Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 04, 2005 9:40:48 PM
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\PROGRA~1\Lavasoft\AD-AWA~1\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:38 %
Total physical memory:523628 kb
Available physical memory:195916 kb
Total page file size:1277644 kb
Available on page file:1052716 kb
Total virtual memory:2097024 kb
Available virtual memory:2042404 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
5-4-2005 9:40:48 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 668
ThreadCreationTime : 5-5-2005 4:04:57 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 736
ThreadCreationTime : 5-5-2005 4:05:04 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 760
ThreadCreationTime : 5-5-2005 4:05:04 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 804
ThreadCreationTime : 5-5-2005 4:05:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 816
ThreadCreationTime : 5-5-2005 4:05:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1008
ThreadCreationTime : 5-5-2005 4:05:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1096
ThreadCreationTime : 5-5-2005 4:05:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1192
ThreadCreationTime : 5-5-2005 4:05:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1292
ThreadCreationTime : 5-5-2005 4:05:07 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1392
ThreadCreationTime : 5-5-2005 4:05:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1616
ThreadCreationTime : 5-5-2005 4:05:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [ehsched.exe]
ModuleName : C:\WINDOWS\ehome\ehSched.exe
Command Line : C:\WINDOWS\ehome\ehSched.exe
ProcessID : 1720
ThreadCreationTime : 5-5-2005 4:05:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe
#:13 [navapsvc.exe]
ModuleName : c:\Program Files\Norton AntiVirus\navapsvc.exe
Command Line : "c:\Program Files\Norton AntiVirus\navapsvc.exe"
ProcessID : 1772
ThreadCreationTime : 5-5-2005 4:05:09 AM
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:14 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1812
ThreadCreationTime : 5-5-2005 4:05:09 AM
BasePriority : Normal
FileVersion : 6.14.10.4472
ProductVersion : 6.14.10.4472
ProductName : NVIDIA Driver Helper Service, Version 44.72
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 44.72
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:15 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 560
ThreadCreationTime : 5-5-2005 4:05:10 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:16 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1148
ThreadCreationTime : 5-5-2005 4:05:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:17 [ehtray.exe]
ModuleName : C:\WINDOWS\ehome\ehtray.exe
Command Line : "C:\WINDOWS\ehome\ehtray.exe"
ProcessID : 932
ThreadCreationTime : 5-5-2005 4:05:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe
#:18 [hpsysdrv.exe]
ModuleName : C:\windows\system\hpsysdrv.exe
Command Line : "c:\windows\system\hpsysdrv.exe"
ProcessID : 148
ThreadCreationTime : 5-5-2005 4:05:14 AM
BasePriority : Normal
FileVersion : 1, 7, 0, 0
ProductVersion : 1, 7, 0, 0
ProductName : hpsysdrv
CompanyName : Hewlett-Packard Company
FileDescription : hpsysdrv
InternalName : hpsysdrv
LegalCopyright : Copyright © 1998
OriginalFilename : hpsysdrv.exe
#:19 [hpqcmon.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
ProcessID : 972
ThreadCreationTime : 5-5-2005 4:05:14 AM
BasePriority : Normal
FileVersion : 2.0.0.133
ProductVersion : 2.0.0.133
ProductName : HpqCmon Application
FileDescription : HpqCmon MFC Application
InternalName : HpqCmon
LegalCopyright : Copyright © 2001
OriginalFilename : HpqCmon.EXE
#:20 [hphmon05.exe]
ModuleName : C:\WINDOWS\System32\hphmon05.exe
Command Line : "C:\WINDOWS\System32\hphmon05.exe"
ProcessID : 1056
ThreadCreationTime : 5-5-2005 4:05:15 AM
BasePriority : Normal
FileVersion : 5,0,84
ProductVersion : 5,0,84
ProductName : HP Photosmart
CompanyName : Hewlett-Packard
FileDescription : HPHmon05
InternalName : HPHmon05
LegalCopyright : Copyright © 2003
OriginalFilename : HPHmon05.exe
#:21 [kbd.exe]
ModuleName : C:\HP\KBD\KBD.EXE
Command Line : "C:\HP\KBD\KBD.EXE"
ProcessID : 1136
ThreadCreationTime : 5-5-2005 4:05:15 AM
BasePriority : High
#:22 [ccapp.exe]
ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ProcessID : 2136
ThreadCreationTime : 5-5-2005 4:05:20 AM
BasePriority : Normal
FileVersion : 1.03.15
ProductVersion : 1.03.15
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:23 [ehmsas.exe]
ModuleName : C:\WINDOWS\ehome\ehmsas.exe
Command Line : C:\WINDOWS\ehome\ehmsas.exe -Embedding
ProcessID : 2316
ThreadCreationTime : 5-5-2005 4:05:22 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe
#:24 [shwicon2k.exe]
ModuleName : C:\Program Files\Multimedia Card Reader\shwicon2k.exe
Command Line : "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
ProcessID : 2352
ThreadCreationTime : 5-5-2005 4:05:22 AM
BasePriority : Idle
FileVersion : 1, 0, 0, 6
ProductVersion : 1, 0, 0, 6
ProductName : Alcor Micro Sunkist
CompanyName : Alcor Micro, Corp.
