Logfile created on:Friday, April 22, 2005 12:42:01 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R40 20.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Coulomb Dialer(TAC index:5):1 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Reffile status:
=========================
Definitions File Loaded:
Reference Number : SE1R29 05.03.2005
Internal build : 34
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 416470 Bytes
Total size : 1313362 Bytes
Signature data size : 1283658 Bytes
Reference data size : 29192 Bytes
Signatures total : 36539
Fingerprints total : 625
Fingerprints size : 23638 Bytes
Target categories : 15
Target families : 631
(Requires Ad-Aware SE or higher)
4-22-2005 12:37:56 AM WebUpdate
Installing Update...
Definitions File Loaded:
Reference Number : SE1R40 20.04.2005
Internal build : 47
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 461235 Bytes
Total size : 1395231 Bytes
Signature data size : 1364710 Bytes
Reference data size : 30009 Bytes
Signatures total : 38921
Fingerprints total : 813
Fingerprints size : 29073 Bytes
Target categories : 15
Target families : 650
(Requires Ad-Aware SE or higher)
4-22-2005 12:38:02 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:46 %
Total physical memory:458096 kb
Available physical memory:206852 kb
Total page file size:1083956 kb
Available on page file:897072 kb
Total virtual memory:2097024 kb
Available virtual memory:2044680 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
4-22-2005 12:42:01 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\
Command Line : n/a
ProcessID : 368
ThreadCreationTime : 4-22-2005 2:47:54 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 520
ThreadCreationTime : 4-22-2005 2:47:56 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\System32\
Command Line : winlogon.exe
ProcessID : 544
ThreadCreationTime : 4-22-2005 2:47:56 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 692
ThreadCreationTime : 4-22-2005 2:47:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 704
ThreadCreationTime : 4-22-2005 2:47:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 856
ThreadCreationTime : 4-22-2005 2:47:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1020
ThreadCreationTime : 4-22-2005 2:49:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1120
ThreadCreationTime : 4-22-2005 2:49:19 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1356
ThreadCreationTime : 4-22-2005 2:49:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1388
ThreadCreationTime : 4-22-2005 2:49:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1496
ThreadCreationTime : 4-22-2005 2:49:31 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1664
ThreadCreationTime : 4-22-2005 2:49:37 AM
BasePriority : Normal
FileVersion : 6.14.10.4403
ProductVersion : 6.14.10.4403
ProductName : NVIDIA Driver Helper Service, Version 44.03
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 44.03
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:13 [omniserv.exe]
ModuleName : C:\Program Files\Softex\OmniPass\
Command Line : "C:\Program Files\Softex\OmniPass\Omniserv.exe"
ProcessID : 1680
ThreadCreationTime : 4-22-2005 2:49:37 AM
BasePriority : Normal
#:14 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1832
ThreadCreationTime : 4-22-2005 2:49:40 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:15 [explorer.exe]
ModuleName : C:\WINDOWS\
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 604
ThreadCreationTime : 4-22-2005 2:50:33 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [hpsysdrv.exe]
ModuleName : C:\windows\system\
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 956
ThreadCreationTime : 4-22-2005 2:50:36 AM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
#:17 [kbd.exe]
ModuleName : C:\HP\KBD\
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 812
ThreadCreationTime : 4-22-2005 2:50:37 AM
BasePriority : High
#:18 [mcvsescn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\
Command Line : "c:\progra~1\mcafee.com\vso\mcvsescn.exe" /disabled
ProcessID : 1092
ThreadCreationTime : 4-22-2005 2:50:40 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module
#:19 [mcagent.exe]
ModuleName : c:\program files\mcafee.com\agent\
Command Line : "c:\program files\mcafee.com\agent\mcagent.exe" /nosplash
ProcessID : 1108
ThreadCreationTime : 4-22-2005 2:50:40 AM
BasePriority : Normal
FileVersion : 5, 1, 0, 2
ProductVersion : 5, 1, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2005 McAfee, Inc.
OriginalFilename : mcagent.exe
#:20 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1296
ThreadCreationTime : 4-22-2005 2:50:46 AM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:21 [alcxmntr.exe]
ModuleName : C:\WINDOWS\
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 1200
ThreadCreationTime : 4-22-2005 2:50:47 AM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
#:22 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1440
ThreadCreationTime : 4-22-2005 2:50:48 AM
BasePriority : Normal
FileVersion : 4.7.2009
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:23 [ygpsstra.exe]
ModuleName : C:\Program Files\Common Files\AOL\Screensaver\
Command Line : "C:\Program Files\Common Files\AOL\Screensaver\ygpsstra.exe"
ProcessID : 1616
ThreadCreationTime : 4-22-2005 2:50:53 AM
BasePriority : Normal
FileVersion : 9.1.6.24
ProductVersion : 9.1.6.24
ProductName : YGP Screensaver Tray Application
CompanyName : America Online Inc
FileDescription : YGP Screensaver Tray Application 9.1.6.24
InternalName : YGP Screensaver Tray Application
LegalCopyright : America Online Copyright © 2003
OriginalFilename : ygpsstra.exe
#:24 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\
Command Line : "C:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.exe"
ProcessID : 1948
ThreadCreationTime : 4-22-2005 2:50:55 AM
BasePriority : Normal
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
ProductName : Comcast PhotoShow Media Manager
CompanyName : Simple Star, Inc.
FileDescription : Comcast PhotoShow Media Manager
LegalCopyright : Copyright © 2003-2004 Simple Star, Inc.
OriginalFilename : mssysmgr.exe
#:25 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
ProcessID : 1352
ThreadCreationTime : 4-22-2005 2:51:00 AM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module
#:26 [opxpapp.exe]
ModuleName : C:\Program Files\Softex\OmniPass\
Command Line : "C:\Program Files\Softex\OmniPass\OPXPApp.exe"
ProcessID : 1072
ThreadCreationTime : 4-22-2005 2:51:05 AM
BasePriority : Normal
#:27 [svchost.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1288
ThreadCreationTime : 4-22-2005 2:51:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:28 [alg.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2088
ThreadCreationTime : 4-22-2005 2:51:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:29 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 2948
ThreadCreationTime : 4-22-2005 2:51:23 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:30 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 125832
ThreadCreationTime : 4-22-2005 7:23:50 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:31 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 165372
ThreadCreationTime : 4-22-2005 7:37:47 AM
BasePriority : Normal
FileVersion : 6.2.0.144
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Cookie:[email protected]/
Value : Cookie:[email protected]/
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Coulomb Dialer Object Recognized!
Type : File
Data : Groove.x32
Category : Dialer
Comment :
Object : C:\WINDOWS\system32\Macromed\Shockwave 10\Xtras\download\TheGrooveAlliance\3DGrooveXtrav181\
FileVersion : 1, 8, 1, 0
ProductVersion : 1, 8, 1, 0
ProductName : GROOVE
FileDescription : GROOVE
InternalName : GROOVE
LegalCopyright : Copyright 2001
OriginalFilename : GROOVE.x32
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
12:49:46 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:45.718
Objects scanned:134774
Objects identified:2
Objects ignored:0
New critical objects:2