Logfile Created on:Wednesday, February 09, 2005 8:21:59 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R27 05.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):40 total references
MRU List(TAC index:0):9 total references
Tracking Cookie(TAC index:3):1 total references
Win32.TrojanDownloader.Agent.al(TAC index:7):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R27 05.02.2005
Internal build : 32
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 410347 Bytes
Total size : 1296130 Bytes
Signature data size : 1266439 Bytes
Reference data size : 29179 Bytes
Signatures total : 36032
Fingerprints total : 616
Fingerprints size : 23320 Bytes
Target categories : 15
Target families : 631
Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:29 %
Total physical memory:523244 kb
Available physical memory:146520 kb
Total page file size:1279844 kb
Available on page file:959944 kb
Total virtual memory:2097024 kb
Available virtual memory:2048728 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Reanalyze results after scanning before displaying results lists
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Create log file for removal operations
Set : Include alternate data stream details in log file
Set : Create and save WebUpdate log file
Set : Dump details about unhandled exceptions to disk
2-9-2005 8:21:59 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 388
ThreadCreationTime : 2-10-2005 12:15:31 AM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 436
ThreadCreationTime : 2-10-2005 12:15:35 AM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 2-10-2005 12:15:35 AM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 504
ThreadCreationTime : 2-10-2005 12:15:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 2-10-2005 12:15:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 2-10-2005 12:15:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 2-10-2005 12:15:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 804
ThreadCreationTime : 2-10-2005 12:15:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 860
ThreadCreationTime : 2-10-2005 12:15:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 888
ThreadCreationTime : 2-10-2005 12:15:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 2-10-2005 12:15:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 1304
ThreadCreationTime : 2-10-2005 12:15:38 AM
BasePriority : Normal
FileVersion : 1.1.4700.0
ProductVersion : 4.3.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe
#:13 [mpfservice.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1368
ThreadCreationTime : 2-10-2005 12:15:38 AM
BasePriority : Normal
FileVersion : 4.1.0.1
ProductVersion : 4.1.0.1
ProductName : McAfee Personal Firewall
CompanyName : McAfee Corporation
FileDescription : McAfee Personal Firewall Service
InternalName : MPFService
LegalCopyright : Copyright © 2000,2001
OriginalFilename : MpfService.exe
Comments : McAfee Personal Firewall Service
#:14 [msksrvr.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 1420
ThreadCreationTime : 2-10-2005 12:15:38 AM
BasePriority : Normal
FileVersion : 5.1.0.7
ProductVersion : 5.1
ProductName : McAfee SpamKiller
CompanyName : Networks Associates Technology. Inc.
FileDescription : McAfee SpamKiller Server
InternalName : MSKSRVR
LegalCopyright : Copyright © 1998-2004, Networks Associates Technology, Inc.
OriginalFilename : MSKSRVR.EXE
#:15 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_03\bin\
ProcessID : 1552
ThreadCreationTime : 2-10-2005 12:15:40 AM
BasePriority : Normal
#:16 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 1560
ThreadCreationTime : 2-10-2005 12:15:40 AM
BasePriority : Normal
FileVersion : 1.04.07b
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions
#:17 [support.exe]
FilePath : C:\Program Files\Common Files\Dell\EUSW\
ProcessID : 1584
ThreadCreationTime : 2-10-2005 12:15:40 AM
BasePriority : Normal
FileVersion : 2, 1, 1, 0
ProductVersion : 1, 0, 0, 1
ProductName : Dell Support
CompanyName : Dell
FileDescription : Support
InternalName : Support
LegalCopyright : Copyright © 2002
OriginalFilename : Support.exe
#:18 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1608
ThreadCreationTime : 2-10-2005 12:15:40 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe
#:19 [mpftray.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 1616
ThreadCreationTime : 2-10-2005 12:15:40 AM
BasePriority : Normal
FileVersion : 5.0.1.5
ProductVersion : 5.0.1.5
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Tray Monitor
InternalName : MpfTray
LegalCopyright : Copyright © 2000-2003 Networks Associates Technologies, Inc.
