Ad-Aware SE Build 1.06r1 Logfile Created on:Sunday, June 05, 2005 6:51:31 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R49 31.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Adintelligence.AproposToolbar(TAC index:5):3 total references JRaun(TAC index:6):1 total references Tracking Cookie(TAC index:3):1 total references Zango(TAC index:6):6 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 06-05-2005 6:51:31 PM - Scan started. (Smart mode) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [KERNEL32.DLL] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4279226341 Threads : 5 Priority : High FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Win32 Kernel core component InternalName : KERNEL32 LegalCopyright : Copyright (C) Microsoft Corp. 1991-1999 OriginalFilename : KERNEL32.DLL #:2 [MSGSRV32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294849233 Threads : 1 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Windows 32-bit VxD Message Server InternalName : MSGSRV32 LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998 OriginalFilename : MSGSRV32.EXE #:3 [MPREXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294837281 Threads : 1 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998 OriginalFilename : MPREXE.EXE #:4 [mmtask.tsk] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294861641 Threads : 1 Priority : Normal FileVersion : 4.03.1998 ProductVersion : 4.03.1998 ProductName : Microsoft Windows CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk LegalCopyright : Copyright © Microsoft Corp. 1991-1998 OriginalFilename : mmtask.tsk #:5 [SSDPSRV.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294883061 Threads : 7 Priority : Normal FileVersion : 4.90.3003.0 ProductVersion : 4.90.3003.0 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : SSDP Service on Windows Millennium InternalName : ssdpsrv.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : ssdpsrv.exe #:6 [EXPLORER.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294886329 Threads : 16 Priority : Normal FileVersion : 4.72.3110.1 ProductVersion : 4.72.3110.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-1997 OriginalFilename : EXPLORER.EXE #:7 [TASKMON.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294813677 Threads : 1 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Task Monitor InternalName : TaskMon LegalCopyright : Copyright (C) Microsoft Corp. 1998 OriginalFilename : TASKMON.EXE #:8 [STIMON.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294809805 Threads : 3 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Still Image Devices Monitor InternalName : STIMON LegalCopyright : Copyright (C) Microsoft Corp. 1996-1998 OriginalFilename : STIMON.EXE #:9 [QTTASK.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294831157 Threads : 1 Priority : Normal #:10 [SYSTRAY.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294834905 Threads : 2 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : System Tray Applet InternalName : SYSTRAY LegalCopyright : Copyright (C) Microsoft Corp. 1993-1998 OriginalFilename : SYSTRAY.EXE #:11 [DCFSSVC.EXE] FilePath : C:\WINDOWS\SYSTEM32\DRIVERS\ ProcessID : 4294820353 Threads : 2 Priority : Normal FileVersion : 1.1.4400.0 ProductVersion : 3.2.0400.0 ProductName : Kodak DC File System Driver (Win32) CompanyName : Eastman Kodak Company FileDescription : Kodak DC Ring 3 Conduit (Win32) InternalName : DcFsSvc.exe LegalCopyright : Copyright (C) Eastman Kodak Co. 2000-2002 OriginalFilename : DcFsSvc.exe #:12 [RUNDLL32.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294821161 Threads : 7 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998 OriginalFilename : RUNDLL.EXE #:13 [REALSCHED.EXE] FilePath : C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\ ProcessID : 4294826273 Threads : 2 Priority : Normal FileVersion : 0.1.0.3034 ProductVersion : 0.1.0.3034 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:14 [ATITASK.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294720537 Threads : 1 Priority : Normal FileVersion : 4.11.2309 ProductVersion : 4.11.2309 ProductName : ATI Technologies, Inc. CompanyName : ATI Technologies, Inc. FileDescription : ATI Task Application InternalName : AtiTask LegalCopyright : Copyright © ATI Technologies Inc. 1998 OriginalFilename : AtiTask #:15 [ATICWD32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294707353 Threads : 1 Priority : Normal FileVersion : 4.11.2449 ProductVersion : 4.11.2449 ProductName : ATI Technologies Inc. CompanyName : ATI Technologies Inc. FileDescription : ATI Common Windows Display Driver Extension InternalName : ATICWD32 LegalCopyright : Copyright © ATI Technologies Inc., 1998 OriginalFilename : ATICWD32.EXE #:16 [NSVSVC.EXE] FilePath : C:\WINDOWS\SYSTEM\NSVSVC\ ProcessID : 4294721313 Threads : 5 Priority : Normal FileVersion : 2.17.0000 ProductVersion : 2, 1, 7, 0 #:17 [PICSVR.EXE] FilePath : C:\WINDOWS\SYSTEM\PICSVR\ ProcessID : 4294735109 Threads : 2 Priority : Normal #:18 [RUNDLL32.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294728937 Threads : 2 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Run a DLL as an App InternalName : rundll LegalCopyright : Copyright (C) Microsoft Corp. 1991-1998 OriginalFilename : RUNDLL.EXE #:19 [ALUZKN.