Ad-aware log:
Ad-Aware SE Build 1.05
Logfile Created on:Sunday, May 01, 2005 12:56:36 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):2 total references
Rads01.Quadrogram(TAC index:6):1 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:54 %
Total physical memory:523276 kb
Available physical memory:280252 kb
Total page file size:754732 kb
Available on page file:552572 kb
Total virtual memory:2097024 kb
Available virtual memory:2047120 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects
5-1-2005 12:56:36 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 452
ThreadCreationTime : 5-1-2005 5:27:05 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 508
ThreadCreationTime : 5-1-2005 5:27:07 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 532
ThreadCreationTime : 5-1-2005 5:27:08 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 576
ThreadCreationTime : 5-1-2005 5:27:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 588
ThreadCreationTime : 5-1-2005 5:27:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 732
ThreadCreationTime : 5-1-2005 5:27:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 788
ThreadCreationTime : 5-1-2005 5:27:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 828
ThreadCreationTime : 5-1-2005 5:27:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 900
ThreadCreationTime : 5-1-2005 5:27:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 960
ThreadCreationTime : 5-1-2005 5:27:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1052
ThreadCreationTime : 5-1-2005 5:27:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [navapsvc.exe]
ModuleName : C:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1176
ThreadCreationTime : 5-1-2005 5:27:10 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:13 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1200
ThreadCreationTime : 5-1-2005 5:27:10 AM
BasePriority : Normal
FileVersion : 6.13.10.2911
ProductVersion : 6.13.10.2911
ProductName : NVIDIA Driver Helper Service, Version 29.11
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 29.11
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:14 [symwsc.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"
ProcessID : 1364
ThreadCreationTime : 5-1-2005 5:27:10 AM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:15 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1532
ThreadCreationTime : 5-1-2005 5:27:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 376
ThreadCreationTime : 5-1-2005 5:28:27 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:17 [bcmsmmsg.exe]
ModuleName : C:\WINDOWS\BCMSMMSG.exe
Command Line : "C:\WINDOWS\BCMSMMSG.exe"
ProcessID : 484
ThreadCreationTime : 5-1-2005 5:28:29 AM
BasePriority : Normal
FileVersion : 3.5.25 08/27/2003 20:04:35
ProductVersion : 3.5.25 08/27/2003 20:04:35
ProductName : BCM Modem Messaging Applet
CompanyName : Broadcom Corporation
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © Broadcom Corporation 1998-2000
OriginalFilename : smdmstat.exe
#:18 [navapw32.exe]
ModuleName : C:\PROGRA~1\NORTON~1\navapw32.exe
Command Line : "C:\PROGRA~1\NORTON~1\navapw32.exe"
ProcessID : 492
ThreadCreationTime : 5-1-2005 5:28:29 AM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE
#:19 [damon.exe]
ModuleName : C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
Command Line : "C:\Program Files\Dell\Support\Alert\bin\DAMon.exe"
ProcessID : 552
ThreadCreationTime : 5-1-2005 5:28:30 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 1
ProductName : MessageApp Application
FileDescription : MessageApp MFC Application
InternalName : MessageApp
LegalCopyright : Copyright © 2001
OriginalFilename : MessageApp.EXE
#:20 [hpztsb10.exe]
ModuleName : C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
Command Line : "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe"
ProcessID : 700
ThreadCreationTime : 5-1-2005 5:28:30 AM
BasePriority : Normal
FileVersion : 2.323.0.0
ProductVersion : 2.323.0.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2004
#:21 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 864
ThreadCreationTime : 5-1-2005 5:28:31 AM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.4
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HpCmpMgr.exe
#:22 [rvmpnp.exe]
ModuleName : C:\WINDOWS\system32\rvmpnp.exe
Command Line : "C:\WINDOWS\system32\rvmpnp.exe"
ProcessID : 1000
ThreadCreationTime : 5-1-2005 5:28:31 AM
BasePriority : Normal
#:23 [dlg.exe]
ModuleName : C:\Program Files\Digital Line Detect\DLG.exe
Command Line : "C:\Program Files\Digital Line Detect\DLG.exe"
ProcessID : 1516
ThreadCreationTime : 5-1-2005 5:28:32 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BVRP Software TestLine
CompanyName : BVRP Software
FileDescription : Digital Line Detection
InternalName : TestLine
LegalCopyright : Copyright © 2001
OriginalFilename : TestLine.exe
#:24 [msn.exe]
ModuleName : C:\Program Files\MSN\MSNCoreFiles\msn.exe
Command Line : "C:\Program Files\MSN\MSNCoreFiles\msn.exe"
ProcessID : 180
ThreadCreationTime : 5-1-2005 5:41:27 AM
BasePriority : Normal
FileVersion : 9.10.0011.1703
ProductVersion : 9.10.0011.1703
ProductName : Microsoft® MSN ® Communications System
CompanyName : Microsoft Corporation
FileDescription : msn
InternalName : msn
LegalCopyright : Copyright © Microsoft Corp. 1981-2003
OriginalFilename : msn.exe
#:25 [logonmgr.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\logonmgr.exe" -Embedding
ProcessID : 860
ThreadCreationTime : 5-1-2005 5:41:29 AM
BasePriority : Normal
FileVersion : 2.0.0160.0
ProductVersion : 2.0.0160.0
ProductName : MSN® Internet Access
CompanyName : Microsoft Corporation.
FileDescription : MSN® Internet Access
InternalName : logonmgr.dll
LegalCopyright : Copyright © 1995-2004 Microsoft Corporation.
OriginalFilename : logonmgr.dll
#:26 [msncc.exe]
ModuleName : C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe
Command Line : "C:\Program Files\MSN\MSNIA\CC\MSNCC\msncc.exe" -Embedding
ProcessID : 920
ThreadCreationTime : 5-1-2005 5:41:29 AM
BasePriority : Normal
FileVersion : 2.0.0160.0
ProductVersion : 2.0.0160.0
ProductName : MSN® Connection Center
CompanyName : Microsoft Corporation
FileDescription : MSN® Connection Center
InternalName : msncc.exe
LegalCopyright : Copyright © 1995-2004 Microsoft Corporation. All rights reserved.
OriginalFilename : msncc.exe
#:27 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" -Embedding
ProcessID : 2164
ThreadCreationTime : 5-1-2005 5:42:00 AM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:28 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2836
ThreadCreationTime : 5-1-2005 5:55:51 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar [email protected][1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:omar [email protected]/
Expires : 5-1-2006 12:45:02 AM
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : omar abuzzahab@atdmt[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:omar [email protected]/
Expires : 4-29-2010 7:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy Object Recognized!
Type : File
Data : A0074473.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP879\
FileVersion : 1, 0, 1, 0
ProductVersion : 1, 0, 1, 0
BargainBuddy Object Recognized!
Type : File
Data : A0074474.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP879\
Rads01.Quadrogram Object Recognized!
Type : File
Data : A0074475.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP879\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5
1:14:05 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:17:28.843
Objects scanned:322094
Objects identified:5
Objects ignored:0
New critical objects:5