OriginalFilename : MPFTRAY.EXE
Comments : Tray Icon for McAfee Personal Firewall
#:20 [hpztsb04.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 1624
ThreadCreationTime : 2-10-2005 12:15:40 AM
BasePriority : Normal
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001
#:21 [mskagent.exe]
FilePath : C:\PROGRA~1\McAfee\SPAMKI~1\
ProcessID : 1648
ThreadCreationTime : 2-10-2005 12:15:40 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 4
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SpamKiller
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : MskAgent.exe
#:22 [notifyalert.exe]
FilePath : c:\Program Files\Dell\Support\Alert\bin\
ProcessID : 1676
ThreadCreationTime : 2-10-2005 12:15:40 AM
BasePriority : Normal
#:23 [msscli.exe]
FilePath : C:\Program Files\McAfee\McAfee AntiSpyware\
ProcessID : 1716
ThreadCreationTime : 2-10-2005 12:15:41 AM
BasePriority : Normal
FileVersion : 1.00.1117.0
ProductVersion : 1.00.1117.0
ProductName : McAfee AntiSpyware
CompanyName : Network Associates, Inc.
FileDescription : McAfee AntiSpyware RealTime Client
InternalName : MssCli.exe
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : MssCli.exe
#:24 [atlmt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1776
ThreadCreationTime : 2-10-2005 12:15:41 AM
BasePriority : Normal
#:25 [spywareblocker.exe]
FilePath : C:\Program Files\EarthLink TotalAccess\Spyware Blocker\
ProcessID : 1792
ThreadCreationTime : 2-10-2005 12:15:41 AM
BasePriority : Normal
FileVersion : 2.2.0.44
ProductVersion : 1.0.0.0
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper
LegalCopyright : Copyright © 2001-2003 Webroot Software, Inc.
#:26 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1804
ThreadCreationTime : 2-10-2005 12:15:41 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module
#:27 [swdoctor.exe]
FilePath : C:\Program Files\Spyware Doctor\
ProcessID : 1812
ThreadCreationTime : 2-10-2005 12:15:41 AM
BasePriority : Normal
FileVersion : 3.1.0.312
ProductVersion : 3.1
ProductName : Spyware Doctor
CompanyName : PCTools
FileDescription : Spyware Doctor
InternalName : Spyware Doctor
LegalCopyright : Copyright © 2004. Distributed by PC Tools Pty Ltd
OriginalFilename : swdr.exe
#:28 [taskpanl.exe]
FilePath : C:\Program Files\EarthLink TotalAccess\
ProcessID : 1848
ThreadCreationTime : 2-10-2005 12:15:41 AM
BasePriority : Normal
FileVersion : 2005.1.57.0
ProductVersion : 2005.1.57.0
ProductName : EarthLink TotalAccess
CompanyName : EarthLink, Inc.
LegalCopyright : © EarthLink, Inc. All rights reserved.
#:29 [iam.exe]
FilePath : C:\Program Files\CallWave\
ProcessID : 1872
ThreadCreationTime : 2-10-2005 12:15:41 AM
BasePriority : Normal
FileVersion : 3.07.4 (3-September-2004)
ProductVersion : 3.07.4 (3-September-2004)
ProductName : CallWave Service
CompanyName : CallWave, Inc.
FileDescription : Internet Answering Machine
InternalName : CallApp
LegalCopyright : Copyright © 1999-2003 CallWave, Inc.
OriginalFilename : CallApp.exe
#:30 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2000
ThreadCreationTime : 2-10-2005 12:15:44 AM
BasePriority : Normal
FileVersion : 6.14.10.4502
ProductVersion : 6.14.10.4502
ProductName : NVIDIA Driver Helper Service, Version 45.02
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 45.02
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:31 [scsiaccess.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 152
ThreadCreationTime : 2-10-2005 12:15:45 AM
BasePriority : Normal
#:32 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 308
ThreadCreationTime : 2-10-2005 12:15:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:33 [mpfagent.exe]
FilePath : C:\PROGRA~1\McAfee.com\PERSON~1\
ProcessID : 380
ThreadCreationTime : 2-10-2005 12:15:45 AM
BasePriority : Normal
FileVersion : 5.1.0.8
ProductVersion : 5.1.0.8
ProductName : McAfee Personal Firewall (MPF)
CompanyName : McAfee Security
FileDescription : McAfee Personal Firewall Agent Interface
InternalName : MpfAgent
LegalCopyright : Copyright © 2000-2004 Networks Associates Technologies, Inc.
