Ad-Aware SE Build 1.05
Logfile Created on:Friday, April 29, 2005 10:27:48 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
180Solutions(TAC index:6):33 total references
Alexa(TAC index:5):2 total references
AltnetBDE(TAC index:4):25 total references
BargainBuddy(TAC index:8):6 total references
BlazeFind(TAC index:5):5 total references
BonziBuddy(TAC index:7):3 total references
BrilliantDigital(TAC index:6):9 total references
Claria(TAC index:7):37 total references
Ebates MoneyMaker(TAC index:4):2 total references
Elitum.ElitebarBHO(TAC index:5):1 total references
eUniverse(TAC index:10):11 total references
Hi-Wire(TAC index:4):89 total references
IBIS Toolbar(TAC index:5):10 total references
IGetNet(TAC index:8):2 total references
MediaMotor(TAC index:8):8 total references
MicroGaming(TAC index:4):5 total references
MRU List(TAC index:0):181 total references
Other(TAC index:5):4 total references
Possible Browser Hijack attempt(TAC index:3):23 total references
SahAgent(TAC index:9):15 total references
Search Relevancy(TAC index:5):7 total references
Softomate Toolbar(TAC index:9):6 total references
TopMoxie(TAC index:3):4 total references
Tracking Cookie(TAC index:3):137 total references
WindUpdates(TAC index:8):28 total references
VX2(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R8 13.09.2004
Internal build : 12
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 344723 Bytes
Total size : 1092481 Bytes
Signature data size : 1068971 Bytes
Reference data size : 22998 Bytes
Signatures total : 30122
Fingerprints total : 154
Fingerprints size : 7129 Bytes
Target categories : 15
Target families : 560
4-29-2005 10:21:53 PM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
4-29-2005 10:22:11 PM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:54 %
Total physical memory:1047272 kb
Available physical memory:562732 kb
Total page file size:2499240 kb
Available on page file:1945964 kb
Total virtual memory:2097024 kb
Available virtual memory:2041212 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
4-29-2005 10:27:49 PM - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 4-24-2005 11:34:04 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 532
ThreadCreationTime : 4-24-2005 11:34:06 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 556
ThreadCreationTime : 4-24-2005 11:34:07 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 600
ThreadCreationTime : 4-24-2005 11:34:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 620
ThreadCreationTime : 4-24-2005 11:34:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 784
ThreadCreationTime : 4-24-2005 11:34:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 832
ThreadCreationTime : 4-24-2005 11:34:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 900
ThreadCreationTime : 4-24-2005 11:34:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 968
ThreadCreationTime : 4-24-2005 11:34:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1044
ThreadCreationTime : 4-24-2005 11:34:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1240
ThreadCreationTime : 4-24-2005 11:34:11 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [agentsrv.exe]
ModuleName : C:\Program Files\Connected\AgentSrv.EXE
Command Line : "C:\Program Files\Connected\AgentSrv.EXE" -asv
ProcessID : 1544
ThreadCreationTime : 4-24-2005 11:34:18 PM
BasePriority : Idle
FileVersion : 7.1.5.1086
ProductVersion : 7.1.5
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Agent Service Module
InternalName : AgentSrv
LegalCopyright : © 1996-2004 by Connected Corporation
OriginalFilename : AgentSrv.exe
#:13 [aolacsd.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
Command Line : C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
ProcessID : 1568
ThreadCreationTime : 4-24-2005 11:34:18 PM
BasePriority : Normal
#:14 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 1592
ThreadCreationTime : 4-24-2005 11:34:18 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:15 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 1644
ThreadCreationTime : 4-24-2005 11:34:18 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:16 [ccevtmgr.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 1688
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 1.0.9.002
ProductVersion : 1.0.9.002
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:17 [upssrv.exe]
ModuleName : C:\PowerPanel\upssrv.exe
Command Line : C:\PowerPanel\upssrv.exe
ProcessID : 1704
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 2, 1, 4, 0
ProductVersion : 2, 1, 4, 0
ProductName : Power Panel ( Plus )
CompanyName : Cyber Power System Inc.
