DSO Exploit and CoolWWWSearch

I can't get rid of either of these entries with SpyBot S&D, although it is fully updated and detect them. It even says both object are removed when it tries, but upon a rescan, they pop back up again. Even with a system boot scan, they keep reappearing

 

I actuially have the same problem! But its just DSO Exploit that keeps comming back.

 

There is a bug in Spybot that shows DSO as a false positive. Ignore it. For CWS get CWShreader http://majorgeeks.com/download4086.html

 

Just for curiousity sake what do you mean by false positive? Is this process not something I want to be rid of?

 

it's an old bug in IE that has since been fixed and spybot still detects it as an issue. Don't bother with it. Set spybot to ignore it and move on.

 

Ok I used the CWShredder, but it came up with nothing, although Ad-Aware is still telling me it is present on the system. Below is the Ad-Aware Logfile


Ad-Aware SE Build 1.05

Logfile Created on:Friday, October 15, 2004 4:31:44 PM

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R12 14.10.2004

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch(TAC index:10):40 total references

MRU List(TAC index:0):35 total references

Tracking Cookie(TAC index:3):5 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects



10-15-2004 4:31:44 PM - Scan started. (Smart mode)

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 584

ThreadCreationTime : 10-15-2004 8:26:48 PM

BasePriority : Normal



#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 656

ThreadCreationTime : 10-15-2004 8:26:50 PM

BasePriority : Normal



#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 688

ThreadCreationTime : 10-15-2004 8:26:55 PM

BasePriority : High



#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 740

ThreadCreationTime : 10-15-2004 8:26:55 PM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Services and Controller app

InternalName : services.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : services.exe

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 752

ThreadCreationTime : 10-15-2004 8:26:55 PM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : lsass.exe

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 924

ThreadCreationTime : 10-15-2004 8:26:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1024

ThreadCreationTime : 10-15-2004 8:26:56 PM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1224

ThreadCreationTime : 10-15-2004 8:26:57 PM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1236

ThreadCreationTime : 10-15-2004 8:26:57 PM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : svchost.exe

#:10 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1364

ThreadCreationTime : 10-15-2004 8:26:57 PM

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : spoolsv.exe

#:11 [asfagent.exe]

FilePath : C:\Program Files\Intel\ASF Agent\

ProcessID : 1488

ThreadCreationTime : 10-15-2004 8:27:05 PM

BasePriority : Normal

FileVersion : 3.0

ProductVersion : 3.0

ProductName : Intel® PRO Alerting Suite ASF 1.0 Compatible

CompanyName : Intel Corporation

FileDescription : ASF Agent COM Service

InternalName : ASFAgent

LegalCopyright : Copyright © 2000-2002 Intel Corporation

OriginalFilename : ASFAgent.EXE

#:12 [ctsvccda.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1508

ThreadCreationTime : 10-15-2004 8:27:05 PM

BasePriority : Normal

FileVersion : 1.0.1.0

ProductVersion : 1.0.0.0

ProductName : Creative Service for CDROM Access

CompanyName : Creative Technology Ltd

FileDescription : Creative Service for CDROM Access

InternalName : CTsvcCDAEXE

LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.

OriginalFilename : CTsvcCDA.EXE

#:13 [iap.exe]

FilePath : C:\Program Files\Dell\OpenManage\Client\

ProcessID : 1548

ThreadCreationTime : 10-15-2004 8:27:05 PM

BasePriority : Normal

FileVersion : 7, 0, 316, 0

ProductVersion : 7, 0, 316, 0

ProductName : OpenManage Client Instrumentation

CompanyName : Dell Computer Corporation

FileDescription : Iap Module

InternalName : Iap

LegalCopyright : Copyright © Dell Computer Corporation 2000-2001

OriginalFilename : Iap.EXE

#:14 [mdm.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\

ProcessID : 1572

ThreadCreationTime : 10-15-2004 8:27:06 PM

BasePriority : Normal

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

ProductName : Microsoft Development Environment

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000

OriginalFilename : mdm.exe

#:15 [winsy.exe]

FilePath : C:\WINDOWS\

ProcessID : 1608

ThreadCreationTime : 10-15-2004 8:27:06 PM

BasePriority : Normal



CoolWebSearch Object Recognized!

