AVG has removed the following viruses -
Downloader.Small.15.BS
Downloader.Agent.8.AG
Downloader.Small.31.BB
Downloader.VN.4.AR
Dropper.Agent.4.AM
Please help!
Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, April 27, 2005 7:15:34 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R41 25.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace(TAC index:10):18 total references
MRU List(TAC index:0):14 total references
SahAgent(TAC index:9):4 total references
Tracking Cookie(TAC index:3):8 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R41 25.04.2005
Internal build : 48
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 462131 Bytes
Total size : 1397647 Bytes
Signature data size : 1367126 Bytes
Reference data size : 30009 Bytes
Signatures total : 39003
Fingerprints total : 816
Fingerprints size : 28835 Bytes
Target categories : 15
Target families : 650
Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:51 %
Total physical memory:1046240 kb
Available physical memory:524900 kb
Total page file size:2523048 kb
Available on page file:2078236 kb
Total virtual memory:2097024 kb
Available virtual memory:2039832 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4/27/2005 7:15:34 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 728
ThreadCreationTime : 4/28/2005 1:21:51 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 776
ThreadCreationTime : 4/28/2005 1:21:52 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 800
ThreadCreationTime : 4/28/2005 1:21:53 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 844
ThreadCreationTime : 4/28/2005 1:21:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 856
ThreadCreationTime : 4/28/2005 1:21:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1024
ThreadCreationTime : 4/28/2005 1:21:54 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1096
ThreadCreationTime : 4/28/2005 1:21:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1192
ThreadCreationTime : 4/28/2005 1:21:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1276
ThreadCreationTime : 4/28/2005 1:21:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1388
ThreadCreationTime : 4/28/2005 1:21:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1584
ThreadCreationTime : 4/28/2005 1:21:56 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1900
ThreadCreationTime : 4/28/2005 1:22:04 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:13 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1936
ThreadCreationTime : 4/28/2005 1:22:04 AM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:14 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
Command Line : "C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe"
ProcessID : 1968
ThreadCreationTime : 4/28/2005 1:22:04 AM
BasePriority : Normal
FileVersion : 7.0.413.0
ProductVersion : 7.0.413.0
ProductName : Diskeeper Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2002 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE
#:15 [iaantmon.exe]
ModuleName : C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
Command Line : "C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe"
ProcessID : 2016
ThreadCreationTime : 4/28/2005 1:22:04 AM
BasePriority : Normal
FileVersion : 4.0.0.6211
ProductVersion : 4.0.0.6211
ProductName : Intel IAANTmon
CompanyName : Intel Corporation
FileDescription : Intel Application Accelerator RAID Monitor
InternalName : IAANTmon
LegalCopyright : Copyright© Intel Corporation 2003-04
OriginalFilename : IAANTmon.exe
#:16 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 200
ThreadCreationTime : 4/28/2005 1:22:04 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:17 [sqlservr.exe]
ModuleName : C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
Command Line : "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe" -sMICROSOFTBCM
ProcessID : 240
ThreadCreationTime : 4/28/2005 1:22:04 AM
BasePriority : Normal
FileVersion : 2000.080.0818.00
ProductVersion : 8.00.818
ProductName : Microsoft SQL Server
CompanyName : Microsoft Corporation
FileDescription : SQL Server Windows NT
InternalName : SQLSERVR
LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows is a trademark of Microsoft Corporation
OriginalFilename : SQLSERVR.EXE
Comments : NT INTEL X86
#:18 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 280
ThreadCreationTime : 4/28/2005 1:22:07 AM
BasePriority : Normal
FileVersion : 6.14.10.6693
ProductVersion : 6.14.10.6693
ProductName : NVIDIA Driver Helper Service, Version 66.93
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 66.93
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:19 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 316
ThreadCreationTime : 4/28/2005 1:22:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:20 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1456
ThreadCreationTime : 4/28/2005 1:22:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:21 [iaanotif.exe]
ModuleName : C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
Command Line : "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
ProcessID : 1636
ThreadCreationTime : 4/28/2005 1:22:12 AM
BasePriority : Normal
FileVersion : 4.0.0.6211
ProductVersion : 4.0.0.6211
ProductName : IAA RAID Event Monitor
CompanyName : Intel Corporation
FileDescription : IAA Event Monitor User Notification Tool
InternalName : IAAnotif
LegalCopyright : Copyright© Intel Corporation 2003-04
OriginalFilename : IAAnotif.exe
#:22 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 232
ThreadCreationTime : 4/28/2005 1:22:12 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 9
ProductVersion : 1, 0, 0, 9
ProductName : Realtek HD Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek HD Audio Sound Manager
#:23 [alcwzrd.exe]
ModuleName : C:\WINDOWS\ALCWZRD.EXE
Command Line : "C:\WINDOWS\ALCWZRD.EXE"
ProcessID : 276
ThreadCreationTime : 4/28/2005 1:22:12 AM
BasePriority : Normal
FileVersion : 1.1.0.12
ProductVersion : 1.1.0.12
ProductName : ALCWZRD
CompanyName : RealTek Semicoductor Corp.