FileDescription : UPS Service
InternalName : upssrv.exe
LegalCopyright : Copyright © 2002 Cyber Power System Inc.
LegalTrademarks : CyberPower
OriginalFilename : upssrv.exe
#:18 [upsio.exe]
ModuleName : C:\PowerPanel\upsio.exe
Command Line : 1 0
ProcessID : 1752
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Realtime
FileVersion : 2, 1, 4, 0
ProductVersion : 2, 1, 4, 0
ProductName : PowerPanel (Plus)
CompanyName : Cyber Power System Inc.
FileDescription : upsio
InternalName : upsio.exe
LegalCopyright : Copyright © 2002 Cyber Power System Inc.
LegalTrademarks : CyberPower
OriginalFilename : upsio.exe
#:19 [inetinfo.exe]
ModuleName : C:\WINDOWS\system32\inetsrv\inetinfo.exe
Command Line : C:\WINDOWS\system32\inetsrv\inetinfo.exe
ProcessID : 1780
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE
#:20 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1832
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:21 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1900
ThreadCreationTime : 4-24-2005 11:34:19 PM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:22 [nprotect.exe]
ModuleName : C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Command Line : "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE"
ProcessID : 164
ThreadCreationTime : 4-24-2005 11:34:22 PM
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE
#:23 [smagent.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe"
ProcessID : 408
ThreadCreationTime : 4-24-2005 11:34:23 PM
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe
#:24 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 420
ThreadCreationTime : 4-24-2005 11:34:23 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:25 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 536
ThreadCreationTime : 4-24-2005 11:34:23 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:26 [vsmon.exe]
ModuleName : C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Command Line : n/a
ProcessID : 792
ThreadCreationTime : 4-24-2005 11:34:23 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : TrueVector Service
CompanyName : Zone Labs LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : vsmon.exe
#:27 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1176
ThreadCreationTime : 4-24-2005 11:34:24 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe
#:28 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1388
ThreadCreationTime : 4-24-2005 11:34:25 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:29 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 2372
ThreadCreationTime : 4-24-2005 11:34:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:30 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 2880
ThreadCreationTime : 4-24-2005 11:34:44 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
#:31 [smax4pnp.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
ProcessID : 3020
ThreadCreationTime : 4-24-2005 11:34:51 PM
BasePriority : Normal
FileVersion : 4, 0, 4, 11
ProductVersion : 4, 0, 4, 11
ProductName : SMax4PNP Application
CompanyName : Analog Devices, Inc.
FileDescription : SMax4PNP MFC Application
InternalName : SMax4PNP
LegalCopyright : Copyright © 2002-2003 Analog Devices
OriginalFilename : SMax4PNP.EXE
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
#:32 [smax4.exe]
ModuleName : C:\Program Files\Analog Devices\SoundMAX\smax4.exe
Command Line : "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
ProcessID : 3036
ThreadCreationTime : 4-24-2005 11:34:52 PM
BasePriority : Normal
FileVersion : 4, 0, 4, 25
ProductVersion : 4, 0, 4, 25
ProductName : SoundMAX Control Panel
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX Control Center
InternalName : SMax4
LegalCopyright : Copyright © 2002-2003, Analog Devices
OriginalFilename : SMax4.EXE
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
"C:\Program Files\Analog Devices\SoundMAX\smax4.exe"Process terminated successfully
#:33 [gwhotkey.exe]
ModuleName : C:\WINDOWS\GWHotKey.exe
Command Line : "C:\WINDOWS\GWHotKey.exe"
ProcessID : 3072
ThreadCreationTime : 4-24-2005 11:34:52 PM
BasePriority : Normal
FileVersion : 4.4.1
ProductVersion : 4.4.1
ProductName : Gateway Multi-function Keyboard Utility
CompanyName : Tartan Software www.BillP.com
FileDescription : Multi-function Keyboard Utility By Bill Pytlovany
LegalCopyright : Copyright © 1997-1998 Gateway 2000 Inc.
