Ad-Aware SE Build 1.05 Logfile Created on:Thursday, May 05, 2005 8:16:49 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R42 28.04.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Possible Browser Hijack attempt(TAC index:3):3 total references Search Relevancy(TAC index:5):2 total references Tracking Cookie(TAC index:3):2 total references WindUpdates(TAC index:8):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R42 28.04.2005 Internal build : 49 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 466557 Bytes Total size : 1403889 Bytes Signature data size : 1373297 Bytes Reference data size : 30080 Bytes Signatures total : 39226 Fingerprints total : 836 Fingerprints size : 28245 Bytes Target categories : 15 Target families : 654 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:54 % Total physical memory:458224 kb Available physical memory:244728 kb Total page file size:1082060 kb Available on page file:1011092 kb Total virtual memory:2097024 kb Available virtual memory:2043188 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 5-5-2005 8:16:49 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 128 ThreadCreationTime : 5-5-2005 11:52:27 PM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 176 ThreadCreationTime : 5-5-2005 11:52:38 PM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 200 ThreadCreationTime : 5-5-2005 11:52:41 PM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 244 ThreadCreationTime : 5-5-2005 11:52:45 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 256 ThreadCreationTime : 5-5-2005 11:52:45 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 400 ThreadCreationTime : 5-5-2005 11:52:50 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 464 ThreadCreationTime : 5-5-2005 11:52:51 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 512 ThreadCreationTime : 5-5-2005 11:52:53 PM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 704 ThreadCreationTime : 5-5-2005 11:53:05 PM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:10 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 1068 ThreadCreationTime : 5-6-2005 12:16:36 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : michael@atdmt[2].txt Category : Data Miner Comment : Hits:4 Value : Cookie:michael@atdmt.com/ Expires : 5-3-2010 8:00:00 PM LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking Cookie Object Recognized! Type : IECache Entry Data : michael@overture[1].txt Category : Data Miner Comment : Hits:3 Value : Cookie:michael@overture.com/ Expires : 5-3-2015 12:36:54 AM LastSync : Hits:3 UseCount : 0 Hits : 3 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 2 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Search Relevancy Object Recognized! Type : File Data : SearchRelevancy.xml Category : Misc Comment : Object : C:\RECYCLER\S-1-5-21-2154702590-2237029002-1904607352-1006\Dc4\ Search Relevancy Object Recognized! Type : File Data : uninstall.exe Category : Misc Comment : Object : C:\RECYCLER\S-1-5-21-2154702590-2237029002-1904607352-1006\Dc4\ WindUpdates Object Recognized! Type : File Data : A0005994.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 Possible Browser Hijack attempt Object Recognized! Type : File Data : Only sex website.url Category : Misc Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\Documents and Settings\Michael\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Search the web.url Category : Misc Comment : Problematic URL discovered: http://www.lookfor.cc/ Object : C:\Documents and Settings\Michael\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seven days of free porn.url Category : Misc Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\Documents and Settings\Michael\Favorites\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WindUpdates Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 9 8:32:52 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:16:02.624 Objects scanned:139657 Objects identified:9 Objects ignored:0 New critical objects:9