Ad-Aware SE Build 1.05 Logfile Created on:Saturday, 14 May 2005 11:26:34 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R44 10.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CommonName(TAC index:7):3 total references MRU List(TAC index:0):9 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 14-05-2005 11:26:34 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : C:\Documents and Settings\Artur.AQUA-4QPK44W7XS\Application Data\microsoft\office\recent Description : list of recently opened documents using microsoft office MRU List Object Recognized! Location: : C:\Documents and Settings\Artur.AQUA-4QPK44W7XS\recent Description : list of recently opened documents MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru Description : list of recent documents opened by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru Description : list of recent documents saved by microsoft word MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1078081533-1035525444-682003330-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 384 ThreadCreationTime : 14-05-2005 1:54:54 PM BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 432 ThreadCreationTime : 14-05-2005 1:54:56 PM BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 456 ThreadCreationTime : 14-05-2005 1:54:56 PM BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 500 ThreadCreationTime : 14-05-2005 1:54:56 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 512 ThreadCreationTime : 14-05-2005 1:54:56 PM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 696 ThreadCreationTime : 14-05-2005 1:54:57 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 740 ThreadCreationTime : 14-05-2005 1:54:57 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 808 ThreadCreationTime : 14-05-2005 1:54:58 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 820 ThreadCreationTime : 14-05-2005 1:54:58 PM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 988 ThreadCreationTime : 14-05-2005 1:54:59 PM BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:11 [pcctlcom.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1112 ThreadCreationTime : 14-05-2005 1:54:59 PM BasePriority : Normal FileVersion : 12.10.0.1034 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PcCtlCom Module InternalName : PcCtlCom LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : PcCtlCom.EXE #:12 [tmntsrv.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1164 ThreadCreationTime : 14-05-2005 1:54:59 PM BasePriority : Normal FileVersion : 12.10.0.1034 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : Tmntsrv InternalName : Tmntsrv LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : Tmntsrv.exe #:13 [tmproxy.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1180 ThreadCreationTime : 14-05-2005 1:55:00 PM BasePriority : Normal FileVersion : 1.0.0.1125 ProductVersion : 1.0.0 ProductName : Trend Micro Network Security Components 1.0 CompanyName : Trend Micro Inc. FileDescription : TmProxy.exe InternalName : TmProxy.exe LegalCopyright : Copyright (C) 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Inc. OriginalFilename : TmProxy.exe #:14 [tmpfw.exe] FilePath : C:\PROGRA~1\TRENDM~1\INTERN~1\ ProcessID : 1496 ThreadCreationTime : 14-05-2005 1:55:01 PM BasePriority : Normal FileVersion : 2.0.0.1125 ProductVersion : 1.0.0 ProductName : Trend Network Security Component 1.0 CompanyName : Trend Micro Inc. FileDescription : TmPfw InternalName : TmPfw LegalCopyright : Copyright (C) 2001-2004 Trend Micro Inc. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Inc. OriginalFilename : TmPfw.exe #:15 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 2036 ThreadCreationTime : 14-05-2005 1:55:22 PM BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:16 [shnlog.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 368 ThreadCreationTime : 14-05-2005 1:55:28 PM BasePriority : Normal ProductVersion : 1.7 #:17 [intmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 836 ThreadCreationTime : 14-05-2005 1:55:32 PM BasePriority : Normal #:18 [pccguide.exe] FilePath : C:\Program Files\Trend Micro\Internet Security 2005\ ProcessID : 888 ThreadCreationTime : 14-05-2005 1:55:32 PM BasePriority : Normal FileVersion : 12.10.0.1014 ProductVersion : 12.10.0 ProductName : Trend Micro Internet Security CompanyName : Trend Micro Incorporated. FileDescription : PCCGuide InternalName : PCCGuide LegalCopyright : Copyright (C) 1995-2004 Trend Micro Incorporated. All rights reserved. LegalTrademarks : Copyright (C) Trend Micro Incorporated. OriginalFilename : PCCGuide #:19 [msnappau.exe] FilePath : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\ ProcessID : 1088 ThreadCreationTime : 14-05-2005 1:55:37 PM BasePriority : Normal #:20 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1472 ThreadCreationTime : 14-05-2005 1:55:46 PM BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:21 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 2288 ThreadCreationTime : 14-05-2005 1:56:23 PM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:22 [wuauclt.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2316 ThreadCreationTime : 14-05-2005 1:56:32 PM BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 9 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CommonName Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f} CommonName Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{1e1b2878-88ff-11d2-8d96-d7acac95951f} Value : CommonName Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{1e1b286c-88ff-11d2-8d96-d7acac95951f} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 12 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 42 entries scanned. New critical objects:0 Objects found so far: 12 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 12 11:35:53 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:09:19.204 Objects scanned:120640 Objects identified:3 Objects ignored:0 New critical objects:3