Comments : "You've got a friend in the business"
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
"C:\WINDOWS\GWHotKey.exe"Process terminated successfully
#:34 [hpztsb06.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe"
ProcessID : 3192
ThreadCreationTime : 4-24-2005 11:34:54 PM
BasePriority : Normal
FileVersion : 2,133,0,0
ProductVersion : 2,133,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
"C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe"Process terminated successfully
#:35 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 3356
ThreadCreationTime : 4-24-2005 11:34:55 PM
BasePriority : Normal
FileVersion : 9.76.046
ProductVersion : 9.76.046
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
#:36 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 3388
ThreadCreationTime : 4-24-2005 11:34:56 PM
BasePriority : Normal
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
#:37 [avgemc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe"
ProcessID : 3404
ThreadCreationTime : 4-24-2005 11:34:56 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
#:38 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 3420
ThreadCreationTime : 4-24-2005 11:34:57 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
#:39 [aoldial.exe]
ModuleName : C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
Command Line : "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
ProcessID : 3428
ThreadCreationTime : 4-24-2005 11:34:57 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"Process terminated successfully
#:40 [directcd.exe]
ModuleName : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
Command Line : "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ProcessID : 3460
ThreadCreationTime : 4-24-2005 11:34:58 PM
BasePriority : Normal
FileVersion : 5.3.2.34
ProductVersion : 5.3.2.34
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
"C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"Process terminated successfully
#:41 [winstat.exe]
ModuleName : C:\Program Files\Windows AdStatus\WinStat.exe
Command Line : "C:\Program Files\Windows AdStatus\WinStat.exe"
ProcessID : 3472
ThreadCreationTime : 4-24-2005 11:34:59 PM
BasePriority : Normal
Warning! WindUpdates Object found in memory(C:\Program Files\Windows AdStatus\WinStat.exe)
WindUpdates Object Recognized!
Type : Process
Data : WinStat.exe
Category : Malware
Comment :
Object : C:\Program Files\Windows AdStatus\
"C:\Program Files\Windows AdStatus\WinStat.exe"Process terminated successfully
"C:\Program Files\Windows AdStatus\WinStat.exe"Process terminated successfully
#:42 [p2p networking.exe]
ModuleName : C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
Command Line : "C:\WINDOWS\system32\P2P Networking\P2P Networking.exe" /AUTOSTART
ProcessID : 3508
ThreadCreationTime : 4-24-2005 11:34:59 PM
BasePriority : Normal
FileVersion : 1, 26, 0, 10
ProductVersion : 1, 26, 0, 10
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2001 - 2004 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
"C:\WINDOWS\system32\P2P Networking\P2P Networking.exe"Process terminated successfully
#:43 [zlclient.exe]
ModuleName : C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 3520
ThreadCreationTime : 4-24-2005 11:35:00 PM
BasePriority : Normal
FileVersion : 5.5.062.011
ProductVersion : 5.5.062.011
ProductName : Zone Labs Client
CompanyName : Zone Labs LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs LLC
OriginalFilename : zlclient.exe
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
#:44 [ar9e5tag.exe]
ModuleName : C:\WINDOWS\system32\ar9e5tag.exe
Command Line : "C:\WINDOWS\system32\ar9e5tag.exe"
ProcessID : 3568
ThreadCreationTime : 4-24-2005 11:35:01 PM
BasePriority : Normal
FileVersion : 4, 0, 1, 1
ProductVersion : 4, 0, 1, 1
SahAgent Object Recognized!
Type : Process
Data : ar9e5tag.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 1, 1
ProductVersion : 4, 0, 1, 1
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\ar9e5tag.exe)
"C:\WINDOWS\system32\ar9e5tag.exe"Process terminated successfully
"C:\WINDOWS\system32\ar9e5tag.exe"Process terminated successfully
#:45 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 3588
ThreadCreationTime : 4-24-2005 11:35:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
SahAgent Object Recognized!