FileDescription : RealTek AlcWzrd Application
InternalName : ALCWZRD.EXE
LegalCopyright : Copyright © 2003-2004 Realtek Semiconductor Corp.
OriginalFilename : ALCWZRD.EXE
#:24 [mmtask.exe]
ModuleName : C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
Command Line : "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
ProcessID : 928
ThreadCreationTime : 4/28/2005 1:22:12 AM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe
#:25 [mm_tray.exe]
ModuleName : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Command Line : "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
ProcessID : 1044
ThreadCreationTime : 4/28/2005 1:22:12 AM
BasePriority : Normal
FileVersion : 8.20.0111
ProductVersion : 8.20.0111
ProductName : MUSICMATCH JUKEBOX
CompanyName : MUSICMATCH, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © MUSICMATCH 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe
#:26 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1312
ThreadCreationTime : 4/28/2005 1:22:12 AM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:27 [hpwuschd2.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 1780
ThreadCreationTime : 4/28/2005 1:22:12 AM
BasePriority : Normal
FileVersion : 2, 0, 39, 0
ProductVersion : 2, 0, 39, 0
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd2.exe
#:28 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 1768
ThreadCreationTime : 4/28/2005 1:22:12 AM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe
#:29 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 968
ThreadCreationTime : 4/28/2005 1:22:12 AM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:30 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 2052
ThreadCreationTime : 4/28/2005 1:22:13 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:31 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 2072
ThreadCreationTime : 4/28/2005 1:22:13 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:32 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
ProcessID : 2088
ThreadCreationTime : 4/28/2005 1:22:13 AM
BasePriority : Normal
#:33 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2152
ThreadCreationTime : 4/28/2005 1:22:13 AM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:34 [lvcomsx.exe]
ModuleName : C:\WINDOWS\system32\LVCOMSX.EXE
Command Line : "C:\WINDOWS\system32\LVCOMSX.EXE"
ProcessID : 2160
ThreadCreationTime : 4/28/2005 1:22:13 AM
BasePriority : Normal
FileVersion : 8.3.0.1096
ProductVersion : 8.3.0.1096
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : LVCom Server
InternalName : LVComS.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LVComS.exe
#:35 [logitray.exe]
ModuleName : C:\Program Files\Logitech\Video\LogiTray.exe
Command Line : "C:\Program Files\Logitech\Video\LogiTray.exe"
ProcessID : 2184
ThreadCreationTime : 4/28/2005 1:22:13 AM
BasePriority : Normal
FileVersion : 8.3.0.1098
ProductVersion : 8.3.0.1098
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : ImageStudio Tray Application
InternalName : LogiTray.exe
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : LogiTray.exe
#:36 [itouch.exe]
ModuleName : C:\Program Files\Logitech\iTouch\iTouch.exe
Command Line : "C:\Program Files\Logitech\iTouch\iTouch.exe"
ProcessID : 2200
ThreadCreationTime : 4/28/2005 1:22:13 AM
BasePriority : Normal
FileVersion : 2.22.289
ProductVersion : 2.22.289
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team
#:37 [steam.exe]
ModuleName : C:\Program Files\Valve\Steam\Steam.exe
Command Line : "C:\Program Files\Valve\Steam\Steam.exe" -silent
ProcessID : 2232
ThreadCreationTime : 4/28/2005 1:22:14 AM
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : Steam
CompanyName : Valve Corporation
FileDescription : Steam
LegalCopyright : © Copyright 2000-2003 Valve Corporation All rights reserved.
OriginalFilename : Steam.exe
#:38 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 2248
ThreadCreationTime : 4/28/2005 1:22:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:39 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\MsnMsgr.Exe
Command Line : "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ProcessID : 2256
ThreadCreationTime : 4/28/2005 1:22:14 AM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:40 [logitechdesktopmessenger.exe]
ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
ProcessID : 2272
ThreadCreationTime : 4/28/2005 1:22:14 AM
BasePriority : Normal
FileVersion : 2.1.2.0
ProductVersion : 2.1.2.0
ProductName : Logitech Desktop Messenger
CompanyName : Logitech
FileDescription : Logitech Desktop Messenger
InternalName : Logitech BackWeb Runner
LegalCopyright : Copyright © Logitech 2000-2004. All rights reserved
OriginalFilename : backweb-8876480.exe
Comments : www.logitech.com/ldm
#:41 [videocall.exe]
ModuleName : C:\Program Files\Logitech\VideoCall\VideoCall.exe
Command Line : "C:\Program Files\Logitech\VideoCall\VideoCall.exe" -minimized
ProcessID : 2292
ThreadCreationTime : 4/28/2005 1:22:14 AM
BasePriority : Normal
FileVersion : 2,0,3470,0448
ProductVersion : 2,0,3470,0448
ProductName : VideoCall by Logitech, Inc.