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294749729 Threads : 1 Priority : Normal #:20 [DEVMON.EXE] FilePath : C:\PROGRAM FILES\SNAPFISH\ ProcessID : 4294741013 Threads : 1 Priority : Normal #:21 [YPAGER.EXE] FilePath : C:\PROGRAM FILES\YAHOO!\MESSENGER\ ProcessID : 4294763505 Threads : 10 Priority : Normal FileVersion : 5, 6, 0, 1358 ProductVersion : 5, 6, 0, 1358 ProductName : Yahoo! Messenger CompanyName : Yahoo! Inc. FileDescription : Yahoo! Messenger InternalName : Yahoo! Messengerr LegalCopyright : Copyright 1998-2003 OriginalFilename : YPager.exe #:22 [ZONEALARM.EXE] FilePath : C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ ProcessID : 4294654833 Threads : 6 Priority : Normal FileVersion : 3.7.098 ProductVersion : 3.7.098 ProductName : ZoneAlarm CompanyName : Zone Labs Inc. FileDescription : ZoneAlarm InternalName : zonealarm LegalCopyright : Copyright © 1998-2003, Zone Labs Inc. OriginalFilename : zonealarm.exe #:23 [CALLWAVEACCEL.EXE] FilePath : C:\PROGRAM FILES\CIA\ ProcessID : 4294658901 Threads : 3 Priority : Normal FileVersion : 3.2.12 ProductVersion : 3.2.12 #:24 [WMIEXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294517833 Threads : 3 Priority : Normal FileVersion : 5.00.1755.1 ProductVersion : 5.00.1755.1 ProductName : Microsoft(R) Windows NT(R) Operating System CompanyName : Microsoft Corporation FileDescription : WMI service exe housing InternalName : wmiexe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998 OriginalFilename : wmiexe.exe #:25 [VSMON.EXE] FilePath : C:\WINDOWS\SYSTEM\ZONELABS\ ProcessID : 4294530213 Threads : 16 Priority : Normal FileVersion : 3.7.098 ProductVersion : 3.7.098 ProductName : TrueVector Service CompanyName : Zone Labs Inc. FileDescription : TrueVector Service InternalName : vsmon LegalCopyright : Copyright © 1998-2003, Zone Labs Inc. OriginalFilename : vsmon.exe #:26 [WWM.EXE] FilePath : C:\WMCONNECT\ ProcessID : 4294489065 Threads : 12 Priority : Normal #:27 [SPOOL32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294491345 Threads : 2 Priority : Normal FileVersion : 4.10.1998 ProductVersion : 4.10.1998 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Spooler Sub System Process InternalName : spool32 LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998 OriginalFilename : spool32.exe #:28 [RNAAPP.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294432269 Threads : 3 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Dial-Up Networking Application InternalName : RNAAPP LegalCopyright : Copyright (C) Microsoft Corp. 1992-1996 OriginalFilename : RNAAPP.EXE #:29 [TAPISRV.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294316057 Threads : 6 Priority : Normal FileVersion : 4.10.2222 ProductVersion : 4.10.2222 ProductName : Microsoft(R) Windows(R) Operating System CompanyName : Microsoft Corporation FileDescription : Microsoft® Windows(TM) Telephony Server InternalName : Telephony Service LegalCopyright : Copyright (C) Microsoft Corp. 1994-1998 OriginalFilename : TAPISRV.EXE #:30 [FIREFOX.EXE] FilePath : C:\PROGRAM FILES\MOZILLA FIREFOX\ ProcessID : 4294598041 Threads : 5 Priority : Normal #:31 [AD-AWARE.EXE] FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\ ProcessID : 4294183701 Threads : 2 Priority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : clientax.clientinstaller.1 Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} Zango Object Recognized! Type : Regkey Data : TAC Rating : 6 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 4 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 4 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : pc user@2o7[2].txt TAC Rating : 3 Category : Data Miner Comment : Hits:28 Value : Cookie:pc user@2o7.net/ Expires : 06-04-2010 5:02:30 PM LastSync : Hits:28 UseCount : 0 Hits : 28 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 5 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 JRaun Object Recognized! Type : File Data : vt08.exe TAC Rating : 6 Category : Malware Comment : Object : C:\WINDOWS\SYSTEM\ Adintelligence.AproposToolbar Object Recognized! Type : File Data : docdbc10.exe TAC Rating : 5 Category : Misc Comment : Object : C:\WINDOWS\SYSTEM\ Adintelligence.AproposToolbar Object Recognized! Type : File Data : ds3ng13n.exe TAC Rating : 5 Category : Misc Comment : Object : C:\WINDOWS\SYSTEM\ Disk Scan Result for C:\WINDOWS\SYSTEM »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 8 Disk Scan Result for C:\WINDOWS\TEMP\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 8 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Zango Object Recognized! Type : File Data : clientax.dll TAC Rating : 6 Category : Data Miner Comment : Object : C:\WINDOWS\downloaded program files\ FileVersion : 6, 1, 2, 0 ProductVersion : 6, 1, 2, 0 ProductName : 180SAAX CompanyName : 180solutions FileDescription : ClientAX InternalName : ClientAX.dll LegalCopyright : (c) 180solutions, 2004. All rights reserved. OriginalFilename : ClientAX.dll Comments : /DID=000998 Zango Object Recognized! Type : File Data : ClientAX.inf TAC Rating : 6 Category : Data Miner Comment : Object : C:\WINDOWS\downloaded program files\ Adintelligence.AproposToolbar Object Recognized! Type : Regkey Data : TAC Rating : 5 Category : Misc Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\autoloader Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 11 6:54:31 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:02:59.830 Objects scanned:34235 Objects identified:11 Objects ignored:0 New critical objects:11