Ad-Aware SE Build 1.05 Logfile Created on:Thursday, 12 May 2005 5:00:31 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R44 10.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Alexa(TAC index:5):3 total references CommonName(TAC index:7):3 total references MRU List(TAC index:0):20 total references SearchMaid(TAC index:7):2 total references Security iGuard(TAC index:9):4 total references Tracking Cookie(TAC index:3):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 12-05-2005 5:00:31 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Artur.AQUA-4QPK44W7XS\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Artur.AQUA-4QPK44W7XS\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles Description : list of recently used files in adobe reader MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 376 ThreadCreationTime : 12-05-2005 6:38:13 AM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 432 ThreadCreationTime : 12-05-2005 6:38:15 AM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 456 ThreadCreationTime : 12-05-2005 6:38:15 AM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 500 ThreadCreationTime : 12-05-2005 6:38:16 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 512 ThreadCreationTime : 12-05-2005 6:38:16 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 696 ThreadCreationTime : 12-05-2005 6:38:16 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 740 ThreadCreationTime : 12-05-2005 6:38:16 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 872 ThreadCreationTime : 12-05-2005 6:38:17 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 912 ThreadCreationTime : 12-05-2005 6:38:18 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 984 ThreadCreationTime : 12-05-2005 6:38:18 AM BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:11 [pcctlcom.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1112 ThreadCreationTime : 12-05-2005 6:38:18 AM BasePriority : Normal FileVersion : 12.10.0.1034 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PcCtlCom Module InternalName : PcCtlCom LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : PcCtlCom.EXE #:12 [tmntsrv.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1164 ThreadCreationTime : 12-05-2005 6:38:19 AM BasePriority : Normal FileVersion : 12.10.0.1034 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : Tmntsrv InternalName : Tmntsrv LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : Tmntsrv.exe #:13 [tmproxy.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1180 ThreadCreationTime : 12-05-2005 6:38:19 AM BasePriority : Normal FileVersion : 1.0.0.1125 ProductVersion : 1.0.0 ProductName : Trend Micro Network Security Components 1.0 CompanyName : Trend Micro Inc. FileDescription : TmProxy.exe InternalName : TmProxy.exe LegalCopyright : Copyright (C) 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Inc. OriginalFilename : TmProxy.exe #:14 [tmpfw.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1496 ThreadCreationTime : 12-05-2005 6:38:20 AM BasePriority : Normal FileVersion : 2.0.0.1125 ProductVersion : 1.0.0 ProductName : Trend Network Security Component 1.0 CompanyName : Trend Micro Inc. FileDescription : TmPfw InternalName : TmPfw LegalCopyright : Copyright (C) 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Inc. OriginalFilename : TmPfw.exe #:15 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 148 ThreadCreationTime : 12-05-2005 6:38:34 AM BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:16 [shnlog.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 424 ThreadCreationTime : 12-05-2005 6:38:40 AM BasePriority : Normal ProductVersion : 1.7 #:17 [popuper.exe] FilePath : C:\WINDOWS\ ProcessID : 416 ThreadCreationTime : 12-05-2005 6:38:40 AM BasePriority : Normal FileVersion : 1, 0, 0, 217 ProductVersion : 1, 0, 0, 217 ProductName : Popuper Application FileDescription : Popuper Application InternalName : Popuper LegalCopyright : Copyright (C) 2005 OriginalFilename : Popuper.exe #:18 [intmonp.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 304 ThreadCreationTime : 12-05-2005 6:38:43 AM BasePriority : Normal #:19 [intmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 848 ThreadCreationTime : 12-05-2005 6:38:43 AM BasePriority : Normal #:20 [pccguide.exe] FilePath : C:\Program Files\Trend Micro\Internet Security 2005\ ProcessID : 1160 ThreadCreationTime : 12-05-2005 6:38:44 AM BasePriority : Normal FileVersion : 12.10.0.1014 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PCCGuide InternalName : PCCGuide LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : PCCGuide #:21 [msnappau.exe] FilePath : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\ ProcessID : 1448 ThreadCreationTime : 12-05-2005 6:38:48 AM BasePriority : Normal #:22 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2788 ThreadCreationTime : 12-05-2005 7:28:58 AM BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:23 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2304 ThreadCreationTime : 12-05-2005 7:30:19 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 20 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CommonName Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f} CommonName Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f} Value : CommonName Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{1e1b286c-88ff-11d2-8d96-d7acac95951f} Security iGuard Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\rex-services Security iGuard Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\rex-services Value : MGuid Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Alexa Object Recognized! Type : RegValue Data : Category : Data Miner Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}" Rootkey : HKEY_USERS Object : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\internet explorer\extensions\cmdmapping Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 8 Objects found so far: 28 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 28 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : artur@cgi-bin[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:artur@imrworldwide.com/cgi-bin Expires : 10-05-2015 4:21:22 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 29 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : aqua@atdmt[2].txt Category : Data Miner Comment : Value : C:\Documents and Settings\AQUA\Local Settings\Temp\Cookies\aqua@atdmt[2].txt Tracking Cookie Object Recognized! Type : IECache Entry Data : aqua@centrport[2].txt Category : Data Miner Comment : Value : C:\Documents and Settings\AQUA\Local Settings\Temp\Cookies\aqua@centrport[2].txt SearchMaid Object Recognized! Type : File Data : A0123220.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{A4B047E7-9840-4DC8-8533-6C1D2B3CDCAC}\RP127\ Security iGuard Object Recognized! Type : File Data : A0000982.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{A94F7B5A-C034-4745-8E24-60F8BCDF9D0D}\RP17\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 33 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 42 entries scanned. New critical objects:0 Objects found so far: 33 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Security iGuard Object Recognized! Type : Folder Category : Malware Comment : Object : C:\Documents and Settings\Artur.AQUA-4QPK44W7XS\Application Data\Rex-Services SearchMaid Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\policies\explorer\run Value : notepad2.exe Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 35 5:10:19 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:09:47.563 Objects scanned:120710 Objects identified:15 Objects ignored:0 New critical objects:15