
ThreadCreationTime : 10-17-2005 8:47:59 PM
BasePriority : Normal
FileVersion : 10.00.2
ProductVersion : 10.00.2
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:19 [nprotect.exe]
ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 536
ThreadCreationTime : 10-17-2005 8:47:59 PM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:20 [gcasdtserv.exe]
ModuleName : C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Command Line : "C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe"
ProcessID : 1084
ThreadCreationTime : 10-17-2005 8:48:00 PM
BasePriority : Normal
FileVersion : 1.00.0615
ProductVersion : 1.00.0615
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : MicrosoftÆ and WindowsÆ are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:21 [symlcsvc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
ProcessID : 1460
ThreadCreationTime : 10-17-2005 8:48:04 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:22 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1668
ThreadCreationTime : 10-17-2005 8:48:13 PM
BasePriority : Normal
FileVersion : 103.0.5.2
ProductVersion : 103.0.5.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:23 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1696
ThreadCreationTime : 10-17-2005 8:48:13 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:24 [savscan.exe]
ModuleName : C:\Program Files\Norton AntiVirus\SAVScan.exe
Command Line : "C:\Program Files\Norton AntiVirus\SAVScan.exe"
ProcessID : 2112
ThreadCreationTime : 10-17-2005 8:48:21 PM
BasePriority : Normal

ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:25 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2216
ThreadCreationTime : 10-17-2005 8:48:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:26 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3d8]SUSDS2c441be74bc30342af548044a7af8df8
ProcessID : 2608
ThreadCreationTime : 10-17-2005 8:48:59 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : MicrosoftÆ WindowsÆ Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:27 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 2704
ThreadCreationTime : 10-17-2005 8:50:22 PM
BasePriority : Normal
FileVersion : 4.7.3000
ProductVersion : Version 4.7.3000
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:28 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2956
ThreadCreationTime : 10-17-2005 8:52:25 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
New critical objects: 0
Objects found so far: 2


Started registry scan
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08

Registry Scan result:
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
New critical objects: 1
Objects found so far: 3


Started deep registry scan
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª

Deep registry scan result:
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
New critical objects: 0
Objects found so far: 3


Started Tracking Cookie scan
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª


Tracking cookie scan result:
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
New critical objects: 0
Objects found so far: 3



Deep scanning and examining files (C:)
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª

Disk Scan Result for C:\
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
New critical objects: 0
Objects found so far: 3


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª

Hosts file scan result:
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
0 entries scanned.
New critical objects:0
Objects found so far: 3




Performing conditional scans...
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª

CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\wbem\logs\



Conditional scan result:
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
New critical objects: 1
Objects found so far: 4

7:02:42 AM Scan Complete

Summary Of This Scan
ªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªªª
Total scanning time:00:09:54.63
Objects scanned:99888
Objects identified:2
Objects ignored:0
New critical objects:2


  • 0

Advertisements

#17
tampabelle
Posted 17 October 2005 - 04:39 PM

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Copy the part in bold below into notepad and save it as fix.reg
Save as type:All files (The first line in the file should be REGEDIT4)

REGEDIT4

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_*008f__6q*00d4*00f5*0013'*00aa*00b4*00c6*00d08]



Double click on fix.reg and let it merge with your registry.



wbemess.log is a log which keeps track of certain events. No idea why it is being picked up by Ad Aware as CWS infected. We can classify this as a false finding by Ad Aware.

Do you have any other issues with your PC???
  • 0

#18
John0
Posted 18 October 2005 - 02:55 PM

John0

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi Tampabelle,

Thanks for all this... i've returned the PC now saying that i've done all i could and that it would appear to be well... Although I still feel a bit uneasy about this CWS showing up?!? I've told this chap to be very diligent and run AdAw, SBS&D, and keep his Norton updated... I might suggest downloading FireFox and Pheonix, or Netscape instead of using IE and OLx...

I've got another friends PC to mend but i'll post that under a separate subject...

Again, many thanks for time and effort.

John
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP