Ad-Aware SE Build 1.06r1 Logfile Created on:Friday, September 22, 2006 11:44:20 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R124 19.09.2006 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CometSystems(TAC index:8):1 total references Lop(TAC index:7):3 total references SpywareStormer(TAC index:3):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for low-risk threats Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 9-22-2006 11:44:20 AM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 420 ThreadCreationTime : 9-22-2006 5:36:02 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 476 ThreadCreationTime : 9-22-2006 5:36:12 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\System32\ ProcessID : 516 ThreadCreationTime : 9-22-2006 5:36:31 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 560 ThreadCreationTime : 9-22-2006 5:36:31 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 572 ThreadCreationTime : 9-22-2006 5:36:31 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 776 ThreadCreationTime : 9-22-2006 5:36:33 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 836 ThreadCreationTime : 9-22-2006 5:36:34 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [msmpeng.exe] FilePath : C:\Program Files\Windows Defender\ ProcessID : 900 ThreadCreationTime : 9-22-2006 5:36:34 PM BasePriority : Normal FileVersion : 1.1.1347.0 ProductVersion : 1.1.1347.0 ProductName : Windows Defender CompanyName : Microsoft Corporation FileDescription : Service Executable InternalName : MsMpEng.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : MsMpEng.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 944 ThreadCreationTime : 9-22-2006 5:36:34 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1032 ThreadCreationTime : 9-22-2006 5:36:34 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1124 ThreadCreationTime : 9-22-2006 5:36:35 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:12 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1280 ThreadCreationTime : 9-22-2006 5:36:37 PM BasePriority : Normal FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519) ProductVersion : 5.1.2600.2696 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:13 [cisvc.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1668 ThreadCreationTime : 9-22-2006 5:36:52 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Content Index service InternalName : cisvc.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cisvc.exe #:14 [guard.exe] FilePath : C:\Program Files\ewido anti-spyware 4.0\ ProcessID : 1700 ThreadCreationTime : 9-22-2006 5:36:53 PM BasePriority : Normal FileVersion : 4, 0, 0, 172 ProductVersion : 4, 0, 0, 172 ProductName : ewido anti-spyware CompanyName : Anti-Malware Development a.s. FileDescription : ewido anti-spyware guard InternalName : ewido anti-spywareguard LegalCopyright : Copyright © 2005 Anti-Malware Development a.s. OriginalFilename : guard.exe #:15 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1872 ThreadCreationTime : 9-22-2006 5:36:55 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:16 [wdfmgr.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 128 ThreadCreationTime : 9-22-2006 5:36:58 PM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:17 [wanmpsvc.exe] FilePath : C:\WINDOWS\ ProcessID : 192 ThreadCreationTime : 9-22-2006 5:36:58 PM BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:18 [wuauclt.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 2312 ThreadCreationTime : 9-22-2006 5:38:37 PM BasePriority : Normal FileVersion : 5.8.0.2469 built by: lab01_n(wmbla) ProductVersion : 5.8.0.2469 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:19 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2412 ThreadCreationTime : 9-22-2006 5:38:42 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:20 [tmntsrv.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2003\ ProcessID : 3316 ThreadCreationTime : 9-22-2006 5:41:09 PM BasePriority : Normal FileVersion : 10.0.5.1142 ProductVersion : 10.0.5 ProductName : Trend Pc-cillin 10.05 CompanyName : Trend Micro Incorporated. FileDescription : Tmntsrv InternalName : Tmntsrv LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : Tmntsrv.exe #:21 [pccpfw.