OriginalFilename : MPFAGENT.EXE
Comments : McAfee Personal Firewall Security Center Module
#:34 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 480
ThreadCreationTime : 2-10-2005 12:15:45 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:35 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2200
ThreadCreationTime : 2-10-2005 12:16:03 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:36 [ipclient.exe]
FilePath : C:\Program Files\EarthLink TotalAccess\FastLane\
ProcessID : 2920
ThreadCreationTime : 2-10-2005 12:17:09 AM
BasePriority : Normal
FileVersion : 5.5.100.115
ProductVersion : 5.5.100.115
ProductName : Visual IP InSight
CompanyName : Visual Networks
FileDescription : IP Session Statistics
InternalName : IPCLIENT
LegalCopyright : Copyright © 2002 Visual Networks Technologies, Inc.
OriginalFilename : ipclient32.exe
#:37 [mcvsshld.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 2736
ThreadCreationTime : 2-10-2005 12:30:28 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource
#:38 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 2792
ThreadCreationTime : 2-10-2005 12:30:28 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine
#:39 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 2868
ThreadCreationTime : 2-10-2005 12:30:29 AM
BasePriority : High
#:40 [sdkze32.exe]
FilePath : C:\WINDOWS\
ProcessID : 4084
ThreadCreationTime : 2-10-2005 12:53:22 AM
BasePriority : Normal
Win32.TrojanDownloader.Agent.al Object Recognized!
Type : Process
Data : sdkze32.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\
Warning! Win32.TrojanDownloader.Agent.al Object found in memory(C:\WINDOWS\sdkze32.exe)
"C:\WINDOWS\sdkze32.exe"Process terminated successfully
"C:\WINDOWS\sdkze32.exe"Process terminated successfully
#:41 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 940
ThreadCreationTime : 2-10-2005 12:59:00 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:42 [mailclnt.exe]
FilePath : C:\Program Files\EarthLink TotalAccess\
ProcessID : 2552
ThreadCreationTime : 2-10-2005 1:04:46 AM
BasePriority : Normal
FileVersion : 2005.1.57.0
ProductVersion : 2005.1.57.0
ProductName : EarthLink TotalAccess
CompanyName : EarthLink, Inc.
FileDescription : EarthLink TotalAccess MailBox
LegalCopyright : © EarthLink, Inc. All rights reserved.
#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3480
ThreadCreationTime : 2-10-2005 1:21:48 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : File
Data : dxhzi.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : erbao.dat
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : euwtc.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : gaqqu.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : hmrfe.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : jsemh.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : klgww.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : kzvyi.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : pdtdr.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : sloqp.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : sysqt.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : sytqy.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : trlic.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
CoolWebSearch Object Recognized!
Type : File
Data : varhq.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
CoolWebSearch Object Recognized!
Type : File
Data : akxki.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : fljsm.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : fxoqb.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : hibfa.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : kouph.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : lelkh.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : mdtoh.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : mpeqi.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : nzkoo.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : othaf.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : qkken.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
CoolWebSearch Object Recognized!
Type : File
Data : tvikr.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : sandra alterman@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\DOCUME~1\SANDRA~1\LOCALS~1\Temp\Cookies\sandra alterman@doubleclick[1].txt
Disk Scan Result for C:\DOCUME~1\SANDRA~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 28
MRU List Object Recognized!
Location: : S-1-5-21-202424030-1552850721-240585589-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-202424030-1552850721-240585589-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-202424030-1552850721-240585589-1006\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-202424030-1552850721-240585589-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-202424030-1552850721-240585589-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : C:\Documents and Settings\Sandra Alterman\recent
Description : list of recently opened documents
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\sw
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\se
Value : UninstallString
CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : DisplayName
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\hsa
Value : UninstallString
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\search
Value : SearchAssistant
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar
CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft
Value : set
CoolWebSearch Object Recognized!
Type : Folder
Category : Malware
Comment :
Object : C:\Documents and Settings\Sandra Alterman\local settings\temporary internet files\msft\images-sprem
CoolWebSearch Object Recognized!
Type : File
Data : up.gif
Category : Malware
Comment :
Object : C:\Documents and Settings\Sandra Alterman\local settings\temporary internet files\msft\images-sprem\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 51
8:24:39 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:02:39.938
Objects scanned:62635
Objects identified:42
Objects ignored:0
New critical objects:42
Reanalyzing scan result
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
No objects have been removed from the result list.