CompanyName : Logitech, Inc
FileDescription : videocall.exe
InternalName : videocall.exe
LegalCopyright : Copyright © 2001-2004 Logitech, Inc
OriginalFilename : videocall.exe
#:42 [a2guard.exe]
ModuleName : C:\Program Files\a2\a2guard.exe
Command Line : "C:\Program Files\a2\a2guard.exe"
ProcessID : 2304
ThreadCreationTime : 4/28/2005 1:22:14 AM
BasePriority : Normal
#:43 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 2412
ThreadCreationTime : 4/28/2005 1:22:14 AM
BasePriority : Normal
FileVersion : 43.1.5.000
ProductVersion : 043.001.005.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)
#:44 [nost_lm.exe]
ModuleName : C:\Program Files\Belkin\Nostromo\nost_LM.exe
Command Line : "C:\Program Files\Belkin\Nostromo\nost_LM.exe" -startup
ProcessID : 2600
ThreadCreationTime : 4/28/2005 1:22:15 AM
BasePriority : Normal
FileVersion : 3.0.4
ProductVersion : 3.0.4
ProductName : Nostromo Array Programming Software
FileDescription : Loadout Manager
InternalName : Activator
LegalCopyright : Copyright © 2001-2002 Belkin Components. All Rights Reserved.
OriginalFilename : nost_LM.EXE
#:45 [fxsvr2.exe]
ModuleName : C:\Program Files\Logitech\Video\FxSvr2.exe
Command Line : "C:\Program Files\Logitech\Video\FxSvr2.exe" -Embedding
ProcessID : 2780
ThreadCreationTime : 4/28/2005 1:22:16 AM
BasePriority : Normal
FileVersion : 8.3.0.1098
ProductVersion : 8.3.0.1098
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : QuickCam Framework Server
InternalName : FxSvr.EXE
LegalCopyright : © 1996-2004 Logitech. All rights reserved.
OriginalFilename : FxSvr.EXE
#:46 [hpqgalry.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe" -s
ProcessID : 2820
ThreadCreationTime : 4/28/2005 1:22:17 AM
BasePriority : Normal
#:47 [hpzipm12.exe]
ModuleName : C:\WINDOWS\system32\HPZipm12.exe
Command Line : C:\WINDOWS\system32\HPZipm12.exe
ProcessID : 3348
ThreadCreationTime : 4/28/2005 1:22:24 AM
BasePriority : Normal
FileVersion : 8, 0, 0, 0
ProductVersion : 8, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:48 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\IEXPLORE.EXE
Command Line : "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
ProcessID : 3000
ThreadCreationTime : 4/28/2005 1:25:04 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:49 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3072
ThreadCreationTime : 4/28/2005 1:48:15 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:50 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 2520
ThreadCreationTime : 4/28/2005 1:49:28 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\bookedspace.dll
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bookedspace.extension.5
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : appid\{0dc5cd7c-f653-4417-aa43-d457be3a9622}
Value :
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value :
BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Value : AppID
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\bookedspace
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{0019c3e2-dd48-4a6d-abcd-8d32436323d9}
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 17
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17
MRU List Object Recognized!
Location: : C:\Documents and Settings\Alan\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-484763869-2052111302-839522115-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alan@hitbox[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4/27/2006 6:28:26 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4/27/2006 6:28:26 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alan@trafficmp[1].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:[email protected]/
Expires : 4/27/2006 6:39:44 PM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 4/27/2006 6:31:30 PM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alan@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4/26/2010 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alan@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 6/18/2006 11:10:24 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alan@doubleclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 4/27/2005 6:47:50 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 4/20/2035 7:10:22 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 39
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
SahAgent Object Recognized!
Type : File
Data : Dc1.fr0235
Category : Data Miner
Comment :
Object : C:\RECYCLER\S-1-5-21-484763869-2052111302-839522115-1003\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
SahAgent Object Recognized!
Type : File
Data : lsp_.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : ShopAtHomeSelect LSP
CompanyName : ShopAtHomeSelect
FileDescription : LSP
InternalName : LSP
LegalCopyright : Copyright © 2004
OriginalFilename : LSP.DLL
SahAgent Object Recognized!
Type : File
Data : SAHAgent_.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 8
ProductVersion : 2, 0, 0, 8
ProductName : ShopAtHomeSelect SahAgent
CompanyName : ShopAtHomeSelect
FileDescription : SahAgent
InternalName : SahAgent
LegalCopyright : Copyright © 2004
OriginalFilename : SahAgent.exe
Comments : Rules, pop-up. without serach and incremental update
SahAgent Object Recognized!
Type : File
Data : SahHtml_.exe
Category : Data Miner
Comment :
Object : C:\WINDOWS\Downloaded Program Files\
FileVersion : 2, 0, 0, 3
ProductVersion : 2, 0, 0, 3
ProductName : Popup Application
FileDescription : Popup MFC Application
InternalName : Popup
LegalCopyright : Copyright © 2004
OriginalFilename : Popup.EXE
Comments : Search engine
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 43
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
BookedSpace Object Recognized!
Type : File
Data : bsx32.ini
Category : Malware
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 45
7:21:04 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:29.844
Objects scanned:133856
Objects identified:31
Objects ignored:0
New critical objects:31