FileDescription : Sunkist
InternalName : Sunkist
LegalCopyright : Copyright c 2002 - 2004
OriginalFilename : Sunkist.exe
#:25 [alcxmntr.exe]
ModuleName : C:\WINDOWS\ALCXMNTR.EXE
Command Line : "C:\WINDOWS\ALCXMNTR.EXE"
ProcessID : 2420
ThreadCreationTime : 5-5-2005 4:05:22 AM
BasePriority : Normal
FileVersion : 1.5
ProductVersion : 1.5
ProductName : Realtek Audio - Event Monitor
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Audio - Event Monitor
InternalName : Alcxmntr
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : Alcxmntr.exe
#:26 [ad-watch.exe]
ModuleName : C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
Command Line : "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
ProcessID : 2504
ThreadCreationTime : 5-5-2005 4:05:23 AM
BasePriority : Normal
FileVersion : 3.1.2.17
ProductVersion : 3.2
ProductName : Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Watch System Protector
InternalName : Ad-Watch.exe
LegalCopyright : 1999-2004 Team Lavasoft
OriginalFilename : Ad-Watch.exe
#:27 [sdmndll.exe]
ModuleName : C:\WINDOWS\SDMNDLL.EXE
Command Line : "C:\WINDOWS\SDMNDLL.EXE"
ProcessID : 2552
ThreadCreationTime : 5-5-2005 4:05:24 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Update Monitor
CompanyName : UpdateMonitor
FileDescription : Update Monitor
InternalName : UpdMon
OriginalFilename : UpdMon.exe
#:28 [sdmnenc.exe]
ModuleName : C:\WINDOWS\SDMNENC.EXE
Command Line : "C:\WINDOWS\SDMNENC.EXE"
ProcessID : 2560
ThreadCreationTime : 5-5-2005 4:05:24 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : System Monitor Service
CompanyName : System Service
FileDescription : SysMon
InternalName : SysMon
OriginalFilename : SysMon.exe
#:29 [ccevtmgr.exe]
ModuleName : c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Command Line : "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ProcessID : 2684
ThreadCreationTime : 5-5-2005 4:05:27 AM
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:30 [irhdai.exe]
ModuleName : c:\windows\system32\irhdai.exe
Command Line : "c:\windows\system32\irhdai.exe" ifzvmhp
ProcessID : 2780
ThreadCreationTime : 5-5-2005 4:05:28 AM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.
#:31 [hpqtra08.exe]
ModuleName : C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 2856
ThreadCreationTime : 5-5-2005 4:05:30 AM
BasePriority : Normal
FileVersion : 5.30.0.131
ProductVersion : 005.030.000.131
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)
#:32 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32 nView.dll,nViewInitialize
ProcessID : 2868
ThreadCreationTime : 5-5-2005 4:05:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:33 [backweb-137903.exe]
ModuleName : C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
Command Line : "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" -startup
ProcessID : 2952
ThreadCreationTime : 5-5-2005 4:05:31 AM
BasePriority : Normal
#:34 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 1896
ThreadCreationTime : 5-5-2005 4:29:36 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:35 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe"
ProcessID : 228
ThreadCreationTime : 5-5-2005 4:36:32 AM
BasePriority : Normal
FileVersion : 6.2.0.207
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:36 [wuauclt.exe]
ModuleName : C:\WINDOWS\system32\wuauclt.exe
Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[4a8]SUSDS0ee82c46ee8f2447ba5e7447ddfcb27a
ProcessID : 1924
ThreadCreationTime : 5-5-2005 4:40:25 AM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:37 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 3092
ThreadCreationTime : 5-5-2005 4:40:31 AM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 1
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
9:55:17 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:14:29.453
Objects scanned:184922
Objects identified:1
Objects ignored:0
New critical objects:1