Type : Process

Data : winsy.exe

Category : Malware

Comment : (CSI MATCH)

Object : C:\WINDOWS\



Warning! CoolWebSearch Object found in memory(C:\WINDOWS\winsy.exe)

"C:\WINDOWS\winsy.exe"Process terminated successfully

"C:\WINDOWS\winsy.exe"Process terminated successfully

#:16 [mspmspsv.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1840

ThreadCreationTime : 10-15-2004 8:27:09 PM

BasePriority : Normal

FileVersion : 7.00.00.1954

ProductVersion : 7.00.00.1954

ProductName : Microsoft (R) DRM

CompanyName : Microsoft Corporation

FileDescription : WMDM PMSP Service

InternalName : MSPMSPSV.EXE

LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000

OriginalFilename : MSPMSPSV.EXE

#:17 [wuauclt.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1924

ThreadCreationTime : 10-15-2004 8:27:09 PM

BasePriority : Normal

FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)

ProductVersion : 5.4.3790.2182

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

#:18 [wmiprvse.exe]

FilePath : C:\WINDOWS\System32\wbem\

ProcessID : 348

ThreadCreationTime : 10-15-2004 8:28:42 PM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : WMI

InternalName : Wmiprvse.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : Wmiprvse.exe

#:19 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 980

ThreadCreationTime : 10-15-2004 8:28:56 PM

BasePriority : Normal

FileVersion : 6.00.2600.0000 (xpclient.010817-1148)

ProductVersion : 6.00.2600.0000

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows Explorer

InternalName : explorer

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : EXPLORER.EXE

#:20 [atiptaxx.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1116

ThreadCreationTime : 10-15-2004 8:28:59 PM

BasePriority : Normal

FileVersion : 6.13.10.2529

ProductVersion : 6.13.10.2529

ProductName : ATI Desktop Component

CompanyName : ATI Technologies, Inc.

FileDescription : ATI Desktop Control Panel

InternalName : Atiptaxx.exe

LegalCopyright : Copyright (C) 1998-2001 ATI Technologies Inc.

OriginalFilename : Atiptaxx.exe

#:21 [desk98.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1160

ThreadCreationTime : 10-15-2004 8:28:59 PM

BasePriority : Normal

FileVersion : 2.50.00.0023

ProductVersion : 2.50.00.0023

ProductName : ATI Technologies Inc. HydraVision Desktop Manager

CompanyName : ATI Technologies Inc.

FileDescription : Desk98

InternalName : Desk98

LegalCopyright : Copyright © ATI Technologies Inc. 1985-2001

OriginalFilename : Desk98.exe

#:22 [directcd.exe]

FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\

ProcessID : 1064

ThreadCreationTime : 10-15-2004 8:29:00 PM

BasePriority : Normal

FileVersion : 5.2.0.91

ProductVersion : 5.2.0.91

ProductName : DirectCD

CompanyName : Roxio

FileDescription : DirectCD Application

InternalName : DirectCD

LegalCopyright : Copyright (c) 2001-2002, Roxio, Inc.

OriginalFilename : Directcd.exe

#:23 [e_s10ic1.exe]

FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\

ProcessID : 1172

ThreadCreationTime : 10-15-2004 8:29:00 PM

BasePriority : Normal

FileVersion : 3.03

ProductVersion : 3.03

ProductName : EPSON Status Monitor 3

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Status Monitor 3

InternalName : E_S10IC1

LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2002

OriginalFilename : E_S10IC1.EXE

#:24 [realsched.exe]

FilePath : C:\Program Files\Common Files\Real\Update_OB\

ProcessID : 796

ThreadCreationTime : 10-15-2004 8:29:00 PM

BasePriority : Normal

FileVersion : 0.1.0.1622

ProductVersion : 0.1.0.1622

ProductName : RealOne Player (32-bit)

CompanyName : RealNetworks, Inc.

FileDescription : RealNetworks Scheduler

InternalName : schedapp

LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002

LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.

OriginalFilename : realsched.exe

#:25 [apime32.exe]

FilePath : C:\WINDOWS\

ProcessID : 1436

ThreadCreationTime : 10-15-2004 8:29:01 PM

BasePriority : Normal



CoolWebSearch Object Recognized!

Type : Process

Data : apime32.exe

Category : Malware

Comment : (CSI MATCH)

Object : C:\WINDOWS\



Warning! CoolWebSearch Object found in memory(C:\WINDOWS\apime32.exe)

"C:\WINDOWS\apime32.exe"Process terminated successfully

"C:\WINDOWS\apime32.exe"Process terminated successfully

#:26 [aim.exe]

FilePath : C:\Program Files\AIM95\

ProcessID : 1532

ThreadCreationTime : 10-15-2004 8:29:03 PM

BasePriority : Normal

FileVersion : 5.2.3292

ProductVersion : 5.2.3292

ProductName : AOL Instant Messenger

CompanyName : America Online, Inc.

FileDescription : AOL Instant Messenger

InternalName : AIM

LegalCopyright : Copyright © 1996-2003 America Online, Inc.