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2003\ ProcessID : 3404 ThreadCreationTime : 9-22-2006 5:41:13 PM BasePriority : Normal FileVersion : 10.0.5.1142 ProductVersion : 10.0.5 ProductName : Trend Pc-cillin 10.05 CompanyName : Trend Micro Incorporated. FileDescription : PCCPFW InternalName : PCCPFW LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : PCCPFW.exe #:22 [tmproxy.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2003\ ProcessID : 3492 ThreadCreationTime : 9-22-2006 5:41:15 PM BasePriority : Normal #:23 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 188 ThreadCreationTime : 9-22-2006 5:42:57 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:24 [ewido.exe] FilePath : C:\Program Files\ewido anti-spyware 4.0\ ProcessID : 360 ThreadCreationTime : 9-22-2006 5:43:01 PM BasePriority : Normal FileVersion : 4, 0, 0, 172 ProductVersion : 4, 0, 0, 172 ProductName : ewido anti-spyware CompanyName : Anti-Malware Development a.s. FileDescription : ewido anti-spyware InternalName : ewido anti-spyware LegalCopyright : Copyright © 2005 Anti-Malware Development a.s. OriginalFilename : ewido.exe #:25 [pop3trap.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2003\ ProcessID : 1396 ThreadCreationTime : 9-22-2006 5:43:02 PM BasePriority : Normal FileVersion : 10.0.5.1142 ProductVersion : 10.0.5 ProductName : Trend Pc-cillin 10.05 CompanyName : Trend Micro Incorporated. FileDescription : POP3Trap InternalName : POP3Trap LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : POP3Trap #:26 [pccguide.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2003\ ProcessID : 456 ThreadCreationTime : 9-22-2006 5:43:02 PM BasePriority : Normal FileVersion : 10.0.5.1142 ProductVersion : 10.0.5 ProductName : Trend Pc-cillin 10.05 CompanyName : Trend Micro Incorporated. FileDescription : PCCGuide InternalName : PCCGuide LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : PCCGuide #:27 [pccclient.exe] FilePath : C:\Program Files\Trend Micro\PC-cillin 2003\ ProcessID : 452 ThreadCreationTime : 9-22-2006 5:43:02 PM BasePriority : Normal FileVersion : 10.0.5.1142 ProductVersion : 10.0.5 ProductName : Trend Pc-cillin 10.05 CompanyName : Trend Micro Incorporated. FileDescription : PCCClient InternalName : PCCClient LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : PCCClient #:28 [cidaemon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2424 ThreadCreationTime : 9-22-2006 5:43:32 PM BasePriority : Idle FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Indexing Service filter daemon InternalName : cidaemon.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : cidaemon.exe #:29 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2620 ThreadCreationTime : 9-22-2006 5:43:44 PM BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CometSystems Object Recognized! Type : File Data : A0044397.dll TAC Rating : 8 Category : Data Miner Comment : Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP170\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : ScreensaversInstaller Module FileDescription : ScreensaversInstaller Module InternalName : ScreensaversInstaller LegalCopyright : Copyright 2004 OriginalFilename : ScreensaversInst.DLL SpywareStormer Object Recognized! Type : File Data : A0044404.exe TAC Rating : 3 Category : Misc Comment : Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP170\ FileVersion : 1.04.0007 ProductVersion : 1.04.0007 ProductName : Spyware Stormer CompanyName : Spyware Stormer Inc. FileDescription : Spyware Stormer InternalName : SpywareStormer LegalCopyright : Copyright 2004. (c) Spyware Stormer Inc. LegalTrademarks : Spyware Stormer is a legal trademark of Spyware Stormer Inc. OriginalFilename : SpywareStormer.exe Lop Object Recognized! Type : File Data : A0044409.exe TAC Rating : 7 Category : Malware Comment : Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP170\ Lop Object Recognized! Type : File Data : A0044410.exe TAC Rating : 7 Category : Malware Comment : Object : C:\System Volume Information\_restore{B762F5BE-1DFD-40DA-9793-F321C2185D05}\RP170\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Deep scanning and examining files (D:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 4 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Lop Object Recognized! Type : Regkey Data : TAC Rating : 7 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 5 12:19:59 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:35:39.421 Objects scanned:243904 Objects identified:5 Objects ignored:0 New critical objects:5