Ad-Aware SE Build 1.05
Logfile Created on:Saturday, May 07, 2005 3:02:59 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R43 06.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin(TAC index:5):7 total references
Possible Browser Hijack attempt(TAC index:3):7 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R42 28.04.2005
Internal build : 49
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 466557 Bytes
Total size : 1403889 Bytes
Signature data size : 1373297 Bytes
Reference data size : 30080 Bytes
Signatures total : 39226
Fingerprints total : 836
Fingerprints size : 28245 Bytes
Target categories : 15
Target families : 654
5-7-2005 3:00:49 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R43 06.05.2005
Internal build : 50
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 467649 Bytes
Total size : 1414672 Bytes
Signature data size : 1383852 Bytes
Reference data size : 30308 Bytes
Signatures total : 39494
Fingerprints total : 847
Fingerprints size : 28739 Bytes
Target categories : 15
Target families : 663
5-7-2005 3:00:55 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:24 %
Total physical memory:523756 kb
Available physical memory:125140 kb
Total page file size:1280084 kb
Available on page file:1019088 kb
Total virtual memory:2097024 kb
Available virtual memory:2043704 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-7-2005 3:02:59 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 588
ThreadCreationTime : 5-6-2005 8:21:27 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 636
ThreadCreationTime : 5-6-2005 8:21:28 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 660
ThreadCreationTime : 5-6-2005 8:21:28 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 704
ThreadCreationTime : 5-6-2005 8:21:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 716
ThreadCreationTime : 5-6-2005 8:21:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 928
ThreadCreationTime : 5-6-2005 8:21:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1004
ThreadCreationTime : 5-6-2005 8:21:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1100
ThreadCreationTime : 5-6-2005 8:21:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1260
ThreadCreationTime : 5-6-2005 8:21:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1328
ThreadCreationTime : 5-6-2005 8:21:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1564
ThreadCreationTime : 5-6-2005 8:21:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1780
ThreadCreationTime : 5-6-2005 8:21:31 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [soundman.exe]
ModuleName : C:\WINDOWS\SOUNDMAN.EXE
Command Line : "C:\WINDOWS\SOUNDMAN.EXE"
ProcessID : 1900
ThreadCreationTime : 5-6-2005 8:21:32 PM
BasePriority : Normal
FileVersion : 5.1.0.24
ProductVersion : 5.1.0.24
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager
#:14 [tfswctrl.exe]
ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe
Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe"
ProcessID : 1956
ThreadCreationTime : 5-6-2005 8:21:32 PM
BasePriority : Normal
FileVersion : 3.50.31a
CompanyName : Sonic Solutions
FileDescription : Direct Access Component
LegalCopyright : Copyright © 2002 Sonic Solutions
#:15 [pccguide.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
ProcessID : 2000
ThreadCreationTime : 5-6-2005 8:21:32 PM
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCGuide
InternalName : PCCGuide
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCGuide
#:16 [pccclient.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
ProcessID : 2020
ThreadCreationTime : 5-6-2005 8:21:32 PM
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : PCCClient
InternalName : PCCClient
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : PCCClient
#:17 [pop3trap.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
ProcessID : 172
ThreadCreationTime : 5-6-2005 8:21:32 PM
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : POP3Trap
InternalName : POP3Trap
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : POP3Trap
#:18 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\rundll32.exe
Command Line : rundll32.exe nview.dll,nViewInitialize
ProcessID : 236
ThreadCreationTime : 5-6-2005 8:21:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE
#:19 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 240
ThreadCreationTime : 5-6-2005 8:21:32 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:20 [jusched.exe]
ModuleName : C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
Command Line : "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe"
ProcessID : 248
ThreadCreationTime : 5-6-2005 8:21:32 PM
BasePriority : Normal
#:21 [viewmgr.exe]
ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 348
ThreadCreationTime : 5-6-2005 8:21:32 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:22 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 376
ThreadCreationTime : 5-6-2005 8:21:33 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:23 [em_exec.exe]
ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe
Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe"
ProcessID : 460
ThreadCreationTime : 5-6-2005 8:21:33 PM
BasePriority : Normal
FileVersion : 9.79.025
ProductVersion : 9.79.025
ProductName : MouseWare
CompanyName : Logitech Inc.
FileDescription : Logitech Events Handler Application
InternalName : Em_Exec
LegalCopyright : © 1987-2003 Logitech. All rights reserved.
LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc.
OriginalFilename : Em_Exec.exe
Comments : Created by the MouseWare team
#:24 [ctfmon.exe]
ModuleName : C:\WINDOWS\system32\ctfmon.exe
Command Line : "C:\WINDOWS\system32\ctfmon.exe"
ProcessID : 472
ThreadCreationTime : 5-6-2005 8:21:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:25 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 1180
ThreadCreationTime : 5-6-2005 8:21:38 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:26 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1244
ThreadCreationTime : 5-6-2005 8:21:38 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:27 [nvsvc32.exe]
ModuleName : C:\WINDOWS\System32\nvsvc32.exe
Command Line : C:\WINDOWS\System32\nvsvc32.exe
ProcessID : 1280
ThreadCreationTime : 5-6-2005 8:21:38 PM
BasePriority : Normal
FileVersion : 6.14.10.5672
ProductVersion : 6.14.10.5672
ProductName : NVIDIA Driver Helper Service, Version 56.72
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.72
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:28 [tmntsrv.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe"
ProcessID : 1592
ThreadCreationTime : 5-6-2005 8:21:38 PM
BasePriority : Normal
FileVersion : 9.0.5.1389
ProductVersion : 9.0.5
ProductName : Trend Pc-cillin 9.0
CompanyName : Trend Micro Inc.