OriginalFilename : AIM.EXE

#:27 [ctfmon.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1764

ThreadCreationTime : 10-15-2004 8:29:05 PM

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : CTFMON.EXE

#:28 [h??o?.exe]

FilePath : C:\Documents and Settings\Allison Bader\Application Data\

ProcessID : 196

ThreadCreationTime : 10-15-2004 8:29:06 PM

BasePriority : Normal



#:29 [m?iexec.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2040

ThreadCreationTime : 10-15-2004 8:29:06 PM

BasePriority : Normal



#:30 [wuauclt.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1412

ThreadCreationTime : 10-15-2004 8:29:10 PM

BasePriority : Normal

FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)

ProductVersion : 5.4.3790.2182

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Automatic Updates

InternalName : wuauclt.exe

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : wuauclt.exe

#:31 [sapisvr.exe]

FilePath : C:\Program Files\Common Files\Microsoft Shared\Speech\

ProcessID : 1032

ThreadCreationTime : 10-15-2004 8:29:50 PM

BasePriority : Normal

FileVersion : 5.1.4111.00 (XPClient.010817-1148)

ProductVersion : 5.1.4111.00

ProductName : Microsoft® Windows(TM) Operating System

CompanyName : Microsoft Corporation

FileDescription : SAPISVR 5

InternalName : SAPISVR5

LegalCopyright : © Microsoft Corporation. All rights reserved.

OriginalFilename : SAPISVR5

#:32 [devldr32.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2116

ThreadCreationTime : 10-15-2004 8:30:03 PM

BasePriority : Normal

FileVersion : 1, 0, 0, 17

ProductVersion : 1, 0, 0, 17

ProductName : Creative Ring3 NT Inteface

CompanyName : Creative Technology Ltd.

FileDescription : DevLdr32

InternalName : DevLdr

LegalCopyright : Copyright (C) Creative Technology Ltd. 1998-2001

OriginalFilename : DevLdr32.exe

#:33 [cwshredder.exe]

FilePath : C:\Documents and Settings\Allison Bader\Local Settings\Temp\Temporary Directory 2 for cwshredder[1].zip\

ProcessID : 2272

ThreadCreationTime : 10-15-2004 8:30:43 PM

BasePriority : Normal

FileVersion : 1.59.0001

ProductVersion : 1.59.0001

ProductName : CSWhredder

CompanyName : Soeperman Enterprises Ltd.

FileDescription : CWShredder - CoolWebSearch browser hijacker removal tool

InternalName : CWShredder

OriginalFilename : CWShredder.exe

#:34 [ad-aware.exe]

FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\

ProcessID : 2292

ThreadCreationTime : 10-15-2004 8:31:34 PM

BasePriority : Normal

FileVersion : 6.2.0.206

ProductVersion : VI.Second Edition

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

LegalCopyright : Copyright © Lavasoft Sweden

OriginalFilename : Ad-Aware.exe

Comments : All Rights Reserved

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 2

Objects found so far: 2



Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\controlset001\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\controlset001\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3

Value : NextInstance

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\controlset001\services\o?-’ŽrtñåȲ$Ó

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\controlset001\services\o?-’ŽrtñåȲ$Ó

Value : Type

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\controlset001\services\o?-’ŽrtñåȲ$Ó

Value : Start

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\controlset001\services\o?-’ŽrtñåȲ$Ó

Value : ErrorControl

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\controlset001\services\o?-’ŽrtñåȲ$Ó

Value : ImagePath

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\controlset001\services\o?-’ŽrtñåȲ$Ó

Value : DisplayName

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\controlset001\services\o?-’ŽrtñåȲ$Ó

Value : ObjectName

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3

Value : NextInstance

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000

Value : Service

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000

Value : Legacy

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000

Value : ConfigFlags

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000

Value : Class

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000

Value : ClassGUID

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000

Value : DeviceDesc

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000\control

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\enum\root\legacy_o?*001e*2019*017drt*00f1*00e5*00c8*00b2$*000e*00d3\0000\control

Value : ActiveService

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\services\o?-’ŽrtñåȲ$Ó

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\services\o?-’ŽrtñåȲ$Ó

Value : Type

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\services\o?-’ŽrtñåȲ$Ó

Value : Start

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\services\o?-’ŽrtñåȲ$Ó

Value : ErrorControl

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\services\o?-’ŽrtñåȲ$Ó

Value : ImagePath

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\services\o?-’ŽrtñåȲ$Ó

Value : DisplayName

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment : CWS.FullSearch

Rootkey : HKEY_LOCAL_MACHINE

Object : system\currentcontrolset\services\o?-’ŽrtñåȲ$Ó

Value : ObjectName

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 27

Objects found so far: 29



Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 29



Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»



Tracking Cookie Object Recognized!