Type : Process
Data : 3u9593js.dll
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\WINDOWS\system32\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4
Warning! SahAgent Object found in memory(C:\WINDOWS\system32\3u9593js.dll)
"C:\WINDOWS\system32\ctfmon.exe"Process terminated successfully
#:46 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 3608
ThreadCreationTime : 4-24-2005 11:35:02 PM
BasePriority : Normal
FileVersion : 7.0.0777
ProductVersion : 7.0.0777
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:47 [aim.exe]
ModuleName : C:\Program Files\AIM95\aim.exe
Command Line : "C:\Program Files\AIM95\aim.exe" -cnetwait.odl
ProcessID : 3624
ThreadCreationTime : 4-24-2005 11:35:02 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:48 [cbsystray.exe]
ModuleName : C:\Program Files\Connected\CBSysTray.exe
Command Line : "C:\Program Files\Connected\CBSysTray.exe"
ProcessID : 3660
ThreadCreationTime : 4/24/2005 11:35:03 PM
BasePriority : Normal
FileVersion : 7.1.5.1086
ProductVersion : 7.1.5
ProductName : Connected DataProtector
CompanyName : Connected Corporation
FileDescription : Connected DataProtector System Tray
InternalName : CBSysTray
LegalCopyright : © 1996-2004 by Connected Corporation
OriginalFilename : CBSysTray.exe
#:49 [dvzincmsgr.exe]
ModuleName : C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Command Line : "C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe"
ProcessID : 3668
ThreadCreationTime : 4/24/2005 11:35:03 PM
BasePriority : Normal
FileVersion : 6,0,1,723
ProductVersion : 6,0,1,723
ProductName : Documents To Go
CompanyName : DataViz, Inc.
FileDescription : DataViz Update Checker
InternalName : Web Savvy Agent
LegalCopyright : Copyright © 1998-2004 by DataViz, Inc.
OriginalFilename : WebSavvyAgent.exe
Comments : This component checks for updates of DataViz products.
#:50 [hotsync.exe]
ModuleName : C:\Program Files\Palm\HOTSYNC.EXE
Command Line : "C:\Program Files\Palm\HOTSYNC.EXE"
ProcessID : 3688
ThreadCreationTime : 4/24/2005 11:35:06 PM
BasePriority : Normal
FileVersion : 4.0.4
ProductVersion : 4.1.0
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe
#:51 [memturbo.exe]
ModuleName : C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
Command Line : "C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe" /starthidden
ProcessID : 3696
ThreadCreationTime : 4/24/2005 11:35:06 PM
BasePriority : Normal
ProductName : MemTurbo Application
CompanyName : SharewareOnline.com, Inc.
FileDescription : MemTurbo
InternalName : MemTurbo
LegalCopyright : Copyright © 1998-2000
LegalTrademarks : MemTurbo, RAMScrub
OriginalFilename : MemTurbo.EXE
Comments : http://www.memturbo.com
#:52 [winstatkeep.exe]
ModuleName : C:\Program Files\Windows AdStatus\WinStatKeep.exe
Command Line : "C:\Program Files\Windows AdStatus\WinStatKeep.exe"
ProcessID : 3772
ThreadCreationTime : 4/24/2005 11:35:11 PM
BasePriority : Normal
Warning! WindUpdates Object found in memory(C:\Program Files\Windows AdStatus\WinStatKeep.exe)
WindUpdates Object Recognized!