FileDescription : Tmntsrv
InternalName : Tmntsrv
LegalCopyright : Copyright © 2001-2002 Trend Micro Inc. All rights reserved.
LegalTrademarks : Copyright © Trend Micro Inc.
OriginalFilename : Tmntsrv.exe
#:29 [pccpfw.exe]
ModuleName : C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
Command Line : "C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe"
ProcessID : 2280
ThreadCreationTime : 5-6-2005 8:21:47 PM
BasePriority : Normal
#:30 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 2448
ThreadCreationTime : 5-6-2005 8:21:53 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:31 [aim.exe]
ModuleName : C:\Program Files\AIM\aim.exe
Command Line : "C:\Program Files\AIM\aim.exe" -Embedding
ProcessID : 2756
ThreadCreationTime : 5-6-2005 8:22:00 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:32 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 3336
ThreadCreationTime : 5-6-2005 8:22:26 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:33 [pdvdserv.exe]
ModuleName : C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
Command Line : "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
ProcessID : 3520
ThreadCreationTime : 5-7-2005 9:48:39 AM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE
#:34 [firefox.exe]
ModuleName : C:\Program Files\Mozilla Firefox\firefox.exe
Command Line : "C:\Program Files\Mozilla Firefox\firefox.exe"
ProcessID : 3304
ThreadCreationTime : 5-7-2005 9:53:19 AM
BasePriority : Normal
#:35 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 1472
ThreadCreationTime : 5-7-2005 10:00:27 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8790676&id=5.0"
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drs...8790676&id=5.0"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8790676&id=5.0"
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drs...8790676&id=5.0"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchSearchAssistantwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8790676&id=5.0"
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : SearchAssistant
Data : "http://websearch.drs...8790676&id=5.0"
Possible Browser Hijack attempt : Software\Microsoft\Internet Explorer\SearchCustomizeSearchwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8790676&id=5.0"
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Search
Value : CustomizeSearch
Data : "http://websearch.drs...8790676&id=5.0"
Possible Browser Hijack attempt : S-1-5-21-1085031214-299502267-725345543-1003\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8790676&id=5.0"
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-299502267-725345543-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drs...8790676&id=5.0"
Possible Browser Hijack attempt : S-1-5-21-1085031214-299502267-725345543-1003\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...8790676&id=5.0"
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-299502267-725345543-1003\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drs...8790676&id=5.0"
Possible Browser Hijack attempt : S-1-5-21-1085031214-299502267-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL.shopnav.com
Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.shopnav.com/q.cgi?q="
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-1085031214-299502267-725345543-1003\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.shopnav.com/q.cgi?q="
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 8
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : k@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 5-5-2010 7:35:02 PM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 9
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin Object Recognized!
Type : File
Data : wupdt.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\K\Local Settings\Temp\THI1229.tmp\
ImIServer IEPlugin Object Recognized!
Type : File
Data : wupdt.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\K\Local Settings\Temp\THI6589.tmp\
ImIServer IEPlugin Object Recognized!
Type : File
Data : wupdt.exe
Category : Data Miner
Comment :
Object : C:\Documents and Settings\K\Local Settings\Temp\THIF82.tmp\
ImIServer IEPlugin Object Recognized!
Type : File
Data : A0047378.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{3E847112-C042-41B5-A2AD-F3030C98CFE0}\RP267\
VX2 Object Recognized!
Type : File
Data : A0047483.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{3E847112-C042-41B5-A2AD-F3030C98CFE0}\RP269\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.
ImIServer IEPlugin Object Recognized!
Type : File
Data : A0050525.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{3E847112-C042-41B5-A2AD-F3030C98CFE0}\RP297\
VX2 Object Recognized!
Type : File
Data : A0051764.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{3E847112-C042-41B5-A2AD-F3030C98CFE0}\RP300\
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 12
ProductName : Install Utility
CompanyName : BetterInternet, Inc.
FileDescription : www.abetterinternet.com - Utility for downloading files and upgrading software.
InternalName : Install Utility
LegalCopyright : BetterInternet, Inc. © 2004
OriginalFilename : InstUtil.exe
Comments : Utility for downloading files and upgrading software. Visit www.abetterinternet.com for more info.
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 16
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 16
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
ImIServer IEPlugin Object Recognized!
Type : File
Data : lu.dat
Category : Data Miner
Comment :
Object : C:\WINDOWS\
ImIServer IEPlugin Object Recognized!
Type : File
Data : redir.txt
Category : Data Miner
Comment :
Object : C:\WINDOWS\
VX2 Object Recognized!
Type : File
Data : farmmext.ini
Category : Malware
Comment :
Object : C:\WINDOWS\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 19
3:14:22 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:11:22.625
Objects scanned:233968
Objects identified:19
Objects ignored:0
New critical objects:19