Type : IECache Entry

Data : allison bader@doubleclick[1].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:allison bader@doubleclick.net/

Expires : 10-15-2004 4:45:12 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : allison bader@bluestreak[1].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:allison bader@bluestreak.com/

Expires : 10-13-2014 12:08:20 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : allison bader@edge.ru4[1].txt

Category : Data Miner

Comment : Hits:1

Value : Cookie:allison bader@edge.ru4.com/

Expires : 12-14-2004 4:30:22 PM

LastSync : Hits:1

UseCount : 0

Hits : 1

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : allison bader@atdmt[2].txt

Category : Data Miner

Comment : Hits:2

Value : Cookie:allison bader@atdmt.com/

Expires : 10-13-2009 8:00:00 PM

LastSync : Hits:2

UseCount : 0

Hits : 2

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : allison bader@tribalfusion[2].txt

Category : Data Miner

Comment : Hits:3

Value : Cookie:allison bader@tribalfusion.com/

Expires : 12-31-2037 8:00:00 PM

LastSync : Hits:3

UseCount : 0

Hits : 3

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 5

Objects found so far: 34





Deep scanning and examining files...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!

Type : File

Data : wipmk.log

Category : Malware

Comment :

Object : C:\WINDOWS\





Disk Scan Result for C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 35

Disk Scan Result for C:\WINDOWS\System32

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 35

Disk Scan Result for C:\DOCUME~1\ALLISO~1\LOCALS~1\Temp\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 35

MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\search assistant\acmru

Description : list of recent search terms used with the search assistant



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru

Description : list of recently saved files, stored according to file extension



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru

Description : list of recent programs opened



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\windows\currentversion\explorer\recentdocs

Description : list of recent documents opened



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru

Description : list of recent documents opened by microsoft word



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru

Description : list of recent documents saved by microsoft word



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\office\10.0\word\recent templates

Description : list of recent templates used by microsoft word



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\office\10.0\excel\recent files

Description : list of recent files used by microsoft excel



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\office\10.0\powerpoint\recent file list

Description : list of recent files used by microsoft powerpoint



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\office\10.0\common\open find\microsoft powerpoint\settings\save as\file name mru

Description : list of recent documents saved by microsoft powerpoint



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\mediaplayer\player\recentfilelist

Description : list of recently used files in microsoft windows media player



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent skins in realplayer



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\internet explorer

Description : last download directory used in microsoft internet explorer



MRU List Object Recognized!

Location: : software\microsoft\directdraw\mostrecentapplication

Description : most recent application to use microsoft directdraw



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\microsoft management console\recent file list

Description : list of recent snap-ins used in the microsoft management console



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\internet explorer\typedurls

Description : list of recently entered addresses in microsoft internet explorer



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\creative tech\creative wavestudio\settings

Description : list of recently used directories in creative wavestudio



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\office\10.0\powerpoint\recent typeface list

Description : list of recently used typefaces in microsoft powerpoint



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles

Description : list of recently used files in adobe reader



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\mediaplayer\player\settings

Description : last open directory used in jasc paint shop pro



MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct3d



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\realnetworks\realplayer\6.0\preferences

Description : list of recent clips in realplayer



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\windows\currentversion\applets\regedit

Description : last key accessed using the microsoft registry editor



MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player



MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player



MRU List Object Recognized!

Location: : S-1-5-19\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player



MRU List Object Recognized!

Location: : S-1-5-20\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\mediaplayer\preferences

Description : last playlist loaded in microsoft windows media player



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\realnetworks\realplayer\6.0\preferences

Description : last login time in realplayer



MRU List Object Recognized!

Location: : software\microsoft\direct3d\mostrecentapplication

Description : most recent application to use microsoft direct X



MRU List Object Recognized!

Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general

Description : windows media sdk



MRU List Object Recognized!

Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general

Description : windows media sdk



MRU List Object Recognized!

Location: : S-1-5-21-720897496-3604470327-847386435-1006\software\microsoft\windows media\wmsdk\general

Description : windows media sdk



MRU List Object Recognized!

Location: : C:\Documents and Settings\Allison Bader\Application Data\microsoft\office\recent

Description : list of recently opened documents using microsoft office



MRU List Object Recognized!

Location: : C:\Documents and Settings\Allison Bader\recent

Description : list of recently opened documents





Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\hsa

Value : DisplayName

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\hsa

Value : UninstallString

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\se

Value : DisplayName

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\se

Value : UninstallString

CoolWebSearch Object Recognized!

Type : Regkey

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\sw

Value : DisplayName

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\sw

Value : UninstallString

CoolWebSearch Object Recognized!

Type : RegValue

Data :

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\main

Value : Search Bar

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 10

Objects found so far: 80

4:32:38 PM Scan Complete

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00:00:53.813

Objects scanned:55062

Objects identified:45

Objects ignored:0

New critical objects:45