Type : Process
Data : WinStatKeep.exe
Category : Malware
Comment :
Object : C:\Program Files\Windows AdStatus\
"C:\Program Files\Windows AdStatus\WinStatKeep.exe"Process terminated successfully
"C:\Program Files\Windows AdStatus\WinStatKeep.exe"Process terminated successfully
#:53 [wmiprvse.exe]
ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe
Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding
ProcessID : 1948
ThreadCreationTime : 4/24/2005 11:37:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
#:54 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 504
ThreadCreationTime : 4/25/2005 12:57:03 AM
BasePriority : Normal
FileVersion : 4.7.2010
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2003
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:55 [mnybbsvc.exe]
ModuleName : C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnybbsvc.exe
Command Line : "C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnybbsvc.exe"
ProcessID : 2044
ThreadCreationTime : 4/25/2005 2:40:24 PM
BasePriority : Normal
FileVersion : 14.00.1105 built by: mnybuild
ProductVersion : 14.00.1105
ProductName : Microsoft® Money
CompanyName : Microsoft® Corporation
FileDescription : Microsoft Money Background Banking Service
InternalName : mnybbsvc
LegalCopyright : Copyright © Microsoft Corp. All rights reserved.
OriginalFilename : mnybbsvc.exe
#:56 [mypointspointalert1.exe]
ModuleName : C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert1.exe
Command Line : "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert1.exe"
ProcessID : 2136
ThreadCreationTime : 4/27/2005 5:02:29 AM
BasePriority : Normal
#:57 [aolsps~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSPS~1.EXE
Command Line : "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSPS~1.EXE"
ProcessID : 732
ThreadCreationTime : 4/29/2005 2:59:58 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe
#:58 [mypointspointalert0.exe]
ModuleName : C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe
Command Line : "C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"
ProcessID : 5196
ThreadCreationTime : 4/29/2005 6:03:40 PM
BasePriority : Normal
TopMoxie Object Recognized!
Type : Process
Data : MyPointsPointAlert0.exe
Category : Data Miner
Comment : (CSI MATCH)
Object : C:\Program Files\MyPoints_PointAlert\
Warning! TopMoxie Object found in memory(C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe)
"C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"Process terminated successfully
"C:\Program Files\MyPoints_PointAlert\MyPointsPointAlert0.exe"Process terminated successfully
#:59 [ypager.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ypager.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ypager.exe"
ProcessID : 4912
ThreadCreationTime : 4/29/2005 11:00:18 PM
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe
#:60 [sapisvr.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe"
ProcessID : 5584
ThreadCreationTime : 4/29/2005 11:00:19 PM
BasePriority : Normal
FileVersion : 5.1.4111.00 (XPClient.010817-1148)
ProductVersion : 5.1.4111.00
ProductName : Microsoft® Windows Operating System
CompanyName : Microsoft Corporation
FileDescription : SAPISVR 5
InternalName : SAPISVR5
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SAPISVR5
#:61 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -restart
ProcessID : 2324
ThreadCreationTime : 4/29/2005 11:35:15 PM
BasePriority : Normal
FileVersion : 0.1.0.3249
ProductVersion : 0.1.0.3249
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:62 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 5636
ThreadCreationTime : 4/30/2005 3:21:38 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 18
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.advertisementagent
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.advertisementagent
Value :
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.advertisementagent.1
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.advertisementagent.1
Value :
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.bannerlistitem
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.bannerlistitem
Value :
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.bannerlistitem.1
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.bannerlistitem.1
Value :
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.compositeitem
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.compositeitem
Value :
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.compositeitem.1
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.compositeitem.1
Value :
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.spotlistitem
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.spotlistitem
Value :
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.spotlistitem.1
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : adagent.spotlistitem.1
Value :
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{08e05eee-5ee9-11d4-9caf-00d0b76063fd}
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{08e05eee-5ee9-11d4-9caf-00d0b76063fd}
Value :
Hi-Wire Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{08e05eee-5ee9-11d4-9caf-00d0b76063fd}
Value : AppID
Hi-Wire Object Recognized!
Type : Regkey
Data :
Category : Misc
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{11032fc2-c2f4-11d3-ad67-009027b8adbc}
Hi-Wire Object Recognized!
Type : RegValue